LeakIX - Host 2.16.204.89

Host 2.16.204.89

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

AkamaiNetStorage

tcp/443

Apache Apache

tcp/443 tcp/80

ECD QA-11

tcp/443 tcp/80

awselb awselb 2.0

tcp/443

nginx nginx

tcp/443 tcp/80

undisclosed

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-metadata-eng-dev.choreograph.com
Port: 443
URL: https://geo-metadata-eng-dev.choreograph.com

First seen 2025-10-22 11:31
Last seen 2026-01-09 22:37
Open for 79 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b284f5b1bc4bb71e9ecfaa5c01531ae395f4c8243

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /GeosegmentUpdate/TTD/{platformId}
GET /TTDTokenController
GET /alterBigQueryBaseTableColumns
GET /attibuteColumnDefinitions
GET /attibuteColumnDefinitionsBySource
GET /createBigQueryBaseTable
GET /db_activation_attribute
GET /db_activation_attribute/{activation_attribute_id}
GET /db_activation_attribute_encrypted_value
GET /db_activation_attribute_encrypted_value/{activation_attribute_encrypted_value_id}
GET /db_activation_attribute_valid_value
GET /db_activation_attribute_valid_value/{activation_attribute_valid_value_id}
GET /db_activation_attribute_value
GET /db_activation_attribute_value/{activation_attribute_value_id}
GET /db_activation_definition
GET /db_activation_definition/{activation_definition_id}
GET /db_activation_execution
GET /db_activation_execution/{activation_execution_id}
GET /db_activation_execution_attribute_value
GET /db_activation_execution_attribute_value/{activation_execution_attribute_value_id}
GET /db_activation_platform
GET /db_activation_platform/{activation_platform_id}
GET /db_activation_platform_country_xref
GET /db_activation_platform_country_xref/{activation_platform_id}/{alpha_2}
GET /db_country
GET /db_country/{alpha_2}
GET /db_country_with_partial_postal_codes
GET /db_country_with_partial_postal_codes/{country_code}
GET /db_data_type
GET /db_data_type/{name}
GET /db_domain_lookup
GET /db_domain_lookup/{country_iso_2}
GET /db_domain_lookup/{country_iso_2}/{domain_app_id}
GET /db_full_postal_codes_by_country
GET /db_full_postal_codes_by_country/{country_code}
GET /db_full_postal_codes_by_country/{country_code}/search
GET /db_full_postal_codes_by_country/{country_code}/search/prefix/{prefix}
GET /db_full_postal_codes_by_country/{country_code}/{postal_code}
GET /db_geo_attribute
GET /db_geo_attribute/{id}
GET /db_geo_attribute_by_source/{id}
GET /db_geo_attribute_transform
GET /db_geo_attribute_transform/{name}
GET /db_geo_location/{id}
GET /db_geo_location_column
GET /db_geo_location_column/{id}
GET /db_geo_segment_lookup
GET /db_geo_segment_lookup/{id}
GET /db_geocoding_status
GET /db_geocoding_status/{id}
GET /db_google_geo_targets
GET /db_google_geo_targets/{criteria_id}
GET /db_idx_exch_country_lookup
GET /db_idx_exch_country_lookup/{country_iso3}
GET /db_provider
GET /db_provider/{id}
GET /db_provider_type
GET /db_provider_type/{name}
GET /db_pubmatic_dsp
GET /db_pubmatic_dsp/{buyer_id}
GET /db_source
GET /db_source/{id}
GET /db_source_column
GET /db_source_column/{id}
GET /db_source_geo_attribute_map
GET /db_source_geo_attribute_map/{id}
GET /db_source_geo_location_column_map
GET /db_source_geo_location_column_map/{id}
GET /db_source_type
GET /db_source_type/{name}
GET /db_uk_full_postal_codes
GET /db_uk_full_postal_codes/search
GET /db_uk_full_postal_codes/search/prefix/{prefix}
GET /db_uk_full_postal_codes/{postal_code}
GET /dropBigQueryBaseTable
GET /geographFileMetadata
GET /getCreateBigQueryStatement
GET /getCreateSnowflakeStatement
GET /getCurrentBigQueryBaseTableColumns
GET /getNewBigQueryBaseTableColumns
GET /index_exchange_dsp_seats
GET /lookup_postal_code_regex/{countryCode}
GET /oauth2/callback
GET /secure/db_activation_attribute_encrypted_value
GET /secure/db_activation_attribute_encrypted_value/{activation_attribute_encrypted_value_id}
GET /secure/db_activation_attribute_value
GET /secure/db_activation_attribute_value/{activation_attribute_value_id}
GET /secure/db_activation_definition
GET /secure/db_activation_definition/{activation_definition_id}
GET /secure/db_activation_execution
GET /secure/db_activation_execution/{activation_execution_id}
GET /secure/db_activation_execution_attribute_value
GET /secure/db_activation_execution_attribute_value/{activation_execution_attribute_value_id}
GET /secure/db_geocoding_status
GET /secure/db_geocoding_status/{id}
GET /sourceFileMetadata
POST /authenticate
POST /change-password
POST /db_activation_attribute/v2/where
POST /db_activation_attribute/where
POST /db_activation_attribute_encrypted_value/v2/where
POST /db_activation_attribute_encrypted_value/where
POST /db_activation_attribute_valid_value/v2/where
POST /db_activation_attribute_valid_value/where
POST /db_activation_attribute_value/v2/where
POST /db_activation_attribute_value/where
POST /db_activation_definition/v2/where
POST /db_activation_definition/where
POST /db_activation_execution/v2/where
POST /db_activation_execution/where
POST /db_activation_execution_attribute_value/v2/where
POST /db_activation_execution_attribute_value/where
POST /db_activation_geo_lookup/cacheUpdateTimeRange
POST /db_activation_geo_lookup/externalIdType
POST /db_activation_geo_lookup/lookup
POST /db_activation_geo_lookup/needLookup
POST /db_activation_geo_lookup/v2/where
POST /db_activation_geo_lookup/where
POST /db_activation_platform/v2/where
POST /db_activation_platform/where
POST /db_activation_platform_country_xref/v2/where
POST /db_activation_platform_country_xref/where
POST /db_country/v2/where
POST /db_country/where
POST /db_country_with_partial_postal_codes/v2/where
POST /db_country_with_partial_postal_codes/where
POST /db_data_type/v2/where
POST /db_data_type/where
POST /db_domain_lookup/v2/where
POST /db_domain_lookup/where
POST /db_full_postal_codes_by_country/v2/where
POST /db_full_postal_codes_by_country/where
POST /db_geo_attribute/v2/where
POST /db_geo_attribute/where
POST /db_geo_attribute_by_source/where
POST /db_geo_attribute_transform/v2/where
POST /db_geo_attribute_transform/where
POST /db_geo_location
POST /db_geo_location_column/v2/where
POST /db_geo_location_column/where
POST /db_geo_segment_lookup/postCodeList
POST /db_geo_segment_lookup/v2/where
POST /db_geo_segment_lookup/where
POST /db_geocoding_status/v2/where
POST /db_geocoding_status/where
POST /db_google_geo_targets/v2/where
POST /db_google_geo_targets/where
POST /db_idx_exch_country_lookup/v2/where
POST /db_idx_exch_country_lookup/where
POST /db_provider/v2/where
POST /db_provider/where
POST /db_provider_type/v2/where
POST /db_provider_type/where
POST /db_pubmatic_dsp/v2/where
POST /db_pubmatic_dsp/where
POST /db_source/v2/where
POST /db_source/where
POST /db_source_column/v2/where
POST /db_source_column/where
POST /db_source_geo_attribute_map/v2/where
POST /db_source_geo_attribute_map/where
POST /db_source_geo_location_column_map/v2/where
POST /db_source_geo_location_column_map/where
POST /db_source_type/v2/where
POST /db_source_type/where
POST /db_uk_full_postal_codes/v2/where
POST /db_uk_full_postal_codes/where
POST /geo/h3/geometrycollection
POST /geo/h3/intersection
POST /geo/h3/v2/geometrycollection
POST /geo/h3/v2/intersection
POST /get-organization-id
POST /lookup_postal_code_regex/where
POST /pubmatic_dsp
POST /reset-password
POST /secure/db_activation_attribute_encrypted_value/v2/where
POST /secure/db_activation_attribute_encrypted_value/where
POST /secure/db_activation_attribute_value/v2/where
POST /secure/db_activation_attribute_value/where
POST /secure/db_activation_definition/v2/where
POST /secure/db_activation_definition/where
POST /secure/db_activation_execution/v2/where
POST /secure/db_activation_execution/where
POST /secure/db_activation_execution_attribute_value/v2/where
POST /secure/db_activation_execution_attribute_value/where
POST /secure/db_geocoding_status/v2/where
POST /secure/db_geocoding_status/where
POST /verify

Found on 2026-01-09 22:37

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b284f5b1bc4bb71e9ecfaa5c01531ae39d690e2e5

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /GeosegmentUpdate/TTD/{platformId}
GET /TTDTokenController
GET /alterBigQueryBaseTableColumns
GET /attibuteColumnDefinitions
GET /attibuteColumnDefinitionsBySource
GET /createBigQueryBaseTable
GET /db_activation_attribute
GET /db_activation_attribute/{activation_attribute_id}
GET /db_activation_attribute_encrypted_value
GET /db_activation_attribute_encrypted_value/{activation_attribute_encrypted_value_id}
GET /db_activation_attribute_valid_value
GET /db_activation_attribute_valid_value/{activation_attribute_valid_value_id}
GET /db_activation_attribute_value
GET /db_activation_attribute_value/{activation_attribute_value_id}
GET /db_activation_definition
GET /db_activation_definition/{activation_definition_id}
GET /db_activation_execution
GET /db_activation_execution/{activation_execution_id}
GET /db_activation_execution_attribute_value
GET /db_activation_execution_attribute_value/{activation_execution_attribute_value_id}
GET /db_activation_platform
GET /db_activation_platform/{activation_platform_id}
GET /db_activation_platform_country_xref
GET /db_activation_platform_country_xref/{activation_platform_id}/{alpha_2}
GET /db_country
GET /db_country/{alpha_2}
GET /db_data_type
GET /db_data_type/{name}
GET /db_domain_lookup
GET /db_domain_lookup/{country_iso_2}
GET /db_domain_lookup/{country_iso_2}/{domain_app_id}
GET /db_geo_attribute
GET /db_geo_attribute/{id}
GET /db_geo_attribute_by_source/{id}
GET /db_geo_attribute_transform
GET /db_geo_attribute_transform/{name}
GET /db_geo_location/{id}
GET /db_geo_location_column
GET /db_geo_location_column/{id}
GET /db_geo_segment_lookup
GET /db_geo_segment_lookup/{id}
GET /db_geocoding_status
GET /db_geocoding_status/{id}
GET /db_google_geo_targets
GET /db_google_geo_targets/{criteria_id}
GET /db_idx_exch_country_lookup
GET /db_idx_exch_country_lookup/{country_iso3}
GET /db_provider
GET /db_provider/{id}
GET /db_provider_type
GET /db_provider_type/{name}
GET /db_pubmatic_dsp
GET /db_pubmatic_dsp/{buyer_id}
GET /db_source
GET /db_source/{id}
GET /db_source_column
GET /db_source_column/{id}
GET /db_source_geo_attribute_map
GET /db_source_geo_attribute_map/{id}
GET /db_source_geo_location_column_map
GET /db_source_geo_location_column_map/{id}
GET /db_source_type
GET /db_source_type/{name}
GET /db_uk_full_postal_codes
GET /db_uk_full_postal_codes/search
GET /db_uk_full_postal_codes/search/prefix/{prefix}
GET /db_uk_full_postal_codes/{postal_code}
GET /dropBigQueryBaseTable
GET /geographFileMetadata
GET /getCreateBigQueryStatement
GET /getCreateSnowflakeStatement
GET /getCurrentBigQueryBaseTableColumns
GET /getNewBigQueryBaseTableColumns
GET /index_exchange_dsp_seats
GET /lookup_postal_code_regex/{countryCode}
GET /oauth2/callback
GET /secure/db_activation_attribute_encrypted_value
GET /secure/db_activation_attribute_encrypted_value/{activation_attribute_encrypted_value_id}
GET /secure/db_activation_attribute_value
GET /secure/db_activation_attribute_value/{activation_attribute_value_id}
GET /secure/db_activation_definition
GET /secure/db_activation_definition/{activation_definition_id}
GET /secure/db_activation_execution
GET /secure/db_activation_execution/{activation_execution_id}
GET /secure/db_activation_execution_attribute_value
GET /secure/db_activation_execution_attribute_value/{activation_execution_attribute_value_id}
GET /secure/db_geocoding_status
GET /secure/db_geocoding_status/{id}
GET /sourceFileMetadata
POST /authenticate
POST /change-password
POST /db_activation_attribute/v2/where
POST /db_activation_attribute/where
POST /db_activation_attribute_encrypted_value/v2/where
POST /db_activation_attribute_encrypted_value/where
POST /db_activation_attribute_valid_value/v2/where
POST /db_activation_attribute_valid_value/where
POST /db_activation_attribute_value/v2/where
POST /db_activation_attribute_value/where
POST /db_activation_definition/v2/where
POST /db_activation_definition/where
POST /db_activation_execution/v2/where
POST /db_activation_execution/where
POST /db_activation_execution_attribute_value/v2/where
POST /db_activation_execution_attribute_value/where
POST /db_activation_geo_lookup/cacheUpdateTimeRange
POST /db_activation_geo_lookup/externalIdType
POST /db_activation_geo_lookup/lookup
POST /db_activation_geo_lookup/needLookup
POST /db_activation_geo_lookup/v2/where
POST /db_activation_geo_lookup/where
POST /db_activation_platform/v2/where
POST /db_activation_platform/where
POST /db_activation_platform_country_xref/v2/where
POST /db_activation_platform_country_xref/where
POST /db_country/v2/where
POST /db_country/where
POST /db_data_type/v2/where
POST /db_data_type/where
POST /db_domain_lookup/v2/where
POST /db_domain_lookup/where
POST /db_geo_attribute/v2/where
POST /db_geo_attribute/where
POST /db_geo_attribute_by_source/where
POST /db_geo_attribute_transform/v2/where
POST /db_geo_attribute_transform/where
POST /db_geo_location
POST /db_geo_location_column/v2/where
POST /db_geo_location_column/where
POST /db_geo_segment_lookup/postCodeList
POST /db_geo_segment_lookup/v2/where
POST /db_geo_segment_lookup/where
POST /db_geocoding_status/v2/where
POST /db_geocoding_status/where
POST /db_google_geo_targets/v2/where
POST /db_google_geo_targets/where
POST /db_idx_exch_country_lookup/v2/where
POST /db_idx_exch_country_lookup/where
POST /db_provider/v2/where
POST /db_provider/where
POST /db_provider_type/v2/where
POST /db_provider_type/where
POST /db_pubmatic_dsp/v2/where
POST /db_pubmatic_dsp/where
POST /db_source/v2/where
POST /db_source/where
POST /db_source_column/v2/where
POST /db_source_column/where
POST /db_source_geo_attribute_map/v2/where
POST /db_source_geo_attribute_map/where
POST /db_source_geo_location_column_map/v2/where
POST /db_source_geo_location_column_map/where
POST /db_source_type/v2/where
POST /db_source_type/where
POST /db_uk_full_postal_codes/v2/where
POST /db_uk_full_postal_codes/where
POST /geo/h3/geometrycollection
POST /geo/h3/intersection
POST /geo/h3/v2/geometrycollection
POST /geo/h3/v2/intersection
POST /get-organization-id
POST /lookup_postal_code_regex/where
POST /pubmatic_dsp
POST /reset-password
POST /secure/db_activation_attribute_encrypted_value/v2/where
POST /secure/db_activation_attribute_encrypted_value/where
POST /secure/db_activation_attribute_value/v2/where
POST /secure/db_activation_attribute_value/where
POST /secure/db_activation_definition/v2/where
POST /secure/db_activation_definition/where
POST /secure/db_activation_execution/v2/where
POST /secure/db_activation_execution/where
POST /secure/db_activation_execution_attribute_value/v2/where
POST /secure/db_activation_execution_attribute_value/where
POST /secure/db_geocoding_status/v2/where
POST /secure/db_geocoding_status/where
POST /verify

Found on 2025-12-01 05:01

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-coding-emea.choreograph.com
Port: 443
URL: https://geo-coding-emea.choreograph.com

First seen 2025-10-22 11:31
Last seen 2026-01-09 22:37
Open for 79 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b73776d185020f294681fc1e0c4f80d898b6825d4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /calldqm
GET /db_geocoding_status/{id}
GET /secure/db_geocoding_status/{id}
GET /truncate
POST /aggregateSnowflake
POST /enhance
POST /enhanceSnowflake
POST /latlng
POST /secure/aggregateSnowflake
POST /secure/enhance
POST /secure/enhanceSnowflake
```
  Found on 2026-01-09 22:37
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: api-f.eprice.it
Port: 443
URL: https://api-f.eprice.it

First seen 2025-10-16 09:11
Last seen 2026-01-09 22:37
Open for 85 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f6dd5f63c98d77f77d70afe7c3304762a45b81e7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /B2C/Orders/{numOrd}/{idCustomer}
GET /Mangopay/GetCompanyWallet
GET /Mangopay/{OrderNum}/GetPayIn
GET /Mangopay/{OrderNum}/GetPreauthorization
GET /Mangopay/{cardId}/GetCardRegistration
GET /Mangopay/{payinId}/Payin
GET /Mangopay/{preauthId}/Preauthorization
GET /Mangopay/{userKey}/GetCards
GET /Mangopay/{userKey}/{basketId}/GetUser
GET /Mangopay/{userKey}/{basketId}/{cardType}/Registration
GET /Mangopay/{userKey}/{tokenId}/DeleteCard
GET /WeatherForecast
GET /confirmEmail
GET /content
GET /gdpr/checkrichiesta/{user_email}
GET /gdpr/confermarichiesta/{token}/{email}
GET /geo/cap.do
GET /geo/gcap.do
GET /geo/gcomu.do
GET /geo/utenti/v2/cap.do
GET /geo/utenti/v2/gcap.do
GET /geo/utenti/v2/gcomu.do
GET /location/search
GET /manage/info
GET /productCheck
GET /products/codart/{codart}
GET /products/review/{codart}
GET /products/sku/{sku}
GET /products/{codart}/gpsr
GET /users/email/{email}
GET /users/{userId}
GET /users/{user_id}/default_zip_code
GET /webhook/Mirakl
GET /webhook/klarna
GET /webhook/mangopay
GET /webhook/paypal
GET /weebhook/usernewslettersubscribe
GET /weebhook/usernewsletterunsubscribe
POST /Auth/login
POST /Auth/logout
POST /B2C/CreateOrder
POST /Gdpr/InsertRichiesta
POST /Mangopay/ConfirmPreauthorization
POST /Mangopay/CreatePayout
POST /Mangopay/MultipleConfirmPreauthorization
POST /Mangopay/PaypalTracking
POST /Mangopay/Refund
POST /Mangopay/{userKey}/{basketId}/Klarna
POST /Mangopay/{userKey}/{basketId}/Paypal
POST /Mangopay/{userKey}/{basketId}/PaypalPreRisk
POST /Mangopay/{userKey}/{basketId}/Preauthorization
POST /Mangopay/{userKey}/{basketId}/SaveToken
POST /forgotPassword
POST /login
POST /manage/2fa
POST /refresh
POST /register
POST /resendConfirmationEmail
POST /resetPassword

Found on 2026-01-09 22:37

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f6dd5f63c98d77f77d70afe7c330476285de9721

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /B2C/Orders/{numOrd}/{idCustomer}
GET /Mangopay/GetCompanyWallet
GET /Mangopay/{OrderNum}/GetPayIn
GET /Mangopay/{OrderNum}/GetPreauthorization
GET /Mangopay/{cardId}/GetCardRegistration
GET /Mangopay/{userKey}/GetCards
GET /Mangopay/{userKey}/{basketId}/GetUser
GET /Mangopay/{userKey}/{basketId}/{cardType}/Registration
GET /Mangopay/{userKey}/{tokenId}/DeleteCard
GET /WeatherForecast
GET /confirmEmail
GET /content
GET /gdpr/checkrichiesta/{user_email}
GET /gdpr/confermarichiesta/{token}/{email}
GET /location/search
GET /manage/info
GET /productCheck
GET /products/codart/{codart}
GET /products/review/{codart}
GET /products/sku/{sku}
GET /products/{codart}/gpsr
GET /users/email/{email}
GET /users/{userId}
GET /users/{user_id}/default_zip_code
GET /webhook/Mirakl
GET /webhook/klarna
GET /webhook/mangopay
GET /webhook/paypal
GET /weebhook/usernewslettersubscribe
GET /weebhook/usernewsletterunsubscribe
POST /Auth/login
POST /Auth/logout
POST /B2C/CreateOrder
POST /Gdpr/InsertRichiesta
POST /Mangopay/ConfirmPreauthorization
POST /Mangopay/CreatePayout
POST /Mangopay/MultipleConfirmPreauthorization
POST /Mangopay/PaypalTracking
POST /Mangopay/Refund
POST /Mangopay/{userKey}/{basketId}/Klarna
POST /Mangopay/{userKey}/{basketId}/Paypal
POST /Mangopay/{userKey}/{basketId}/PaypalPreRisk
POST /Mangopay/{userKey}/{basketId}/Preauthorization
POST /Mangopay/{userKey}/{basketId}/SaveToken
POST /forgotPassword
POST /login
POST /manage/2fa
POST /refresh
POST /register
POST /resendConfirmationEmail
POST /resetPassword

Found on 2026-01-05 14:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f6dd5f63c98d77f77d70afe7c33047620ce66765

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /B2C/Orders/{numOrd}/{idCustomer}
GET /Mangopay/GetCompanyWallet
GET /Mangopay/{OrderNum}/GetPayIn
GET /Mangopay/{OrderNum}/GetPreauthorization
GET /Mangopay/{cardId}/GetCardRegistration
GET /Mangopay/{userKey}/GetCards
GET /Mangopay/{userKey}/{basketId}/GetUser
GET /Mangopay/{userKey}/{basketId}/{cardType}/Registration
GET /Mangopay/{userKey}/{tokenId}/DeleteCard
GET /WeatherForecast
GET /confirmEmail
GET /content
GET /gdpr/checkrichiesta/{user_email}
GET /gdpr/confermarichiesta/{token}/{email}
GET /location/search
GET /manage/info
GET /productCheck
GET /products/codart/{codart}
GET /products/review/{codart}
GET /products/sku/{sku}
GET /products/{codart}/gpsr
GET /users/email/{email}
GET /users/{userId}
GET /users/{user_id}/default_zip_code
GET /webhook/Mirakl
GET /webhook/klarna
GET /webhook/mangopay
GET /webhook/paypal
GET /weebhook/usernewslettersubscribe
GET /weebhook/usernewsletterunsubscribe
POST /Auth/login
POST /Auth/logout
POST /B2C/CreateOrder
POST /Gdpr/InsertRichiesta
POST /Mangopay/ConfirmPreauthorization
POST /Mangopay/CreatePayout
POST /Mangopay/MultipleConfirmPreauthorization
POST /Mangopay/PaypalTracking
POST /Mangopay/Refund
POST /Mangopay/{userKey}/{basketId}/Klarna
POST /Mangopay/{userKey}/{basketId}/Paypal
POST /Mangopay/{userKey}/{basketId}/Preauthorization
POST /Mangopay/{userKey}/{basketId}/SaveToken
POST /forgotPassword
POST /login
POST /manage/2fa
POST /refresh
POST /register
POST /resendConfirmationEmail
POST /resetPassword

Found on 2025-10-27 14:57

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: www.portal.axepta.bnpparibas
Port: 443
URL: https://www.portal.axepta.bnpparibas

First seen 2025-10-14 06:28
Last seen 2026-01-09 21:24
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bc2bc754736e2a8e436e2a8e436e2a8e436e2a8e4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /env
GET /health
```
  Found on 2026-01-09 21:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: portal.axepta.bnpparibas
Port: 443
URL: https://portal.axepta.bnpparibas

First seen 2025-10-14 06:28
Last seen 2026-01-09 20:35
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bc2bc754736e2a8e436e2a8e436e2a8e436e2a8e4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /env
GET /health
```
  Found on 2026-01-09 20:35
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: www.portal.axepta.staging.bnpparibas
Port: 443
URL: https://www.portal.axepta.staging.bnpparibas

First seen 2025-10-14 06:28
Last seen 2026-01-09 19:36
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bc2bc754736e2a8e436e2a8e436e2a8e436e2a8e4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /env
GET /health
```
  Found on 2026-01-09 19:36
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-activation-eng-dev.choreograph.com
Port: 443
URL: https://geo-activation-eng-dev.choreograph.com

First seen 2025-10-22 11:31
Last seen 2026-01-09 19:03
Open for 79 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4be425ed9c6015c0563e2e4f7911006cdc9e10b8d5

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /activation/activationDefinition/{id}
GET /activation/activationExecution/{id}
GET /activation/transmitResponse/{id}
GET /secure/activation/activationDefinition/{id}
GET /secure/activation/activationExecution/{id}
GET /secure/activation/transmitResponse/{id}
POST /activation/createExecution
POST /activation/deactivateDefinition
POST /activation/transmit/{inputTypeString}
POST /amazon/getAdvertisers
POST /amazon/getAuthorizationUrl
POST /amazon/getProfiles
POST /amazon/registerGrantCode
POST /secure/activation/createExecution
POST /secure/activation/deactivateDefinition
POST /secure/activation/transmit/{inputTypeString}
POST /secure/amazon/getAdvertisers
POST /secure/amazon/getAuthorizationUrl
POST /secure/amazon/getProfiles
POST /secure/amazon/registerGrantCode

Found on 2026-01-09 19:03

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-translate-stg.choreograph.com
Port: 443
URL: https://geo-translate-stg.choreograph.com

First seen 2025-10-22 11:32
Last seen 2026-01-09 19:03
Open for 79 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bf9ab80bd33f2bdc8b38b8651b0c92d11ba65cab0
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /boundary/sample
POST /adminBoundry
POST /boundary/contains
POST /boundary/covers
POST /boundary/intersects
POST /geo/h3/geometrycollection
POST /geo/h3/intersection
POST /geo/h3/intersectionOverlap
POST /geo/h3/overlapratio
POST /secure/boundary/contains
POST /secure/boundary/covers
POST /secure/boundary/intersects
POST /secure/translate
POST /secure/translate/h3
POST /secure/v2/translate
POST /translate
POST /translate/h3
POST /v2/translate
POST /v2/where
POST /where
```
  Found on 2026-01-09 19:03
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-coding-stg.choreograph.com
Port: 443
URL: https://geo-coding-stg.choreograph.com

First seen 2025-10-22 11:31
Last seen 2026-01-09 10:58
Open for 78 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b73776d185020f294681fc1e0c4f80d898b6825d4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /calldqm
GET /db_geocoding_status/{id}
GET /secure/db_geocoding_status/{id}
GET /truncate
POST /aggregateSnowflake
POST /enhance
POST /enhanceSnowflake
POST /latlng
POST /secure/aggregateSnowflake
POST /secure/enhance
POST /secure/enhanceSnowflake
```
  Found on 2026-01-09 10:58
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: vie-scratch.groupm.tech
Port: 443
URL: https://vie-scratch.groupm.tech

First seen 2025-10-16 11:56
Last seen 2026-01-09 06:49
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 06:49
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: webapi-qa.bkbob.fr
Port: 443
URL: https://webapi-qa.bkbob.fr

First seen 2025-11-17 16:16
Last seen 2026-01-09 05:16
Open for 52 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bf4d4c2320950d6a9fdc420f760370444891ee1ca

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/auth/permissions
GET /api/birthday/booking/{id}
GET /api/birthday/bookings
GET /api/complaint
GET /api/complaint/{id}/refund/promotions
GET /api/complaints
GET /api/features
GET /api/init
GET /api/order
GET /api/orders
GET /api/orders/finished
GET /api/orders/pending
GET /api/parameters
GET /api/public/notify/test/birthday-booking-update
GET /api/public/notify/test/complaint-update
GET /api/public/notify/test/order-update
GET /api/public/notify/test/restaurant-update
GET /api/restaurant
GET /api/restaurant/powerbi/token/{frNumber}
GET /api/restaurant/services/openings
GET /api/restaurant/{frNumber}/employees
GET /api/restaurant/{frNumber}/employees/{id}
GET /api/restaurant/{frNumber}/employees/{id}/resend-activation-mail
GET /api/restaurant/{frNumber}/preparation-time
GET /public/api/health-check
GET /public/dev/storeLoc
GET /{regex}/public/dev/storeLoc
PATCH /api/complaint/{id}
POST /api/complaint/confirm-refund
POST /api/complaint/contest-refund
POST /api/complaint/validate-refund
POST /api/complaint/{id}/close
POST /api/complaint/{id}/messages
POST /api/complaint/{id}/refund
POST /api/complaint/{id}/report
POST /api/order/manual-integration
POST /api/parameters/permission
POST /api/public/auth/login
POST /api/public/auth/password/_forgotten
POST /api/public/auth/password/_set
POST /api/public/notify/birthday-booking-update/{bookingId}
POST /api/public/notify/complaint-update/{complaintId}
POST /api/public/notify/order-update
POST /api/public/notify/restaurant-update/{restaurantId}
POST /api/restaurant/services
POST /api/restaurant/services/enable-swap-parking-to-drive
POST /api/restaurant/services/max-quota
POST /api/restaurant/services/pickup-info
POST /api/restaurant/services/preparation-time
POST /api/restaurant/services/swap-parking-time
POST /api/table-order/qr-code/generate

Found on 2026-01-09 05:16

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bf4d4c2320950d6a9fdc420f7603704446c85a818

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/auth/permissions
GET /api/birthday/booking/{id}
GET /api/birthday/bookings
GET /api/complaint
GET /api/complaint/{id}/refund/promotions
GET /api/complaints
GET /api/features
GET /api/init
GET /api/order
GET /api/orders
GET /api/orders/finished
GET /api/orders/pending
GET /api/parameters
GET /api/public/notify/test/birthday-booking-update
GET /api/public/notify/test/complaint-update
GET /api/public/notify/test/order-update
GET /api/public/notify/test/restaurant-update
GET /api/restaurant
GET /api/restaurant/powerbi/token/{frNumber}
GET /api/restaurant/services/openings
GET /api/restaurant/{frNumber}/employees
GET /api/restaurant/{frNumber}/employees/{id}
GET /api/restaurant/{frNumber}/employees/{id}/resend-activation-mail
GET /api/restaurant/{frNumber}/preparation-time
GET /public/api/health-check
GET /public/dev/storeLoc
GET /{regex}/public/dev/storeLoc
PATCH /api/complaint/{id}
POST /api/complaint/chat-id
POST /api/complaint/confirm-refund
POST /api/complaint/contest-refund
POST /api/complaint/validate-refund
POST /api/complaint/{id}/close
POST /api/complaint/{id}/messages
POST /api/complaint/{id}/refund
POST /api/complaint/{id}/report
POST /api/order/manual-integration
POST /api/parameters/permission
POST /api/public/auth/login
POST /api/public/auth/password/_forgotten
POST /api/public/auth/password/_set
POST /api/public/notify/birthday-booking-update/{bookingId}
POST /api/public/notify/complaint-update/{complaintId}
POST /api/public/notify/order-update
POST /api/public/notify/restaurant-update/{restaurantId}
POST /api/restaurant/services
POST /api/restaurant/services/enable-swap-parking-to-drive
POST /api/restaurant/services/max-quota
POST /api/restaurant/services/pickup-info
POST /api/restaurant/services/preparation-time
POST /api/restaurant/services/swap-parking-time
POST /api/table-order/qr-code/generate

Found on 2025-12-02 10:13

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: notes.tdsecurities.com
Port: 443
URL: https://notes.tdsecurities.com

First seen 2025-10-17 13:28
Last seen 2026-01-09 01:28
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd110b5863c070598b46604d138658e5bccfbcd909f8ba4c86c

Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths:
GET /api/v1/note-reports
GET /api/v1/note-reports/download-csv
GET /api/v1/note-test/daily-performance
GET /api/v1/note-test/data-type
GET /api/v1/note-test/debt-type
GET /api/v1/note-test/enum-field
GET /api/v1/note-test/feature-field
GET /api/v1/note-test/file
GET /api/v1/note-test/file/duplicate
GET /api/v1/note-test/file/{code}/download
GET /api/v1/note-test/issuer
GET /api/v1/note-test/issuer-rating
GET /api/v1/note-test/note
GET /api/v1/note-test/note/{code}
GET /api/v1/note-test/rating
GET /api/v1/note-test/underlying-info
GET /api/v1/notes
GET /api/v1/notes/codes/details
GET /api/v1/notes/enums/all
GET /api/v1/notes/file/{code}/download
GET /api/v1/notes/file/{code}/{fileType}/{lang}
GET /api/v1/notes/file/{id}
GET /api/v1/notes/{code}
GET /api/v1/priip-document/all
GET /api/v1/priip-document/download/{id}
GET /api/v1/priip/download/{id}
GET /api/v1/priip/search
GET /api/v1/sn-event
GET /api/v1/sn-event/corp-action-event
GET /api/v1/sn-event/corp-action/{corpActionId}
GET /api/v1/sn-event/event-description
GET /api/v1/sn-event/lifecycle-event
GET /api/v1/static/file
GET /api/v1/static/file/download
GET /api/v1/static/file/download/{id}
GET /api/v1/vault/ga/flag
GET /api/v1/vault/ga/track-id
GET /env
GET /health
GET /info

Found on 2026-01-09 01:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: geo-activation-stg.choreograph.com
Port: 443
URL: https://geo-activation-stg.choreograph.com

First seen 2025-10-22 11:31
Last seen 2026-01-08 20:19
Open for 78 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4be425ed9c6015c0563e2e4f7911006cdc9e10b8d5

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /activation/activationDefinition/{id}
GET /activation/activationExecution/{id}
GET /activation/transmitResponse/{id}
GET /secure/activation/activationDefinition/{id}
GET /secure/activation/activationExecution/{id}
GET /secure/activation/transmitResponse/{id}
POST /activation/createExecution
POST /activation/deactivateDefinition
POST /activation/transmit/{inputTypeString}
POST /amazon/getAdvertisers
POST /amazon/getAuthorizationUrl
POST /amazon/getProfiles
POST /amazon/registerGrantCode
POST /secure/activation/createExecution
POST /secure/activation/deactivateDefinition
POST /secure/activation/transmit/{inputTypeString}
POST /secure/amazon/getAdvertisers
POST /secure/amazon/getAuthorizationUrl
POST /secure/amazon/getProfiles
POST /secure/amazon/registerGrantCode

Found on 2026-01-08 20:19

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.90
Domain: tmeicswag.com
Port: 443
URL: https://tmeicswag.com

First seen 2025-11-05 09:09
Last seen 2026-01-02 22:58
Open for 58 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c1f4d5e249eb64b20af3f58d43e54cdd5393e848

GraphQL introspection enabled at /graphql
Types: 395 (by kind: ENUM: 28, INPUT_OBJECT: 94, INTERFACE: 20, OBJECT: 248, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-02 22:58

685.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c1f4d5e249eb64b20af3f58d43e54cdd9b2239b5

GraphQL introspection enabled at /graphql
Types: 395 (by kind: ENUM: 28, INPUT_OBJECT: 94, INTERFACE: 20, OBJECT: 248, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-30 21:56

685.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e25d18ee31fd562e33bfc7c19ce862f642c66cb82c

GraphQL introspection enabled at /graphql/api
Types: 395 (by kind: ENUM: 28, INPUT_OBJECT: 94, INTERFACE: 20, OBJECT: 248, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-05 09:09

685.0 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.89
Domain: btn.spott2.sportradar.com
Port: 443
URL: https://btn.spott2.sportradar.com

First seen 2025-10-19 20:42
Last seen 2026-01-02 16:40
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 16:40
  
  105.7 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.89
Domain: www.red.sport
Port: 443
URL: https://www.red.sport

First seen 2025-10-19 20:42
Last seen 2026-01-02 16:40
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 16:40
  
  105.7 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.89
Domain: www.tennischannel.com
Port: 443
URL: https://www.tennischannel.com

First seen 2025-10-19 20:42
Last seen 2026-01-02 16:35
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 16:35
  
  105.7 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
  Found on 2025-10-26 13:08
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.204.89
Domain: www.bigtenplus.com
Port: 443
URL: https://www.bigtenplus.com

First seen 2025-10-19 20:42
Last seen 2026-01-02 11:31
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6a8cd7f2f7957a07d09f81bd06d693f426d693f42
```
GraphQL introspection enabled at /api/graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 4, OBJECT: 81, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: comparison, metadataClientField, rankings, sportMatch, tournaments
Directives: deprecated, include, oneOf, skip (total: 4)
```
  Found on 2026-01-02 11:31
  
  105.7 kBytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 2.16.204.89
Domain: pnl-oomtgn-externalmapapp.t15.cldsvc.net
Port: 443
URL: https://pnl-oomtgn-externalmapapp.t15.cldsvc.net

First seen 2025-04-03 23:11
Last seen 2026-01-02 07:31
Open for 273 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d819fde85819fde85819fde85819fde85
```
Found 1 files trough .DS_Store spidering:

/js
```
  Found on 2026-01-02 07:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: nice-surfly-webhook-sit.combinedinsurance.com
Port: 443
URL: https://nice-surfly-webhook-sit.combinedinsurance.com

First seen 2025-10-15 03:02
Last seen 2025-12-02 17:22
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549489da153489da153489da153489da153489da153
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/CoBrowse/SaveSurflyMetaData
```
  Found on 2025-12-02 17:22
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: gapi.admin.mig.goto.kalundborg.gopublic.dk
Port: 443
URL: https://gapi.admin.mig.goto.kalundborg.gopublic.dk

First seen 2025-11-10 23:17
Last seen 2025-12-01 03:17
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-12-01 03:17
Create report

Open service 2.16.204.89:80 · jeparticipe.smartidf.services

2026-01-13 00:33

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://jeparticipe.smartidf.services/
Expires: Tue, 13 Jan 2026 00:33:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 13 Jan 2026 00:33:48 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Server-Timing: ak_p; desc="1768264428709_34610521_938798496_10_7160_164_0_-";dur=1

Found 7 hours ago by HttpPlugin

Host 2.16.204.89

Germany

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

GraphQL introspection is enabled.

GraphQL introspection is enabled.

GraphQL introspection is enabled.

GraphQL introspection is enabled.

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Swagger API description is publicly available