LeakIX - Host 2.18.64.21

Host 2.18.64.21

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

Apache Apache

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.18.64.21
Domain: swanhill-api-uat.vmonline.com.au
Port: 443
URL: https://swanhill-api-uat.vmonline.com.au

First seen 2025-10-29 09:26
Last seen 2026-02-09 01:34
Open for 102 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 01:34
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496fec35e198c771c7063b67d4e68a0001fbf72084
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /BuildingPermit
POST /Land
POST /Lease
POST /Owners
POST /PlanningPermit
POST /Properties
POST /Sales
POST /SouthAustraliaProperties
POST /Token
POST /Valuation
```
  Found on 2026-02-08 17:47
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.18.64.21
Domain: staging.tissottiming.com
Port: 443
URL: https://staging.tissottiming.com

First seen 2025-12-09 12:47
Last seen 2026-01-16 10:04
Open for 37 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 10:04
Create report

Open service 2.18.64.21:80 · theriver979.com

2026-02-06 14:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://theriver979.com/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 178
Date: Fri, 06 Feb 2026 14:08:31 GMT
Connection: close
Akamai-GRN: 0.55b31402.1770386911.4188c704

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-02-06 by HttpPlugin

Create report

Open service 2.18.64.21:443 · swanhill-api-uat.vmonline.com.au

2026-01-23 10:43

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Content-Length: 162
Expires: Fri, 23 Jan 2026 10:43:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 10:43:11 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600

Page title: 503 Service Temporarily Unavailable

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
</body>
</html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.18.64.21:443 · staging.tissottiming.com

2026-01-23 08:58

HTTP/1.1 403 Forbidden
Content-Length: 1148
Content-Type: text/html
Expires: Fri, 23 Jan 2026 08:58:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 08:58:16 GMT
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=21
Server-Timing: origin; dur=49
Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload
Server-Timing: ak_p; desc="1769158695963_34911051_252888216_7065_7094_12_14_-";dur=1

Page title: Web App - Unavailable

<!DOCTYPE html><html><head><title>Web App - Unavailable</title><style type="text/css">html{height:100%;width:100%;}#feature{width:960px;margin:95px auto 0 auto;overflow:auto;}#content{font-family:"Segoe UI";font-weight:normal;font-size:22px;color:#fff;float:left;width:460px;margin-top:68px;margin-left:0px;vertical-align:middle;}#content h1{font-family:"Segoe UI Light";color:#fff;font-weight:normal;font-size:60px;line-height:48pt;width:800px;}p a,p a:visited,p a:active,p a:hover{color:#fff;}</style></head><body bgcolor="#00abec"><div id="feature"><div id="content"><h1 id="unavailable">Error 403 - This web app is stopped.</h1><p id="tryAgain">The web app you have attempted to reach is currently stopped and does not accept any requests. Please try to reload the page or visit it again soon.</p><p id="toAdmin">If you are the web app administrator, please find the common 403 error scenarios and resolution <a href="https://go.microsoft.com/fwlink/?linkid=2095007" target="_blank">here</a>. For further troubleshooting tools and recommendations, please visit <a href="https://portal.azure.com/">Azure Portal</a>.</p></div></div></body></html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.18.64.21:443 · jhaspire.com

2026-01-21 18:31

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 362
Expires: Wed, 21 Jan 2026 18:31:03 GMT
Date: Wed, 21 Jan 2026 18:31:03 GMT
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;jhaspire&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;55b31402&#46;1769020263&#46;30181ad5
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;55b31402&#46;1769020263&#46;30181ad5</P>
</BODY>
</HTML>

Found 2026-01-21 by HttpPlugin

Create report

Open service 2.18.64.21:443 · jhgroupannuities.com

2026-01-21 18:31

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 370
Expires: Wed, 21 Jan 2026 18:31:03 GMT
Date: Wed, 21 Jan 2026 18:31:03 GMT
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;jhgroupannuities&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;56b31402&#46;1769020263&#46;6f4e8869
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;56b31402&#46;1769020263&#46;6f4e8869</P>
</BODY>
</HTML>

Found 2026-01-21 by HttpPlugin

Create report

Open service 2.18.64.21:443 · swanhill-api-uat.vmonline.com.au

2026-01-09 18:44

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Content-Length: 162
Expires: Fri, 09 Jan 2026 18:44:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 18:44:51 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600

Page title: 503 Service Temporarily Unavailable

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.21:443 · avantagescollaborateurs.vetinweb.fr

2026-01-09 14:53

HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 389
Expires: Fri, 09 Jan 2026 14:53:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 14:53:20 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Server-Timing: ak_p; desc="1767970400692_34911061_3450326607_10_4760_0_5_-";dur=1

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;avantagescollaborateurs&#46;vetinweb&#46;fr&#47;" on this server.<P>
Reference&#32;&#35;18&#46;55b31402&#46;1767970400&#46;cda7ce4f
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;55b31402&#46;1767970400&#46;cda7ce4f</P>
</BODY>
</HTML>

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.21:443 · staging.tissottiming.com

2026-01-09 09:56

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Akamai-Transformed: 9 5945 0 pmb=mRUM,2
Expires: Fri, 09 Jan 2026 09:57:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 09:57:01 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=22
Server-Timing: origin; dur=67
Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload
Server-Timing: ak_p; desc="1767952621409_34911061_3419472361_8910_6590_83_86_-";dur=1

Page title: Homepage | Tissot Timing

<!DOCTYPE html>
<html lang="en-us">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta content="IE=edge" http-equiv="X-UA-Compatible">
    <title>Homepage | Tissot Timing</title>
    <meta content="Tissot Timing homepage" name="description">
    <meta charset="UTF-8">
    <meta name="robots" content="noindex,nofollow">
    <meta name="keywords" content="timing tissot cycling" />
    <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' />


    <!-- Favicon
    –––––––––––––––––––––––––––––––––––––––––––––––––– -->
        <link rel="icon" type="image/png" href="/Content/images/favicon.png">
    
    <!--Fonts-->
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;600;700&display=swap" rel="stylesheet">

    <!-- Stylesheets-->
    <link rel="stylesheet" href="/Content2022/css/home.css">
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">



<script>(window.BOOMR_mq=window.BOOMR_mq||[]).push(["addVar",{"rua.upush":"false","rua.cpush":"false","rua.upre":"false","rua.cpre":"false","rua.uprl":"false","rua.cprl":"false","rua.cprf":"false","rua.trans":"","rua.cook":"false","rua.ims":"false","rua.ufprl":"false","rua.cfprl":"false","rua.isuxp":"false","rua.texp":"norulematch","rua.ceh":"false","rua.ueh":"false","rua.ieh.st":"0"}]);</script>
                              <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="TM3FK-VL5LP-4C5WM-9ZRFV-SRU5R",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"TM3FK-VL5LP-4C5WM-9ZRFV-SRU5R";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).get

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.21:443 · theriver979.com

2026-01-08 15:08

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Varnish: 111137552
x-abgroup: A
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-UA-Device: desktop
X-Device: desktop
X-Frame-Options: SAMEORIGIN
Date: Thu, 08 Jan 2026 15:08:33 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding
Akamai-GRN: 0.55b31402.1767884913.c6296074

Found 2026-01-08 by HttpPlugin

Create report

Open service 2.18.64.21:80 · theriver979.com

2026-01-08 15:08

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://theriver979.com/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 178
Date: Thu, 08 Jan 2026 15:09:13 GMT
Connection: close
Akamai-GRN: 0.55b31402.1767884953.c62ac990

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-08 by HttpPlugin