LeakIX - Host 2.16.206.154

Host 2.16.206.154

Germany

Akamai International B.V.

Ubuntu

Software information

APISIX 3.3.0

tcp/443

AkamaiGHost

tcp/443 tcp/80

Apache Apache 2.4.52

tcp/443

Apache Apache

tcp/443

Apache Apache 2.4.6

tcp/443

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443

OpenSSL OpenSSL 1.0.2k-fips

tcp/443

PHP PHP 7.3.33

tcp/443

TLB

tcp/443 tcp/80

cloudflare

tcp/443 tcp/80

istio-envoy

tcp/443

itgdweb

tcp/443 tcp/80

nginx nginx 1.16.1

tcp/443

nginx nginx

tcp/443 tcp/80

nginx nginx 1.25.5

tcp/443 tcp/80

none

tcp/443

openresty

tcp/443 tcp/80

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.23.176.48
Domain: lojaqas.cvale.com.br
Port: 443
URL: https://lojaqas.cvale.com.br

First seen 2025-10-16 18:54
Last seen 2026-01-13 17:38
Open for 88 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36e9d3bc56c67fc076aabfabd4b3c78217b7e28dc

GraphQL introspection enabled at /graphql
Types: 491 (by kind: ENUM: 44, INPUT_OBJECT: 118, INTERFACE: 25, OBJECT: 299, SCALAR: 5)
Operations:
- Query: Query | fields: attributesForm, attributesList, availableStores, blogAuthor, blogCategories
- Mutation: Mutation | fields: addBundleProductsToCart, addCommentToPost, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-13 17:38

842.7 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa374c2942e74c2942e74c2942e74c2942e74c2942e
```
GraphQL introspection enabled at /graphql
Detected: Magento
```
Found on 2026-01-13 17:38

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31e21ad70eeff7574081fab16de15009c8886365b

GraphQL introspection enabled at /graphql
Types: 471 (by kind: ENUM: 43, INPUT_OBJECT: 110, INTERFACE: 25, OBJECT: 288, SCALAR: 5)
Operations:
- Query: Query | fields: attributesForm, attributesList, availableStores, blogAuthor, blogCategories
- Mutation: Mutation | fields: addBundleProductsToCart, addCommentToPost, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2026-01-05 03:56

824.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e22094401149539bd3fb6a6e19818c6d4d0bb2dcc0

GraphQL introspection enabled at /graphql/api
Types: 471 (by kind: ENUM: 43, INPUT_OBJECT: 110, INTERFACE: 25, OBJECT: 288, SCALAR: 5)
Operations:
- Query: Query | fields: attributesForm, attributesList, availableStores, blogAuthor, blogCategories
- Mutation: Mutation | fields: addBundleProductsToCart, addCommentToPost, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-27 04:02

824.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-12-10 22:45

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31e21ad70eeff7574081fab16de15009cf5465924

GraphQL introspection enabled at /graphql
Types: 471 (by kind: ENUM: 43, INPUT_OBJECT: 110, INTERFACE: 25, OBJECT: 288, SCALAR: 5)
Operations:
- Query: Query | fields: attributesForm, attributesList, availableStores, blogAuthor, blogCategories
- Mutation: Mutation | fields: addBundleProductsToCart, addCommentToPost, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-30 20:53

825.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2
```
GraphQL introspection enabled at /graphql/api
```
Found on 2025-11-30 20:53

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e22094401149539bd3fb6a6e19818c6d4de163c91d

GraphQL introspection enabled at /graphql/api
Types: 471 (by kind: ENUM: 43, INPUT_OBJECT: 110, INTERFACE: 25, OBJECT: 288, SCALAR: 5)
Operations:
- Query: Query | fields: attributesForm, attributesList, availableStores, blogAuthor, blogCategories
- Mutation: Mutation | fields: addBundleProductsToCart, addCommentToPost, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-05 17:53

825.6 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: feedtreeapi.feeddigi.com
Port: 443
URL: https://feedtreeapi.feeddigi.com

First seen 2025-11-07 21:59
Last seen 2026-01-12 20:21
Open for 65 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549b4ba58b746c1616784dd5a5027a96f4e93e7d4d5
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/CacheChecker/CheckCompetitorById
GET /api/v1/CacheChecker/CheckItemsCountPerCollection
GET /api/v1/CacheChecker/CheckLanguageItemById
GET /api/v1/CacheChecker/CheckMatchItemById
GET /api/v1/FeedService/GetCountries
GET /api/v1/FeedService/GetCountry
GET /api/v1/FeedService/GetMatchWithStackes
GET /api/v1/FeedService/GetSport
GET /api/v1/FeedService/GetSports
GET /api/v1/FeedService/GetTournament
GET /api/v1/FeedService/GetTournaments
POST /api/v1/AutobookFeedTreeService/GetMatches
POST /api/v1/AutobookFeedTreeService/GetMatchesByObjects
POST /api/v1/FeedService/GetMatches
POST /api/v1/FeedService/GetMatchesByIds
```
  Found on 2026-01-12 20:21
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: dapi.canpl.ca
Port: 443
URL: https://dapi.canpl.ca

First seen 2025-11-19 06:37
Last seen 2026-01-10 01:05
Open for 51 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-10 01:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: cue-live.test.ws.blick.ch
Port: 443
URL: https://cue-live.test.ws.blick.ch

First seen 2025-10-20 07:11
Last seen 2026-01-09 17:31
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff438f2858ce4532c4adc936fce432d917b9df6b7844
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /entries/teasers/{eventId}
GET /entries/{eventId}
GET /entry/{eventId}/{id}
GET /entryByExternalId/{externalId}
POST /entry
```
  Found on 2026-01-09 17:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: juiceshop-fc.exbizlab.com.br
Port: 443
URL: https://juiceshop-fc.exbizlab.com.br

First seen 2025-10-16 13:14
Last seen 2026-01-09 11:58
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 11:58
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: juiceshop-gg.exbizlab.com.br
Port: 443
URL: https://juiceshop-gg.exbizlab.com.br

First seen 2025-10-16 13:14
Last seen 2026-01-09 10:55
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 10:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: stock.biltema.com
Port: 443
URL: https://stock.biltema.com

First seen 2025-11-11 20:27
Last seen 2026-01-09 09:28
Open for 58 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549185a6e12d42d14f7e55e7d9c4776d8d74bea60a7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /healthcheck
POST /v1/Stock
POST /v1/Stock/centraleta
POST /v1/Stock/closestStore/{storeId}
POST /v1/Stock/getavaliablestoresforproduct/{marketId}
POST /v1/Stock/products
POST /v1/Stock/products/closestStore/{storeId}
POST /v1/Stock/products/{storeId}
POST /v1/Stock/storestock/{storeId}
POST /v1/Stock/{storeId}
```
  Found on 2026-01-09 09:28
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.206.154
Domain: acc-admin.orderapbs.com
Port: 443
URL: https://acc-admin.orderapbs.com

First seen 2025-11-17 16:10
Last seen 2026-01-02 19:54
Open for 46 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35996898f245c069dc46ce45a6584402f555ec7de
```
GraphQL introspection enabled at /graphql
Types: 273 (by kind: ENUM: 7, INPUT_OBJECT: 104, INTERFACE: 1, OBJECT: 147, SCALAR: 14)
Operations:
- Query: Query | fields: categories, category, product, properties, property
- Mutation: Mutations | fields: addGiftItems, addItem, changeComment, clearCart, rejectGiftItems
- Subscription: Subscriptions | fields: ping
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 19:54
  
  485.8 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.206.154
Domain: acc-admin.abcbeverages.net
Port: 443
URL: https://acc-admin.abcbeverages.net

First seen 2025-11-12 13:00
Last seen 2026-01-02 04:49
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35996898f245c069dc46ce45a6584402f555ec7de
```
GraphQL introspection enabled at /graphql
Types: 273 (by kind: ENUM: 7, INPUT_OBJECT: 104, INTERFACE: 1, OBJECT: 147, SCALAR: 14)
Operations:
- Query: Query | fields: categories, category, product, properties, property
- Mutation: Mutations | fields: addGiftItems, addItem, changeComment, clearCart, rejectGiftItems
- Subscription: Subscriptions | fields: ping
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 04:49
  
  485.8 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.206.154
Domain: groupe.nice.aeroport.fr
Port: 443
URL: https://groupe.nice.aeroport.fr

First seen 2025-11-10 14:20
Last seen 2026-01-02 02:05
Open for 52 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa38503a77cdae2d0c0948e3e35217d631624ac0416
```
GraphQL introspection enabled at /graphql
Types: 105 (by kind: ENUM: 8, INPUT_OBJECT: 1, INTERFACE: 6, OBJECT: 81, SCALAR: 9)
Operations:
- Query: PaxQuery | fields: airlineList, footer, header, iconSvg, menu
- Mutation: PaxMutation | fields: createUserFlightTrack, deleteUserFlightTrack, updateUserFlightTrack
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 02:05
  
  129.2 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 2.16.206.154
Domain: www.hektapatur.no
Port: 443
URL: https://www.hektapatur.no

First seen 2025-10-16 04:02
Last seen 2026-01-01 10:42
Open for 77 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e27816d0ef900c14644852dce5c8af57588d32e6

GraphQL introspection enabled at /graphql
Types: 556 (by kind: ENUM: 46, INPUT_OBJECT: 120, INTERFACE: 25, OBJECT: 349, SCALAR: 9, UNION: 7)
Operations:
- Query: Query | fields: search, searchAutoComplete, startPage, store, stores
- Mutation: Mutation | fields: addToCustomerProductList, createCustomerProductList, deleteCustomerProductList, subscribeToNewsletter, subscribeToStockNotifications
Directives: deprecated, include, skip, specifiedBy (total: 4)

Detected: Magento

Found on 2026-01-01 10:42

885.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e27816d0ef900c14644852dce5c8af5714cb68ab

GraphQL introspection enabled at /graphql
Types: 556 (by kind: ENUM: 46, INPUT_OBJECT: 120, INTERFACE: 25, OBJECT: 349, SCALAR: 9, UNION: 7)
Operations:
- Query: Query | fields: search, searchAutoComplete, startPage, store, stores
- Mutation: Mutation | fields: addToCustomerProductList, createCustomerProductList, deleteCustomerProductList, subscribeToNewsletter, subscribeToStockNotifications
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-12-11 13:57

885.9 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.154
Domain: appotempoconfighml.otempo.com.br
Port: 443
URL: https://appotempoconfighml.otempo.com.br

First seen 2025-10-14 19:05
Last seen 2025-12-16 16:01
Open for 62 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b94d4e3edb76051887b5c55b79a8ddb770dd6c738

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /otempo/article/link
DELETE /otempo/artigo/depois/delete/all/chaves
DELETE /otempo/artigo/depois/delete/chave/usuario
DELETE /otempo/artigo/depois/delete/chaves/usuario
DELETE /otempo/artigo/lido/delete/chave
DELETE /otempo/artigo/lido/delete/chaves/usuario
DELETE /otempo/artigo/lido/delete/id
DELETE /otempo/artigo/lido/delete/ids
DELETE /otempo/artigo/selecao/delete/chave
DELETE /otempo/artigo/selecao/delete/chaves
DELETE /otempo/artigo/selecao/delete/chaves/usuario
DELETE /otempo/artigo/selecao/delete/data
DELETE /otempo/artigo/selecao/delete/id
DELETE /otempo/artigo/selecao/delete/ids
DELETE /otempo/interesseusuario/delete/interesse/usuario
GET /healthcheck
GET /otempo/article/get-all-likes
GET /otempo/article/like-deslike
GET /otempo/article/search
GET /otempo/artigo/depois/find/chave
GET /otempo/artigo/depois/find/chave/arquivado
GET /otempo/artigo/depois/find/chave/usuario
GET /otempo/artigo/issubscribe
GET /otempo/artigo/lido/find/chave
GET /otempo/artigo/lido/find/chave/usuario
GET /otempo/artigo/selecao/find/chave
GET /otempo/artigo/selecoes/find/chave
GET /otempo/artigo/webhook
GET /otempo/editoria
GET /otempo/editoria/find/all
GET /otempo/interesseusuario/find/id
GET /otempo/meu-perfil/healthcheck
GET /otempo/meuperfil/notificacoes
GET /otempo/meuperfil/usuario
GET /otempo/meuperfil/usuario/id
GET /otempo/polly/
GET /otempo/radio/programacao
GET /otempo/reacoes/artigo-reacao-total/{idArtigo}
POST /otempo/article/like
POST /otempo/artigo/subscribe
POST /otempo/artigo/unsubscribe
POST /otempo/meuperfil/cadastrar/usuario
POST /otempo/meuperfil/lead-compra
POST /otempo/reacoes/artigo-reacoes/{idArtigo}
PUT /otempo/article/archive-unarchive
PUT /otempo/artigo/depois/arquivarDesarquivar
PUT /otempo/artigo/depois/incluir
PUT /otempo/artigo/lido/incluir
PUT /otempo/artigo/selecao/incluir
PUT /otempo/interesseusuario/incluir
PUT /otempo/meuperfil/alterar/user/profilePicture
PUT /otempo/meuperfil/alterar/usuario
PUT /otempo/meuperfil/feedback

Found on 2025-12-16 16:01

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.151
Domain: sam.disco.wowtv.de
Port: 443
URL: https://sam.disco.wowtv.de

First seen 2025-11-12 14:46
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2025-11-12 14:46
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bafa364d31efe18f41efe18f41efe18f41efe18f4
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /samsung/eden
GET /samsung/tiles
```
  Found on 2025-11-12 14:46
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 2.16.206.154
Domain: www.programadeexcelencia2025.com.br
Port: 443
URL: https://www.programadeexcelencia2025.com.br

First seen 2025-06-12 12:49
Last seen 2025-09-29 04:06
Open for 108 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09cf35cbfb3f35cbfb36855b9bc014d99c57e22a1fd88a86a4c
```
Found 29 files trough .DS_Store spidering:

/attachments
/build
/css
/favicon.ico
/images
/images/mailing
/images/tips
/images/tips/clima.jpg
/images/tips/data.jpg
/images/tips/fuso.jpg
/images/tips/moeda.jpg
/images/tips/passaporte.jpg
/images/tips/tomada.jpg
/images/tips/vacina.jpg
/images/tips/visto.jpg
/images/tours
/images/tours/home
/images/tours/modal
/images/voucher
/index.php
/js
/mailing
/manifests
/robots.txt
/sw
/vendor
/xlab.png
/xlab_squad_black.png
/xlab_white.png
```
  Found on 2025-09-29 04:06
Create report

Open service 2.16.206.154:443 · gspe19-2-ssl.ls.apple.com

2026-01-12 22:10

HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 9
Date: Mon, 12 Jan 2026 22:10:55 GMT
X-Cache: TCP_DENIED from a2-16-205-144.deploy.akamaitechnologies.com (AkamaiGHost/22.3.3.1-d99a9e98b7d52dde86bd4d85ef9e7108) (-)
Connection: close


Forbidden

Found one day ago by HttpPlugin

Host 2.16.206.154

Germany

Software information

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

GraphQL introspection is enabled.

GraphQL introspection is enabled.

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file