LeakIX - Host 20.119.16.27

Host 20.119.16.27

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443 tcp/80

restify

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: api.qa.finxpert.com
Port: 443
URL: https://api.qa.finxpert.com

First seen 2025-12-09 09:25
Last seen 2026-02-09 15:25
Open for 62 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 15:25
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: iti.s1s.app
Port: 443
URL: https://iti.s1s.app

First seen 2025-12-23 06:29
Last seen 2026-02-02 10:51
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-02-02 10:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: anderson.s1s.app
Port: 443
URL: https://anderson.s1s.app

First seen 2025-12-23 07:41
Last seen 2026-02-02 10:10
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-02-02 10:10
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.119.16.27
Domain: app.realtyprofit.io
Port: 443
URL: https://app.realtyprofit.io

First seen 2025-12-27 00:25
Last seen 2026-02-02 09:46
Open for 37 days

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e27ab80b7fffad714d5ac1cadec73dafeb4c3b3a17

GraphQL introspection enabled at /graphql/api
Types: 109 (by kind: ENUM: 4, INPUT_OBJECT: 29, INTERFACE: 1, OBJECT: 67, SCALAR: 8)
Operations:
- Query: Query | fields: defaultRainMaker, me, node, nodes, user
- Mutation: Mutation | fields: createUser, deleteUser, inviteClient, updateDefaultSalesRainMaker, updateUser
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-02-02 09:46

133.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37494041e2a25b50efcec6651fdddbcf08d130722

GraphQL introspection enabled at /graphql
Types: 109 (by kind: ENUM: 4, INPUT_OBJECT: 29, INTERFACE: 1, OBJECT: 67, SCALAR: 8)
Operations:
- Query: Query | fields: defaultRainMaker, me, node, nodes, user
- Mutation: Mutation | fields: createUser, deleteUser, inviteClient, updateDefaultSalesRainMaker, updateUser
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-23 05:36

133.9 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: dev.gaidge.com
Port: 443
URL: https://dev.gaidge.com

First seen 2025-10-21 20:19
Last seen 2026-02-02 09:24
Open for 103 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 09:24
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c29e6167af7bc015010f0441668989f60f10964a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/connect/authorize
GET /api/v1/connect/userinfo
GET /api/v1/locations
GET /api/v1/mmg/login
POST /api/v1/connect/token
```
  Found on 2026-01-23 11:19
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: edvance.s1s.app
Port: 443
URL: https://edvance.s1s.app

First seen 2026-01-08 04:02
Last seen 2026-02-02 06:28
Open for 25 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-02-02 06:28
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: staging.gaidge.com
Port: 443
URL: https://staging.gaidge.com

First seen 2025-12-27 15:01
Last seen 2026-02-02 01:57
Open for 36 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c29e6167af7bc015010f0441668989f60f10964a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/connect/authorize
GET /api/v1/connect/userinfo
GET /api/v1/locations
GET /api/v1/mmg/login
POST /api/v1/connect/token
```
  Found on 2026-02-02 01:57
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-29 23:49
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: api.benchlabonline.com
Port: 443
URL: https://api.benchlabonline.com

First seen 2025-12-28 06:38
Last seen 2026-02-01 22:21
Open for 35 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c09299a3b8d26cdab21e74dea2cf03a33fde9201
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/admin/institutions
GET /v1/admin/institutions/simple
GET /v1/admin/institutions/{id}
GET /v1/admin/menu-items
GET /v1/admin/menu-items/{id}
GET /v1/admin/permisos
GET /v1/admin/permisos/get-languages
GET /v1/admin/permisos/simple
GET /v1/admin/permisos/{id}
GET /v1/admin/users
GET /v1/admin/users/{id}
GET /v1/menu-items
GET /v1/menu-items/{menuItemId}/token
GET /v1/resources/categories
GET /v1/resources/documents
GET /v1/resources/news
GET /v1/usuarios/profile
POST /v1/NavigationHistory/CreateNavigationHistory
POST /v1/auth/login
POST /v1/auth/reset-password
POST /v1/auth/save-password
PUT /v1/admin/menu-items/{idMenu}
PUT /v1/usuarios/{id}
PUT /v1/usuarios/{id}/tyc
```
  Found on 2026-02-01 22:21
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: westcliff.sandbox2.s1s.app
Port: 443
URL: https://westcliff.sandbox2.s1s.app

First seen 2025-11-07 19:58
Last seen 2026-02-01 17:53
Open for 85 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-02-01 17:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: borgeswoodgrove-groceries-api.nonprodborges.com
Port: 443
URL: https://borgeswoodgrove-groceries-api.nonprodborges.com

First seen 2025-12-22 06:34
Last seen 2026-01-29 21:34
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60b0c31be0a5bfce6058e78bac8f22ca758f22ca75
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /Account
POST /JWT
POST /SendCode
POST /VerifyCode
```
  Found on 2026-01-29 21:34
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: qa.gaidge.com
Port: 443
URL: https://qa.gaidge.com

First seen 2025-12-27 15:41
Last seen 2026-01-23 15:17
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c29e6167af7bc015010f0441668989f60f10964a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/connect/authorize
GET /api/v1/connect/userinfo
GET /api/v1/locations
GET /api/v1/mmg/login
POST /api/v1/connect/token
```
  Found on 2026-01-23 15:17
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: demo.gaidge.com
Port: 443
URL: https://demo.gaidge.com

First seen 2025-12-27 14:51
Last seen 2026-01-23 15:16
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c29e6167af7bc015010f0441668989f60f10964a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/connect/authorize
GET /api/v1/connect/userinfo
GET /api/v1/locations
GET /api/v1/mmg/login
POST /api/v1/connect/token
```
  Found on 2026-01-23 15:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: adminsfs.cumberland.edu
Port: 443
URL: https://adminsfs.cumberland.edu

First seen 2025-10-16 17:21
Last seen 2026-01-23 14:00
Open for 98 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 14:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: news.baypay.com
Port: 443
URL: https://news.baypay.com

First seen 2026-01-10 08:26
Last seen 2026-01-23 12:56
Open for 13 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354950187d4d50187d4d50187d4d50187d4d50187d4d
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/GPTs/getNews
```
  Found on 2026-01-23 12:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: s1s.mikhailed.com
Port: 443
URL: https://s1s.mikhailed.com

First seen 2025-12-19 00:55
Last seen 2026-01-23 11:33
Open for 35 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 11:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: cumberland.s1s.app
Port: 443
URL: https://cumberland.s1s.app

First seen 2025-10-16 17:43
Last seen 2026-01-23 11:28
Open for 98 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 11:28
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-12-01 14:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: mikhail.s1s.app
Port: 443
URL: https://mikhail.s1s.app

First seen 2026-01-08 05:17
Last seen 2026-01-23 07:47
Open for 15 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 07:47
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: repsol.ars.synergipipeline.dnv.com
Port: 443
URL: https://repsol.ars.synergipipeline.dnv.com

First seen 2025-12-08 04:00
Last seen 2026-01-23 06:08
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d601398b1a0ec2600e4450649a91ebd648fb12e8e0c

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/results/Cleanup
DELETE /api/results/Cleanup/all
DELETE /api/results/Cleanup/confirm
DELETE /api/results/Cleanup/obsolete
DELETE /api/v1/Cleanup
DELETE /api/v1/Cleanup/all
DELETE /api/v1/Cleanup/confirm
DELETE /api/v1/Cleanup/obsolete
GET /api/AssessmentResultsService/formulafactors/{formulaId}
GET /api/AssessmentResultsService/groupnames/{modelName}
GET /api/AssessmentResultsService/keyproperties/{modelName}
GET /api/AssessmentResultsService/modelnames/{enumResultsType}
GET /api/AssessmentResultsService/modelnames_approvedresults/{enumResultsType}
GET /api/AssessmentResultsService/results/{resultId}
GET /api/AssessmentResultsService/results/{resultId}/payload/{payloadId}
GET /api/HealthMonitor
GET /api/HealthMonitor/configuration
GET /api/HealthMonitor/log
GET /api/HealthMonitor/state
GET /api/v1/AssessmentResultsService/formulafactors/{formulaId}
GET /api/v1/AssessmentResultsService/groupnames/{modelName}
GET /api/v1/AssessmentResultsService/keyproperties/{modelName}
GET /api/v1/AssessmentResultsService/modelnames/{enumResultsType}
GET /api/v1/AssessmentResultsService/modelnames_approvedresults/{enumResultsType}
GET /api/v1/AssessmentResultsService/results/{resultId}
GET /api/v1/AssessmentResultsService/results/{resultId}/payload/{payloadId}
GET /api/v1/HealthMonitor
GET /api/v1/HealthMonitor/configuration
GET /api/v1/HealthMonitor/log
GET /api/v1/HealthMonitor/state
POST /api/AssessmentResultsService/generatetoken
POST /api/AssessmentResultsService/results
POST /api/v1/AssessmentResultsService/generatetoken
POST /api/v1/AssessmentResultsService/results

Found on 2026-01-23 06:08

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: hedu.s1s.app
Port: 443
URL: https://hedu.s1s.app

First seen 2025-12-09 08:32
Last seen 2026-01-23 03:59
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 03:59
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: keytoscentral.ezsmartcard.io
Port: 443
URL: https://keytoscentral.ezsmartcard.io

First seen 2025-12-20 05:24
Last seen 2026-01-23 02:34
Open for 33 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549fa8422e8847d2b46c0c9b3db968bda8348f989a8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Deployer/DeleteSub
GET /api/Admin/GetCertOwners
GET /api/Admin/GetSubsInfo
GET /api/Deployer/GetExistingSub
GET /api/Deployer/GetSubsWithCerts
POST /api/Admin/AddBilling
POST /api/Admin/RegisterCert
POST /api/Admin/SaveCustomerInfo
POST /api/Admin/SaveOwners
POST /api/Deployer/CreateOrEditSub
POST /api/FaceID/DeleteIDInfo
POST /api/FaceID/GetIdentityResponse
POST /api/FaceID/GetVeriffIdentityResponse
POST /api/FaceID/PassBaseComplete
POST /api/FaceID/PassBaseResult
POST /api/FaceID/StartVeriff
POST /api/FaceID/VeriffIdentityWebhook
POST /api/FaceID/VeriffStarted
POST /api/SmartCard/ValidateFedexAddress
POST /api/Subscription/GetLatestExpiryDate
POST /api/Subscription/GetNewSubCertificate
POST /api/Subscription/ReRegisterCertificate
POST /api/Subscription/RenewSubCertificate
POST /api/Subscription/UpdateSubscriptionType
POST /api/Support/SubmitSupportReq

Found on 2026-01-23 02:34

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: staging-blue.gaidge.com
Port: 443
URL: https://staging-blue.gaidge.com

First seen 2026-01-02 09:52
Last seen 2026-01-23 01:59
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c29e6167af7bc015010f0441668989f60f10964a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/connect/authorize
GET /api/v1/connect/userinfo
GET /api/v1/locations
GET /api/v1/mmg/login
POST /api/v1/connect/token
```
  Found on 2026-01-23 01:59
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 06:24
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.119.16.27
Domain: app.realtyprofit.com
Port: 443
URL: https://app.realtyprofit.com

First seen 2025-12-27 00:39
Last seen 2026-01-23 01:45
Open for 27 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa37494041e2a25b50efcec6651fdddbcf08d130722
```
GraphQL introspection enabled at /graphql
Types: 109 (by kind: ENUM: 4, INPUT_OBJECT: 29, INTERFACE: 1, OBJECT: 67, SCALAR: 8)
Operations:
- Query: Query | fields: defaultRainMaker, me, node, nodes, user
- Mutation: Mutation | fields: createUser, deleteUser, inviteClient, updateDefaultSalesRainMaker, updateUser
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-23 01:45
  
  133.9 kBytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: s1s.algomau.ca
Port: 443
URL: https://s1s.algomau.ca

First seen 2025-12-25 03:42
Last seen 2026-01-23 00:50
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 00:50
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: admin.anderson.edu
Port: 443
URL: https://admin.anderson.edu

First seen 2025-12-21 00:06
Last seen 2026-01-23 00:49
Open for 33 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-23 00:49
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: delta.s1s.app
Port: 443
URL: https://delta.s1s.app

First seen 2026-01-08 04:07
Last seen 2026-01-19 07:21
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-19 07:21
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: facultyportal.mtcbr.com
Port: 443
URL: https://facultyportal.mtcbr.com

First seen 2026-01-10 04:12
Last seen 2026-01-16 15:30
Open for 6 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-16 15:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: app.dev.safemepro.com
Port: 443
URL: https://app.dev.safemepro.com

First seen 2025-12-20 15:59
Last seen 2026-01-16 12:16
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 12:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: buildoracleservice-dev.microsoft.com
Port: 443
URL: https://buildoracleservice-dev.microsoft.com

First seen 2025-10-18 23:05
Last seen 2025-10-21 00:31
Open for 2 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d603364fb3c353f3728a5a016505b0eb3ca1f7979a6

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/Admin/ApplyPendingMigrations
GET /api/v1/Admin/DataTest/StressTest/NewTrainingSet
GET /api/v1/Admin/DataTest/StressTest/OsTrainingSet
GET /api/v1/Admin/DeleteRedirectActions/{bugId}/{pullRequestId}
GET /api/v1/Admin/GetAllGuids
GET /api/v1/Admin/GetAppliedDbMigrations
GET /api/v1/Admin/GetPendingDbMigrations
GET /api/v1/Admin/GetPositiveUserVotes/{takeCount}
GET /api/v1/Admin/GetRecentCompletedJobs/{takeCount}
GET /api/v1/Admin/GetRecentCompletedPass3Jobs/{takeCount}
GET /api/v1/Admin/GetRecentFailedJobs/{takeCount}
GET /api/v1/Admin/GetRecentFailedPass3Jobs/{takeCount}
GET /api/v1/Admin/GetRecentRedirectActions/{takeCount}
GET /api/v1/Admin/GetRecentUserVotes/{takeCount}
GET /api/v1/Admin/GetTotalNumberOfCompletedJobs
GET /api/v1/Admin/InvalidatePass3Cache/{numDays}
GET /api/v1/Admin/RemoveBranchConfigEntry/{branch}
GET /api/v1/Admin/RemovePass3Jobs/{numDays}
GET /api/v1/Admin/RequeueWork
GET /api/v1/AdminOptions/AddBranchConfigRecord/{branch}
GET /api/v1/AdminOptions/GetAllAnalysisOptions
GET /api/v1/AdminOptions/GetAllScoringOptions
GET /api/v1/AdminOptions/GetBranchConfig/{branch}
GET /api/v1/AdminOptions/GetRawBranchConfig
GET /api/v1/AdminOptions/GetRawBranchConfig/{branch}
GET /api/v1/AdminOptions/SendAllEnabledBranchesListToKusto
GET /api/v1/AdminOptions/UpdateBranchAnalysisOptions/{branch}
GET /api/v1/AdminOptions/UpdateBranchScoringOptions/{branch}
GET /api/v1/Config/GetAllEnabledBranches
GET /api/v1/Config/IsEnabled/{branch}
GET /api/v1/PackageContainmentAnalysis/GetPackageContainmentAnalysisResult/{requestGuid}
GET /api/v1/Pass3Analysis/GetPass3AnalysisResult/{requestGuid}
GET /api/v1/PayloadSuspects/Feedback/RecordAction/{bugId}/{pullRequestId}
GET /api/v1/PayloadSuspects/Feedback/{bugId}/{pullRequestId}
GET /api/v1/PayloadSuspects/GetJobsByBugId
GET /api/v1/PayloadSuspects/GetPullRequestSuspects/{requestGuid}
GET /api/v1/PayloadSuspects/GetRequestInfoFromGuid/{guid}
GET /api/v1/PayloadSuspects/GetScoreValuesByBugId/{bugId}
GET /api/v1/PayloadSuspects/GetScoreValuesByPullRequestId/{pullRequestId}
GET /api/v1/ShippingFileAnalysis/GetShippingFileAnalysisResult/{requestGuid}
GET /api/v1/User/GetCurrentUserClaims
GET /api/v1/User/GetCurrentUserRoles
GET /api/v2/Pass3Analysis/GetPass3AnalysisResult/{requestGuid}
POST /api/v1/Admin/DataTest/ReplayJobsWithAlternateOptions
POST /api/v1/AdminOptions/AddBranchConfigRecord
POST /api/v1/AdminOptions/ChangeBranchBatchConfiguration
POST /api/v1/AdminOptions/DeleteBranchConfiguration
POST /api/v1/AdminOptions/GetOrAddAnalysisOptions
POST /api/v1/PackageContainmentAnalysis/GetPackageContainmentAnalysisToken
POST /api/v1/Pass3Analysis/GetPass3AnalysisToken
POST /api/v1/PayloadSuspects/GetPullRequestsSuspectsToken
POST /api/v1/PayloadSuspects/GetScoreValuesByBugId
POST /api/v1/PayloadSuspects/GetScoreValuesByPullRequestId
POST /api/v1/ShippingFileAnalysis/GetShippingFileAnalysisToken
POST /api/v2/Pass3Analysis/GetPass3AnalysisToken

Found on 2025-10-21 00:31

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.119.16.27
Domain: ptsdev-api.microsoft.com
Port: 443
URL: https://ptsdev-api.microsoft.com

First seen 2025-10-18 23:05
Last seen 2025-10-20 22:40
Open for 1 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d603364fb3c353f3728a5a016505b0eb3ca1f7979a6

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/Admin/ApplyPendingMigrations
GET /api/v1/Admin/DataTest/StressTest/NewTrainingSet
GET /api/v1/Admin/DataTest/StressTest/OsTrainingSet
GET /api/v1/Admin/DeleteRedirectActions/{bugId}/{pullRequestId}
GET /api/v1/Admin/GetAllGuids
GET /api/v1/Admin/GetAppliedDbMigrations
GET /api/v1/Admin/GetPendingDbMigrations
GET /api/v1/Admin/GetPositiveUserVotes/{takeCount}
GET /api/v1/Admin/GetRecentCompletedJobs/{takeCount}
GET /api/v1/Admin/GetRecentCompletedPass3Jobs/{takeCount}
GET /api/v1/Admin/GetRecentFailedJobs/{takeCount}
GET /api/v1/Admin/GetRecentFailedPass3Jobs/{takeCount}
GET /api/v1/Admin/GetRecentRedirectActions/{takeCount}
GET /api/v1/Admin/GetRecentUserVotes/{takeCount}
GET /api/v1/Admin/GetTotalNumberOfCompletedJobs
GET /api/v1/Admin/InvalidatePass3Cache/{numDays}
GET /api/v1/Admin/RemoveBranchConfigEntry/{branch}
GET /api/v1/Admin/RemovePass3Jobs/{numDays}
GET /api/v1/Admin/RequeueWork
GET /api/v1/AdminOptions/AddBranchConfigRecord/{branch}
GET /api/v1/AdminOptions/GetAllAnalysisOptions
GET /api/v1/AdminOptions/GetAllScoringOptions
GET /api/v1/AdminOptions/GetBranchConfig/{branch}
GET /api/v1/AdminOptions/GetRawBranchConfig
GET /api/v1/AdminOptions/GetRawBranchConfig/{branch}
GET /api/v1/AdminOptions/SendAllEnabledBranchesListToKusto
GET /api/v1/AdminOptions/UpdateBranchAnalysisOptions/{branch}
GET /api/v1/AdminOptions/UpdateBranchScoringOptions/{branch}
GET /api/v1/Config/GetAllEnabledBranches
GET /api/v1/Config/IsEnabled/{branch}
GET /api/v1/PackageContainmentAnalysis/GetPackageContainmentAnalysisResult/{requestGuid}
GET /api/v1/Pass3Analysis/GetPass3AnalysisResult/{requestGuid}
GET /api/v1/PayloadSuspects/Feedback/RecordAction/{bugId}/{pullRequestId}
GET /api/v1/PayloadSuspects/Feedback/{bugId}/{pullRequestId}
GET /api/v1/PayloadSuspects/GetJobsByBugId
GET /api/v1/PayloadSuspects/GetPullRequestSuspects/{requestGuid}
GET /api/v1/PayloadSuspects/GetRequestInfoFromGuid/{guid}
GET /api/v1/PayloadSuspects/GetScoreValuesByBugId/{bugId}
GET /api/v1/PayloadSuspects/GetScoreValuesByPullRequestId/{pullRequestId}
GET /api/v1/ShippingFileAnalysis/GetShippingFileAnalysisResult/{requestGuid}
GET /api/v1/User/GetCurrentUserClaims
GET /api/v1/User/GetCurrentUserRoles
GET /api/v2/Pass3Analysis/GetPass3AnalysisResult/{requestGuid}
POST /api/v1/Admin/DataTest/ReplayJobsWithAlternateOptions
POST /api/v1/AdminOptions/AddBranchConfigRecord
POST /api/v1/AdminOptions/ChangeBranchBatchConfiguration
POST /api/v1/AdminOptions/DeleteBranchConfiguration
POST /api/v1/AdminOptions/GetOrAddAnalysisOptions
POST /api/v1/PackageContainmentAnalysis/GetPackageContainmentAnalysisToken
POST /api/v1/Pass3Analysis/GetPass3AnalysisToken
POST /api/v1/PayloadSuspects/GetPullRequestsSuspectsToken
POST /api/v1/PayloadSuspects/GetScoreValuesByBugId
POST /api/v1/PayloadSuspects/GetScoreValuesByPullRequestId
POST /api/v1/ShippingFileAnalysis/GetShippingFileAnalysisToken
POST /api/v2/Pass3Analysis/GetPass3AnalysisToken

Found on 2025-10-20 22:40

Create report

Open service 20.119.16.27:443 · westcliff.sandbox2.s1s.app

2026-02-01 17:53

HTTP/1.1 200 OK
Content-Length: 3989
Connection: close
Content-Type: text/html
Date: Sun, 01 Feb 2026 17:53:44 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, OPTIONS
Cache-Control: public, must-revalidate, max-age=30
ETag: "18088619"
Last-Modified: Fri, 30 Jan 2026 03:01:54 GMT
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Powered-By: Express
X-Powered-By: ASP.NET
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
x-dns-prefetch-control: off
x-azure-ref: 20260201T175344Z-15bd76667d5k7srdhC1BL19tqn0000000m300000000090dv
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_MISS
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;

Page title: Student First Admin

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />

    <title>Student First Admin</title>

    <base href="/" />
    <link href="css/bootstrap/bootstrap.min.css?v=26.04" rel="stylesheet" />
    <link href="css/app.css?v=26.04" rel="stylesheet" />
    <link href="GlobalEdTech.Sis.WebApp.SPA.styles.css?v=26.04" rel="stylesheet" />
    <link href="css/studentfirst.css?v=26.04" rel="stylesheet" />
    <link href="https://unpkg.com/swagger-ui-dist/swagger-ui.css" rel="stylesheet" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
    <link rel="icon" type="image/png" href="favicon.png" />
    <!--<link rel="manifest" href="/site.webmanifest">-->
    <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">

    <link rel="stylesheet" href="https://unpkg.com/@progress/kendo-font-icons/dist/index.css" />
    <meta name="msapplication-TileColor" content="#da532c">
    <meta name="theme-color" content="#ffffff">

</head>

<body>
    <div id="app">
        <svg class="loading-progress">
            <circle r="40%" cx="50%" cy="50%" />
            <circle r="40%" cx="50%" cy="50%" />
        </svg>
        <div class="loading-progress-text"></div>
    </div>

    <div id="blazor-error-ui">
        <div class="error-content">
            <div class="error-icon">⚠️</div>
            <div class="error-title" data-localize="ERROR_TITLE">Something went wrong</div>
            <div class="error-message" data-localize="ERROR_MESSAGE">The Student First system encountered an issue. Please refresh the page to continue.</div>
            <div class="error-actions">
                <a href="" class="reload" data-localize="REFRESH_PAGE">Refresh Page</a>
                <a class="dismiss">✕</a>
            </div>
        </div>
    </div>

    <script>
        // Conditionally hide blazor-error-ui based on URL
        (function() {
            const currentUrl = window.location.href.toLowerCase();
            const isDevelopment = currentUrl.includes('localhost') || currentUrl.includes('studentfirst.dev');
            
            if (!isDevelopment) {
                const errorUi = document.getElementById('blazor-error-ui');
                if (errorUi) {
                    errorUi.style.display = 'none';
                    // Also prevent it from being shown by adding a CSS class override
                    const style = document.createElement('style');
                    style.textContent = '#blazor-error-ui { display: none !important; }';
                    document.head.appendChild(style);
                }
            }            
        })();
    </script>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js?v=26.04"></script>
    <script src="https://kendo.cdn.telerik.com/2025.1.227/js/kendo.all.min.js?v=26.04"></script>
    <script src="https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.js"></script>
    <script src="https://unpkg.com/swagger-ui-dist/swagger-ui-standalone-preset.js"></script>

    <script src="_content/Telerik.UI.for.Blazor/js/telerik-blazor.js?v=26.04"></script>
    <script src="_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js?v=26.04"></script>
    <script src="_framework/blazor.webassembly.js?v=26.04"></script>

    <script src="js/kendo-ui-license (1).js"></script>
    <script src="js/error-localization.js?v=26.04" charset="utf-8"></script>
    <script src="js/app.js?v=26.04"></script>
    <script src="js/scriptLoader.js?v=26.04"></script>
    <script src="js/go.js?v=26.04"></script>
    <script src="js/gojs-scripts.js?v=26.04"></script>
    <script src="js/kendo-script-workflow.js?v=26.04"></script>
    <script src="https://kit.fontawesome.com/4e6292f6e8.js?v=26.04" crossorigin="anonymous"></script>
    <script src="_content/Telerik.ReportViewer.Blazor/interop.js?v=26.04" defer></script>
</body>
</html>

Found 2026-02-01 by HttpPlugin