LeakIX - Host 2.16.204.85

Host 2.16.204.85

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

AkamaiNetStorage

tcp/443

BigIP

tcp/80

endress

tcp/443

nginx nginx

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: services02-stage.moneymatrix.com
Port: 443
URL: https://services02-stage.moneymatrix.com

First seen 2025-11-05 06:44
Last seen 2026-01-15 11:51
Open for 71 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549550520811d0b040b60994b96d328a425a98ff7c5
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Notification/cancel/{reference}
GET /api/Notification/fail/{reference}
GET /api/Notification/success/{reference}
GET /api/Vendor/history/{vendorName}
GET /api/Vendor/request/{vendorName}/{vendorMethod}
POST /api/Auth/token
POST /api/Internal/init
POST /api/Notification/callback/{reference}
POST /api/Notification/status/{reference}
POST /api/Vendor/ProcessVendorRequest
POST /api/Vendor/RegisterVendorTemplate
POST /api/Vendor/monolith/callback/success
POST /api/Vendor/monolith/checkstatus/success
POST /api/Vendor/notify/{vendorName}/{notificationUrl}
```
  Found on 2026-01-15 11:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: appfenix.sivale.mx
Port: 443
URL: https://appfenix.sivale.mx

First seen 2025-10-21 00:04
Last seen 2026-01-09 20:43
Open for 80 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b90b5b6d306bdab53a4b85e1a2c4d5583f3da8edd

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/user/{email}/card/{cardNumber}
DELETE /api/user/{id}
GET /accountstatement/available/{cardNumber}
GET /accountstatement/download/{cardNumber}/{idAccount}
GET /accountstatement/download64/{cardNumber}/{idAccount}
GET /api/appconfig
GET /api/appconfig/
GET /api/appconfig/{email}
GET /api/blacklist/list
GET /api/cards/{cardNumber}/code
GET /api/cards/{cardNumber}/nipcode
GET /api/cards/{cardPrefix}/type
GET /api/health/
GET /api/kyc/contract/{type}
GET /api/kyc/ocr
GET /api/kyc/status
GET /api/kyc/tests
GET /api/kyc/user/name
GET /api/tekae/requestToken
GET /api/user/getBitacoraAvisoApp
GET /api/user/linkedmail/{cardNumber}
GET /api/user/params
GET /api/user/{email}/card/{cardNumber}/balance-transactions
GET /api/user/{email}/card/{cardNumber}/cvv
GET /api/user/{email}/card/{cardNumber}/nip
GET /api/user/{email}/card/{cardNumber}/upbb/status
GET /api/user/{email}/ng/status
GET /api/v2/cancellation/letterinfo
GET /api/v2/cancellation/status
GET /api/v2/cards/{cardNumber}/balance
GET /api/v2/cards/{cardNumber}/limits
GET /api/v2/cards/{cardNumber}/status
GET /api/v2/cards/{cardNumber}/transactions
GET /api/v2/foo
GET /api/v2/lastsignin
GET /api/v2/spei/catalogo-instituciones
GET /api/v2/spei/contacts
GET /api/v2/spei/limits
GET /api/v2/spei/valid/transaction
GET /api/v2/spei/validate/accountnumber
GET /keys
GET /keys/ms
GET /test/hello
PATCH /api/user/updateUserApp
POST /B2C/otp/generate
POST /B2C/otp/validate
POST /B2C/otp/validatePass
POST /accountstatement/send/{cardNumber}/{idAccount}
POST /accountstatement/v2/available/cardNumber
POST /accountstatement/v2/download/cardNumber
POST /accountstatement/v2/download64/pdf/
POST /accountstatement/v2/send/account/statement
POST /api/appconfig/v2
POST /api/appconfig/v2/email
POST /api/blacklist/addList
POST /api/blacklist/onList
POST /api/blacklist/setActive
POST /api/blacklist/v2/addList
POST /api/blacklist/v2/onList
POST /api/blacklist/v2/setActive
POST /api/cards/v2/cardNumber/code
POST /api/cards/v2/cardNumber/off
POST /api/cards/v2/cardNumber/on
POST /api/cards/v2/cardNumber/state
POST /api/cards/v2/cardPrefix/type
POST /api/cards/v2/nipcode
POST /api/cards/{cardNumber}/off
POST /api/cards/{cardNumber}/on
POST /api/cards/{cardNumber}/state
POST /api/identity/update
POST /api/identity/v2/update
POST /api/kyc/beneficiarios
POST /api/kyc/contract
POST /api/kyc/geo/{email}
POST /api/kyc/id
POST /api/kyc/peps
POST /api/kyc/perfiltransaccional
POST /api/kyc/test/add/{email}
POST /api/kyc/test/{email}
POST /api/kyc/test/{num}/{email}
POST /api/kyc/unblock/{email}
POST /api/kyc/user/info
POST /api/kyc/v2/beneficiarios
POST /api/kyc/v2/contract
POST /api/kyc/v2/contract/generate
POST /api/kyc/v2/geo
POST /api/kyc/v2/id
POST /api/kyc/v2/ocr
POST /api/kyc/v2/peps
POST /api/kyc/v2/perfiltransaccional
POST /api/kyc/v2/status
POST /api/kyc/v2/tests
POST /api/kyc/v2/unblock/email
POST /api/kyc/v2/user/info
POST /api/kyc/v2/user/name
POST /api/kyc/webhook
POST /api/link-cardV3
POST /api/passcodeAuthentication/requestPasscode
POST /api/passcodeAuthentication/v2/requestPasscode
POST /api/passcodeAuthentication/v2/validatePasscode
POST /api/passcodeAuthentication/validatePasscode
POST /api/reentarjetado/saldo
POST /api/reentarjetado/v2/saldo
POST /api/session/active/{foo}
POST /api/session/auth
POST /api/session/login
POST /api/session/logout
POST /api/session/onBlackList
POST /api/session/passwordreset
POST /api/session/v2/active/foo
POST /api/session/v2/auth
POST /api/session/v2/login
POST /api/session/v2/logout
POST /api/tekae/v2/requestToken
POST /api/user/binnacle
POST /api/user/bitacoraAvisoApp
POST /api/user/disassociate-card/generaOTPConfirmacion
POST /api/user/disassociate-card/validaOTPAutenticacion
POST /api/user/disassociate-card/validaOTPConfirmacion
POST /api/user/obdstatus
POST /api/user/replace/{email}/card/{cardNumber}
POST /api/user/upbb/cardSegment
POST /api/user/upbb/cardSegment/validation
POST /api/user/v2/card/balance-transactions
POST /api/user/v2/card/cvv
POST /api/user/v2/card/nip
POST /api/user/v2/card/upbb/status
POST /api/user/v2/cuenta-clabe
POST /api/user/v2/email/card/cardNumber
POST /api/user/v2/email/cardslist
POST /api/user/v2/email/onboarding/status
POST /api/user/v2/email/profile
POST /api/user/v2/email/ubb
POST /api/user/v2/linkedmail/cardNumber
POST /api/user/v2/replace/card
POST /api/user/{email}/profile
POST /api/user/{email}/ubb
POST /api/v2/associate-card/hasCards
POST /api/v2/associate-card/showCardUpdate
POST /api/v2/associate-card/validateCurp
POST /api/v2/cancellation/concentletter
POST /api/v2/cancellation/start
POST /api/v2/cancellation/transfer
POST /api/v2/cards/cardNumber/limits
POST /api/v2/cards/limits
POST /api/v2/cards/limits/card
POST /api/v2/contact-info/user
POST /api/v2/contact-info/user/type
POST /api/v2/curp/contactInfo
POST /api/v2/curp/validate
POST /api/v2/delete-notification
POST /api/v2/delete-notifications
POST /api/v2/delete/account
POST /api/v2/delete/account/b2c
POST /api/v2/detail-notification
POST /api/v2/get/cancellation/letterinfo
POST /api/v2/get/cards/alltransactions
POST /api/v2/get/cards/balance
POST /api/v2/get/cards/status
POST /api/v2/get/cards/transactions
POST /api/v2/indicador
POST /api/v2/init/cancellation/
POST /api/v2/migration/initiate
POST /api/v2/onboarding/step
POST /api/v2/otp/autenticacion
POST /api/v2/otp/generateCode
POST /api/v2/otp/generateV2
POST /api/v2/otp/valida-autenticacion
POST /api/v2/otp/valida-confirmacion
POST /api/v2/otp/validateCode
POST /api/v2/pending-notifications
POST /api/v2/save/cancellation/concentletter
POST /api/v2/save/cancellation/transfer
POST /api/v2/search-notifications
POST /api/v2/spei/add-contact
POST /api/v2/spei/add/contact
POST /api/v2/spei/delete-contact
POST /api/v2/spei/delete/contact
POST /api/v2/spei/favorite-contact
POST /api/v2/spei/favorite/contact
POST /api/v2/spei/get/limits
POST /api/v2/spei/out
POST /api/v2/spei/out-vo
POST /api/v2/spei/set/limits
POST /api/v2/spei/valid-transaction
POST /api/v2/spei/validate-accountnumber
POST /api/v2/status/cancellation
POST /api/v3/unlink-card
POST /b2cauth/biometricLogin
POST /b2cauth/createUser
POST /b2cauth/find-by-email
POST /b2cauth/login
POST /b2cauth/logout
POST /b2cauth/refreshToken
POST /b2cauth/update-password
POST /b2cauth/validate-email
POST /bitTycAviso/guardar
POST /credencial/v1/getBalance
POST /credencial/v1/getBalancewithMovements
POST /credencial/v1/getCardCvc
POST /credencial/v1/getCardStatus
POST /credencial/v1/getCardpin
POST /credencial/v1/turnOff
POST /credencial/v1/turnOn
POST /v3/accountstatement/available/cardNumber
POST /v3/accountstatement/checkStatus
POST /v3/accountstatement/download/cardNumber
POST /v3/accountstatement/download64/pdf
POST /v3/accountstatement/otp/generate
POST /v3/accountstatement/send/account/statement
POST /v3/accountstatement/validate
PUT /api/user/params/{id}
PUT /v3/accountstatement/accounts/configuration

Found on 2026-01-09 20:43

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: transfersv.sivale.mx
Port: 443
URL: https://transfersv.sivale.mx

First seen 2025-10-21 00:04
Last seen 2026-01-09 20:19
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd110a331ecc04463cd27f8862bb61fe814fc960c8a2ea7d491
```
Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /proxy/files/isfileexists/{folder}
GET /proxy/files/{folder}
GET /proxy/folders
GET /proxy/folders/{folder}
GET /proxy/listFiles/{folder}
GET /proxy/profile
GET /proxy/serverInfo
POST /proxy/changeMyPassword
POST /proxy/files/deleteMultipleFiles/{folder}
POST /proxy/files/downloadMultipleByZipFile
POST /proxy/files/verifyFilesConflicts/{folder}
POST /proxy/log
POST /proxy/login
POST /proxy/logout
PUT /proxy/files/move/{folder}/{destFolder}
```
  Found on 2026-01-09 20:19
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: fortunauat.generalicentrallife.com
Port: 443
URL: https://fortunauat.generalicentrallife.com

First seen 2025-10-14 11:17
Last seen 2026-01-09 19:05
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 19:05
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: dev-backend-app.generalicentrallife.com
Port: 443
URL: https://dev-backend-app.generalicentrallife.com

First seen 2025-10-14 11:17
Last seen 2026-01-09 16:18
Open for 87 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549322547cc980ea6967852bf7284994d500a097008

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/Decryption
POST /api/Encryption
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/FgExternalApi/getLeadDetailsByHerokuId
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/proceedToLoginInAtlas
POST /api/updateLeadStatus
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2026-01-09 16:18

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549322547cc980ea6967852bf7284994d500eb714a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/FgExternalApi/getLeadDetailsByHerokuId
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/proceedToLoginInAtlas
POST /api/updateLeadStatus
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2025-12-02 06:04

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549322547cc980ea6967852bf7284994d50e9984b3d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/FgExternalApi/getLeadDetailsByHerokuId
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/proceedToLoginInAtlas
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2025-11-20 06:12

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549322547cc980ea6967852bf7284994d50629f3da8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/proceedToLoginInAtlas
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2025-11-17 04:16

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549322547cc980ea6967852bf7284994d503b7beba8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2025-11-10 17:32

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ff9978ae9554382f4644945f2d21b7ad64e4776e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Encrypt
GET /api/FDRyze/getAllDidYouKnow
GET /api/FgExternalApi/dynamicFieldList
GET /api/FgExternalApi/validateDynamicFieldList
GET /api/GetChildEducationCalculatorDetails
GET /api/GetChildMarrExpCalculatorDetails
GET /api/GetFNADetails
GET /api/GetHumanLifeValueCalculatorDetails
GET /api/GetLifestyleGoalCalculatorDetails
GET /api/GetRetirementCalculatorDetails
GET /api/getAAAArticleDetails
GET /api/getArticleDetails
GET /api/getChildDetailsByLeadId
GET /api/getMasterData
GET /api/getMasterDataByTbl
GET /api/getProductBIJourneyDetails
GET /api/getUserRecommendedProducts
POST /api/DecryptString
POST /api/FDRyze/WhyThisProduct/recommendation
POST /api/FDRyze/fetchCustomerSummary
POST /api/FDRyze/full-product-analysis
POST /api/FDRyze/getProductComparison
POST /api/FDRyze/getProductRecommendations
POST /api/FDRyze/getRecommendationsDidYouKnow
POST /api/FgExternalApi/GetAgentDetail
POST /api/FgExternalApi/downloadBI
POST /api/FgExternalApi/generateBI
POST /api/ValidateUser
POST /api/cloneJourney
POST /api/getDashboardOverviewDetails
POST /api/getLeadDetailsByLeadId
POST /api/getLeadDetailsByUserId
POST /api/getProductRecommendations
POST /api/getReportDetailsForFNAJourney
POST /api/upsertChildEducationCalculator
POST /api/upsertChildMarrExpCalculator
POST /api/upsertFNAPersonalDetails
POST /api/upsertFNAPreferencesGoalsDetails
POST /api/upsertHumanLifeValueCalculator
POST /api/upsertLeadDetails
POST /api/upsertLifestyleGoalCalculator
POST /api/upsertProductBIJourneyDetails
POST /api/upsertRetirementCalculator
POST /api/upsertUserRecommendedProducts

Found on 2025-10-24 16:02

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: wait.ticketmaster.sg
Port: 443
URL: https://wait.ticketmaster.sg

First seen 2025-11-13 05:14
Last seen 2026-01-09 11:37
Open for 57 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549b03f69c2f1a3be85cc87e77b844fe671c3ab720c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/queue/customdata/{customerId}/key/{eventId}/{key}
GET /api/queue/customdata/{customerId}/queueid/{queueId}
GET /api/queue/customdata/{customerId}/token/{tokenIdentifier}
GET /api/queue/queueitem/{customerId}/key/{eventId}/{key}
GET /api/queue/queueitem/{customerId}/queueid/{queueId}
GET /api/queue/queueitem/{customerId}/token/{tokenIdentifier}
PUT /api/queue/queueitem/{customerId}/queueid/{queueId}/cancel
```
  Found on 2026-01-09 11:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: delta.generalicentrallife.com
Port: 443
URL: https://delta.generalicentrallife.com

First seen 2025-10-14 11:17
Last seen 2026-01-09 10:59
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 10:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: services-stage.moneymatrix.com
Port: 443
URL: https://services-stage.moneymatrix.com

First seen 2025-10-21 09:41
Last seen 2026-01-09 08:21
Open for 79 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549550520811d0b040b60994b96d328a425a98ff7c5
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Notification/cancel/{reference}
GET /api/Notification/fail/{reference}
GET /api/Notification/success/{reference}
GET /api/Vendor/history/{vendorName}
GET /api/Vendor/request/{vendorName}/{vendorMethod}
POST /api/Auth/token
POST /api/Internal/init
POST /api/Notification/callback/{reference}
POST /api/Notification/status/{reference}
POST /api/Vendor/ProcessVendorRequest
POST /api/Vendor/RegisterVendorTemplate
POST /api/Vendor/monolith/callback/success
POST /api/Vendor/monolith/checkstatus/success
POST /api/Vendor/notify/{vendorName}/{notificationUrl}
```
  Found on 2026-01-09 08:21
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.85
Domain: graph.staging.nu.nl
Port: 443
URL: https://graph.staging.nu.nl

First seen 2025-10-18 07:34
Last seen 2026-01-02 16:55
Open for 76 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa38cbe4f427905dd520ec8d41ec700cbad276d62f4

GraphQL introspection enabled at /graphql
Types: 354 (by kind: ENUM: 59, INPUT_OBJECT: 5, INTERFACE: 7, OBJECT: 249, SCALAR: 10, UNION: 24)
Operations:
- Query: Query | fields: actionMenuById, blockPageByCursor, changedBlocksByLiveblogId, colorThemes, fontInfo
- Mutation: Mutation | fields: handleAction, handleEvent, handleEventFromWebview, handleQuestionFormData
Directives: default, defaultOption, deprecated, include, maxRecursionDepth, obsolete, shouldBeSet, skip, specifiedBy, usedby (total: 11)

Readable stores: 0

Found on 2026-01-02 16:55

371.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3ec246732e0fa7cc217446c0ed806d7fdf5c39f84

GraphQL introspection enabled at /graphql
Types: 353 (by kind: ENUM: 59, INPUT_OBJECT: 5, INTERFACE: 7, OBJECT: 248, SCALAR: 10, UNION: 24)
Operations:
- Query: Query | fields: actionMenuById, blockPageByCursor, changedBlocksByLiveblogId, colorThemes, fontInfo
- Mutation: Mutation | fields: handleAction, handleEvent, handleEventFromWebview, handleQuestionFormData
Directives: default, defaultOption, deprecated, include, maxRecursionDepth, obsolete, shouldBeSet, skip, specifiedBy, usedby (total: 11)

Readable stores: 0

Found on 2025-11-16 14:26

371.1 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.85
Domain: ws-var1944.var.fr
Port: 443
URL: https://ws-var1944.var.fr

First seen 2025-12-14 02:48
Last seen 2026-01-02 12:52
Open for 19 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
  Found on 2026-01-02 12:52
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: wait.ticketmaster.sg
Port: 80
URL: http://wait.ticketmaster.sg

First seen 2025-11-13 05:14
Last seen 2026-01-02 02:38
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549b03f69c2f1a3be85cc87e77b844fe671c3ab720c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/queue/customdata/{customerId}/key/{eventId}/{key}
GET /api/queue/customdata/{customerId}/queueid/{queueId}
GET /api/queue/customdata/{customerId}/token/{tokenIdentifier}
GET /api/queue/queueitem/{customerId}/key/{eventId}/{key}
GET /api/queue/queueitem/{customerId}/queueid/{queueId}
GET /api/queue/queueitem/{customerId}/token/{tokenIdentifier}
PUT /api/queue/queueitem/{customerId}/queueid/{queueId}/cancel
```
  Found on 2026-01-02 02:38
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.85
Domain: bff.voompplay.dev.br
Port: 443
URL: https://bff.voompplay.dev.br

First seen 2025-10-31 04:06
Last seen 2025-12-30 10:31
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34e73f807ea475db5dd83db64e87f94b05ac56ce2

GraphQL introspection enabled at /graphql
Types: 141 (by kind: ENUM: 7, INPUT_OBJECT: 32, OBJECT: 97, SCALAR: 5)
Operations:
- Query: Query | fields: login, me, meta, notificationCount, notificationList
- Mutation: Mutation | fields: lessonRating, notificationRead, notificationReadAll, passwordRecovery, remove
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-12-30 10:31

179.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa30e9e24f570d194f7fe798c56255d801aac11cfac

GraphQL introspection enabled at /graphql
Types: 142 (by kind: ENUM: 7, INPUT_OBJECT: 33, OBJECT: 97, SCALAR: 5)
Operations:
- Query: Query | fields: login, me, meta, notificationCount, notificationList
- Mutation: Mutation | fields: lessonRating, notificationRead, notificationReadAll, passwordRecovery, remove
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-30 16:35

178.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa30e9e24f570d194f7fb86dcb733f2da73b7896f3f

GraphQL introspection enabled at /graphql
Types: 142 (by kind: ENUM: 7, INPUT_OBJECT: 33, OBJECT: 97, SCALAR: 5)
Operations:
- Query: Query | fields: login, me, notificationCount, notificationList, notificationListAll
- Mutation: Mutation | fields: lessonRating, notificationRead, notificationReadAll, passwordRecovery, remove
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-12 16:03

178.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c408dcbdcf54785f7aa1a0dfc6d966fbea38c147

GraphQL introspection enabled at /graphql
Types: 136 (by kind: ENUM: 7, INPUT_OBJECT: 28, OBJECT: 96, SCALAR: 5)
Operations:
- Query: Query | fields: login, me, notificationCount, notificationList, notificationListAll
- Mutation: Mutation | fields: lessonRating, notificationRead, notificationReadAll, passwordRecovery, remove
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-03 13:09

171.6 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.85
Domain: developerportal-api.csiweb.cloud
Port: 443
URL: https://developerportal-api.csiweb.cloud

First seen 2025-11-13 05:21
Last seen 2025-12-26 12:11
Open for 43 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549058f0157a1016c246d2aa414bf76b852ab27c538

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Attachment/{attachmentId}
DELETE /Status/subscriptions/{service}
GET /ApiRelease/{apiName}
GET /ApiVersionSets/{versionSetId}
GET /IdentityProviders
GET /PortalSettings/signup
GET /Products
GET /Products/{productName}
GET /Products/{productName}/apis
GET /Reports/ByApi
GET /Reports/ByGeo
GET /Reports/ByOperation
GET /Reports/ByProduct
GET /Reports/ByRequest
GET /Reports/ByTime
GET /Search
GET /Status/subscriptions
GET /Subscriptions
GET /Subscriptions/{subscriptionId}
GET /Tenant/settings
GET /apis
GET /apis/apisByTags
GET /apis/{apiName}
GET /apis/{apiName}/hostnames
GET /apis/{apiName}/operations
GET /apis/{apiName}/operations/{operationName}
GET /apis/{apiName}/operations/{operationName}/tags
GET /apis/{apiName}/operationsByTags
GET /apis/{apiName}/products
GET /apis/{apiName}/releases
GET /apis/{apiName}/schemas
GET /apis/{apiName}/schemas/{schemaId}
GET /email-subscriptions
GET /feature-flags
GET /health-status
GET /health-status-services
GET /identity
GET /refresh-token
POST /Attachment
POST /Subscriptions/{subscriptionId}/listSecrets
POST /Subscriptions/{subscriptionId}/regeneratePrimaryKey
POST /UserForm
POST /support-cases

Found on 2025-12-26 12:11

Create report

Open service 2.16.204.85:443 · euh5-qas.euhreka.com

2026-01-13 00:07

HTTP/1.1 403 Forbidden
Content-Type: text/html
Pragma: no-cache
Date: Tue, 13 Jan 2026 00:07:55 GMT
Connection: close
Set-Cookie: ApplicationGatewayAffinityCORS=f4010c67fc599e020f1b77cd87db1ee4; Path=/; SameSite=None; Secure
Set-Cookie: ApplicationGatewayAffinity=f4010c67fc599e020f1b77cd87db1ee4; Path=/

Page title: SAP

<html>
<head>
<title>SAP</title>
<style>
h1 {
font: 11pt tahoma, arial, helvetica, sans-serif;
text-decoration: none;
font-style: normal;
font-weight: bold;
color:#003366;
}
p {
font-family: tahoma, arial, helvetica, sans-serif;
font-size: 8pt;
text-decoration: none;
font-style: normal;
font-weight: normal;
margin-top: 0px;
color: #333333;
}
</style>
</head>
<body>
<p style="text-align: left;"><img src="http://www.sap.com/global/images/sap_logo.gif"></p>
<table>
<tr>
<td><h1>Unser Service ist zurzeit leider nicht verfuegbar. Bitte versuchen Sie es spaeter noch einmal.</h1>
<p>Wir entschuldigen uns f�r Unannehmlichkeiten.</p>
</td>
</tr>
<tr>
<td><br><h1>Our service is not available at the moment. Please try again later.</h1>
<p>We apologize for the trouble caused.</p>
</td>
</tr>
</table>
</body>

Found 3 days ago by HttpPlugin