LeakIX - Host 20.40.202.29

Host 20.40.202.29

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Debian

Software information

Kestrel Kestrel

tcp/443 tcp/80

gunicorn

tcp/443

nginx nginx

tcp/443 tcp/80

nginx nginx 1.28.0

tcp/443

nginx nginx 1.27.5

tcp/443

nginx nginx 1.24.0

tcp/443

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: backend-nexus-kd.az.nexusradix.com
Port: 443
URL: https://backend-nexus-kd.az.nexusradix.com

First seen 2025-12-09 09:26
Last seen 2026-02-09 19:32
Open for 62 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6010ac055b355e40cc9311f177917c4fe8892dfb8c

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/Category/GetByKnowledgeArea
GET /api/v1/KnowledgeArea
GET /api/v1/KnowledgeItem
GET /api/v1/KnowledgeItem/GetOwnerUsers
GET /api/v1/Tag/GetByKnowledgeArea
PATCH /api/v1/Document/Link
POST /api/v1/Document
POST /api/v1/Document/LogAccess
POST /api/v1/Document/download
POST /api/v1/KnowledgeItem/GetAll
POST /api/v1/KnowledgeItem/links

Found on 2026-02-09 19:32

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d604db0250dd5cb48d80718dad5ba0beebe94c92ed9

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/KnowledgeArea
GET /api/v1/KnowledgeItem
GET /api/v1/KnowledgeItem/GetOwnerUsers
GET /api/v1/Tag/GetByKnowledgeArea
PATCH /api/v1/Document/Link
POST /api/v1/Document
POST /api/v1/Document/LogAccess
POST /api/v1/Document/download
POST /api/v1/KnowledgeItem/GetAll
POST /api/v1/KnowledgeItem/links

Found on 2026-01-23 05:42

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d604db0250dd5cb48d80718dad5ba0beebefbf0df9f

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/KnowledgeArea
GET /api/v1/KnowledgeItem
GET /api/v1/KnowledgeItem/GetOwnerUsers
GET /api/v1/Tag/GetByKnowledgeArea
POST /api/v1/Document
POST /api/v1/Document/download
POST /api/v1/KnowledgeItem/GetAll
POST /api/v1/KnowledgeItem/links

Found on 2025-12-09 09:26

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: mobileapi.familycentral.com
Port: 443
URL: https://mobileapi.familycentral.com

First seen 2025-12-19 03:10
Last seen 2026-02-09 18:00
Open for 52 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 18:00

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549fd8b4ce882ef91664106238d5d79294417ab56ac

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Calendar/DeleteLifeEvent/{id}
DELETE /api/FCProfessional/DeletePendingInvites/{id}
DELETE /api/FCProfessional/DeleteUploadLogo/{FileName}
DELETE /api/Family/CancelInvite/{id}
DELETE /api/Family/DeleteFamilyMember/{id}
DELETE /api/Family/DeleteFolder/{id}
DELETE /api/Files/DeleteShareToOther/{id}
DELETE /api/Files/ShareV2/{id}
DELETE /api/Users/Background
GET /api/BasicEmergencyKit
GET /api/BurialChecklist
GET /api/Calendar/CalendarEvents
GET /api/Calendar/LifeEventTypes
GET /api/CommuterPlans
GET /api/Contact/{id}
GET /api/CremationChecklist
GET /api/DigitalAssistant/DigitalAssistantFilters
GET /api/DigitalAssistant/DigitalAssistants
GET /api/Emergency
GET /api/Emergency/GetAlergies
GET /api/Emergency/GetMedicalConditions
GET /api/Emergency/GetMedications
GET /api/Emergency/HealthInfo/{id}
GET /api/Emergency/HealthInfos
GET /api/EmergencyNumbers/countries
GET /api/EmergencyNumbers/display/{country}
GET /api/EmergencyPlans
GET /api/EmergencySuppliesList
GET /api/Executor/FileUploadRequestAccessCode/{id}
GET /api/Executor/GetExecutorExistsStatus/{id}
GET /api/Executor/GetExecutorInfo
GET /api/Executor/GetFile/{id}
GET /api/Executor/GetRecipients/{id}
GET /api/FCProfessional/Clientupdates/{id}
GET /api/FCProfessional/Customer/{id}
GET /api/FCProfessional/Customers
GET /api/FCProfessional/DocumentRepoFiles/{id}
GET /api/FCProfessional/GetClientnotsubscribed/{id}
GET /api/FCProfessional/GetEmailTemplate
GET /api/FCProfessional/GetFCProfessionalInfo
GET /api/FCProfessional/GetFcAdvisorTypes
GET /api/FCProfessional/GetPendingInvitesByCustomer
GET /api/FCProfessional/GetPendingInvitesByProfessional
GET /api/FCProfessional/Invite/{id}
GET /api/FCProfessional/IsFileView
GET /api/FCProfessional/PendingEmailRequest/{SenderEmail}/{ReciverEmail}/{EmailBody}
GET /api/FCProfessional/ProfessionalList/{userId}
GET /api/FCProfessional/SMSRequest/{SMSuserId}/{SMSBody}/{familyId}
GET /api/FCProfessional/SummaryClientInteraction/{id}
GET /api/FCProfessional/TPACustomEmailTempletes
GET /api/FCProfessional/TPACustomEmailTempletesSelected/{TempletType}
GET /api/FCProfessional/TPAFileShare/{Id}/{userID}/{FamilyId}
GET /api/FCProfessional/TPATodolist/{Id}
GET /api/FCProfessional/TPAcalenderEvent/{Id}
GET /api/FCProfessional/TPAclientnote/{id}
GET /api/FCProfessional/UserProfile/{Id}/{familyid}
GET /api/Family/Folders
GET /api/Family/Invite/{id}
GET /api/Family/Members
GET /api/Family/Roles
GET /api/Family/SubFolders/{folderId}/{userId}
GET /api/Family/Users
GET /api/FamilyNotes/Download/{id}
GET /api/FamilyNotes/{id}/{userId}
GET /api/Files/GetFileLinkStatus/{id}
GET /api/Files/GetFileShareLink/{id}
GET /api/Files/GetVideoCatagory
GET /api/Files/ImportFile/{Id}
GET /api/Files/SasLink/{id}
GET /api/Files/SasLink/{id}/{token}
GET /api/Files/securelink/{id}
GET /api/Files/v2/{id}
GET /api/Files/{id}
GET /api/Location/family
GET /api/Manage/Profile
GET /api/MedicalContact/{id}
GET /api/NewsLetter/GetAllNewsLetterSignUpUsers
GET /api/PasswordManager/GetAll/{id}
GET /api/PasswordManager/{id}
GET /api/PciSubscription/GetDiscounts
GET /api/PciSubscription/GetTransactions
GET /api/PciSubscription/GetTransactionsByID
GET /api/Seclusion/AccessCode
GET /api/SignalR/SendNotification/{message}
GET /api/Subscription/GetSubscription/{email}
GET /api/ToDoList/ToDoListCustomGroup
GET /api/ToDoList/ToDoListGroup
GET /api/ToDoList/ToDoSubTaskList/{taskId}
GET /api/ToDoList/ToDoTaskList
GET /api/Users/AutoValidateEmail/{interactionId}/{emailId}
GET /api/Users/AutoValidatePhone/{interactionId}/{phone}
GET /api/Users/CheckValidPromoCodeLink/{promocode}
GET /api/Users/Features
GET /api/Users/GetBusinessRules
GET /api/Users/GetCommunicationToken
GET /api/Users/GetTrustedProfessional
GET /api/Users/GetUserDataIfExists
GET /api/Users/GetUserInfo
GET /api/Users/GetUserReferrals
GET /api/Users/GetUserUpdates
GET /api/Users/Initialize
GET /api/Users/PreviewEmailTemplate/{templateId}
GET /api/Users/ValidateEmail
GET /api/Users/ValidateEmail/{interactionId}/{emailId}
GET /api/Users/ValidatePhone/{interactionId}/{phone}
GET /api/Users/refer
GET /api/WeatherForecast/current
GET /api/WeatherForecast/future
PATCH /api/FamilyNotes/RenameFamilyNote
PATCH /api/Files/RenameFile
PATCH /api/Files/RenameFolder
POST /api/AppleSubscription
POST /api/Calendar/AddCalendarEvent
POST /api/Calendar/AddLifeEvent
POST /api/Calendar/GetCustomCalendarEvent
POST /api/Contact
POST /api/ContactMessage
POST /api/DigitalAssistant/FilterDigitalAssistants
POST /api/DigitalAssistant/StateInfo
POST /api/Emergency/HealthInfo
POST /api/Executor/AcceptInvite
POST /api/Executor/AccessCodeValidate
POST /api/Executor/DeclineInvite
POST /api/Executor/GetDeathFiles
POST /api/Executor/GetFilesWithPagination
POST /api/Executor/OpenFileUpload
POST /api/Executor/v2
POST /api/FCProfessional/AcceptInvite
POST /api/FCProfessional/ActionComplete/{Id}
POST /api/FCProfessional/AddFCProfessional
POST /api/FCProfessional/CustomEmailRequests
POST /api/FCProfessional/Customer
POST /api/FCProfessional/CustomerWithFile
POST /api/FCProfessional/CustomerWithFileWithInvite
POST /api/FCProfessional/DeleteUserClient
POST /api/FCProfessional/DocumentRepositoryFileShareUpload
POST /api/FCProfessional/DocumentRepositoryFileUpload
POST /api/FCProfessional/FileViewed
POST /api/FCProfessional/InviteCustomer
POST /api/FCProfessional/Notifications
POST /api/FCProfessional/PendingInvitesUpdate
POST /api/FCProfessional/RejectInvite
POST /api/FCProfessional/TPACreateSubscription
POST /api/FCProfessional/TPAEmailValidations
POST /api/FCProfessional/TPAFileShare
POST /api/FCProfessional/TPASavePciSubscription
POST /api/FCProfessional/TPASavePciTransaction
POST /api/FCProfessional/TPATodolist
POST /api/FCProfessional/TPAUpdateSubscription
POST /api/FCProfessional/TPAcalenderEvent
POST /api/FCProfessional/TPAclientnote
POST /api/FCProfessional/Upload
POST /api/FCProfessional/UploadLogo
POST /api/FCProfessional/UserToProfessionalInvite
POST /api/FCProfessional/fileStatus
POST /api/Family/AddFolder
POST /api/Family/InviteMember
POST /api/FamilyNotes
POST /api/Files
POST /api/Files/FileUploadRequest
POST /api/Files/GetAllFiles
POST /api/Files/GetAllFilesWithPagination
POST /api/Files/GetAllPhotos
POST /api/Files/GetAllPhotosWithPagination
POST /api/Files/MoveFile
POST /api/Files/SaveFile
POST /api/Files/SecureFileAccess
POST /api/Files/SecureFileShare
POST /api/Files/ShareSecureLink
POST /api/Files/ShareToOther
POST /api/Files/ShareToRole
POST /api/Files/ShareToUser
POST /api/Files/ShareToUsers
POST /api/Files/Update
POST /api/Files/v2
POST /api/Files/v4
POST /api/Manage/CancelSubscription
POST /api/Manage/ChangeFamilyOwner
POST /api/Manage/Confidante
POST /api/Manage/EmergencyContact
POST /api/Manage/ToggleTwoFactor
POST /api/Manage/UpdateAddOns
POST /api/Manage/UpdateFamilyMember
POST /api/Manage/UpdatePassword
POST /api/Manage/UpdatePreferences
POST /api/Manage/UpdateProfile
POST /api/Manage/UpdateSubscription
POST /api/MedicalContact
POST /api/NewsLetter/NewsLetterUserSignUp
POST /api/PasswordManager
POST /api/PciSubscription/GetPciSubscriptionToken
POST /api/PciSubscription/SavePciSubscription
POST /api/PciSubscription/SavePciTransactions
POST /api/Seclusion/AccessCodeValidate
POST /api/Subscription/CancelSubscription
POST /api/Subscription/CreateDiscountPromoCode
POST /api/Subscription/CreateSubscription
POST /api/ToDoList/AddToDo
POST /api/ToDoList/CompleteToDo
POST /api/ToDoList/DeleteToDos
POST /api/Users/Add
POST /api/Users/Authenticate
POST /api/Users/CoverPhoto
POST /api/Users/DeleteUser
POST /api/Users/Email/Validate
POST /api/Users/GetReferredData
POST /api/Users/Phone/Validate
POST /api/Users/ProfilePhoto
POST /api/Users/SaveUnSubscriptionReasons
POST /api/Users/SwitchTenant
POST /api/Users/UpdateBackground
POST /api/Users/UserActivityTracker
POST /api/Users/ValidateZip
POST /api/Users/referUser
POST /api/Users/refersend
PUT /api/BasicEmergencyKit/{id}
PUT /api/BurialChecklist/{id}
PUT /api/Calendar/UpdateLifeEvent/{id}
PUT /api/Calendar/{id}
PUT /api/CommuterPlans/{id}
PUT /api/CremationChecklist/{id}
PUT /api/EmergencyPlans/{id}
PUT /api/EmergencySuppliesList/{id}
PUT /api/FCProfessional/TPATodolistIsCompleted
PUT /api/FCProfessional/UpdateCalenderEvent
PUT /api/FamilyNotes/{id}
PUT /api/Files/UpdateMetadata
PUT /api/Manage/Confidante/{id}
PUT /api/Manage/EmergencyContact/{id}
PUT /api/NewsLetter/NewsLetterUserEmailConfirmation/{id}
PUT /api/ToDoList/{id}

Found on 2026-01-02 17:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: architecture-operator.az.nexusradix.com
Port: 443
URL: https://architecture-operator.az.nexusradix.com

First seen 2025-12-27 05:00
Last seen 2026-02-09 17:33
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a1669808a1669808a1669808a1669808a1
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
```
  Found on 2026-02-09 17:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysprebillergateway.alpha-cr.com
Port: 443
URL: https://ichtysprebillergateway.alpha-cr.com

First seen 2025-12-07 04:41
Last seen 2026-02-09 17:12
Open for 64 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 17:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: report-operator.az.nexusradix.com
Port: 443
URL: https://report-operator.az.nexusradix.com

First seen 2026-01-13 05:37
Last seen 2026-02-09 16:26
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d603031adaa81c9a6984254d54c89c3708289c37082
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /SonarQubeReports/GetSonarReport
GET /robots.txt
POST /SonarQubeReports/GenerateReport
POST /SonarQubeReports/GetComparativeAnalyses
```
  Found on 2026-02-09 16:26
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: assistant-request-tracking.nexus.radixeng.com
Port: 443
URL: https://assistant-request-tracking.nexus.radixeng.com

First seen 2025-12-27 03:19
Last seen 2026-02-09 16:12
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 16:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: service-alert.nexus.radixeng.com
Port: 443
URL: https://service-alert.nexus.radixeng.com

First seen 2025-12-02 16:48
Last seen 2026-02-09 15:23
Open for 68 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a164fd6eb564fd6eb564fd6eb564fd6eb5
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
GET /robots.txt
```
  Found on 2026-02-09 15:23
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: service-quality-nexus-ia.az.nexusradix.com
Port: 443
URL: https://service-quality-nexus-ia.az.nexusradix.com

First seen 2025-12-27 05:55
Last seen 2026-02-09 14:53
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354984a0820277baad3234c1fc194cad2bde7f443932
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /code-healer/deleteAnalysis
DELETE /code-tester/deleteProcessedTests
GET /code-healer/file-result-url
GET /code-healer/list
GET /code-tester/file-result-url
GET /code-tester/list
GET /robots.txt
POST /code-healer/change-preference/repository
```
  Found on 2026-02-09 14:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: assistant-request-resource.nexus.radixeng.com
Port: 443
URL: https://assistant-request-resource.nexus.radixeng.com

First seen 2026-01-12 23:31
Last seen 2026-02-02 12:51
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 12:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: assistant-operator-jira.nexus.radixeng.com
Port: 443
URL: https://assistant-operator-jira.nexus.radixeng.com

First seen 2026-01-12 23:31
Last seen 2026-02-02 12:51
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a164fd6eb564fd6eb564fd6eb564fd6eb5
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
GET /robots.txt
```
  Found on 2026-02-02 12:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysprovideraggregator.alpha-cr.com
Port: 443
URL: https://ichtysprovideraggregator.alpha-cr.com

First seen 2026-01-13 05:30
Last seen 2026-02-02 12:49
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc422683b1c70e99343e26701dd9c8c73aa
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /providers/medicalservices/{ProviderMedicalServiceId}
GET /providers/pricelist/{ProviderPriceListId}/clone
GET /providers/pricelists/{ProviderPriceListId}
GET /providers/{ProviderId}/medicalservices
GET /providers/{ProviderId}/pricelists
GET /providers/{ProviderId}/pricelists/{PriceListId}
POST /providers/medicalservices
POST /providers/pricelist
```
  Found on 2026-02-02 12:49
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: api.blapr.com.br
Port: 443
URL: https://api.blapr.com.br

First seen 2026-01-12 12:48
Last seen 2026-02-02 11:37
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 11:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: demosrtportal.p360.app
Port: 443
URL: https://demosrtportal.p360.app

First seen 2026-01-13 06:48
Last seen 2026-02-02 02:46
Open for 19 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-02-02 02:46
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysmedicalinsurance.alpha-cr.com
Port: 443
URL: https://ichtysmedicalinsurance.alpha-cr.com

First seen 2026-01-12 18:19
Last seen 2026-02-02 00:48
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc42649e03022f5962edcb164a5262175cd
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /medicalinsurance
GET /medicalinsurance/plans/{planId}
GET /medicalinsurance/{medicalInsuranceId}
GET /medicalinsurance/{medicalInsuranceId}/plans
POST /medicalinsurance/disableagreements
POST /medicalinsurance/enableagreements
POST /medicalinsurance/plans
```
  Found on 2026-02-02 00:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtystenantpricelist.alpha-cr.com
Port: 443
URL: https://ichtystenantpricelist.alpha-cr.com

First seen 2026-01-12 18:47
Last seen 2026-02-02 00:48
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc474cb45550acbd5e30d433a8bb583695a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /tenantpricelists
GET /tenantpricelists/active
GET /tenantpricelists/{TenantPriceListId}
PUT /tenantpricelists/{TenantPriceListId}/validityend
PUT /tenantpricelists/{TenantPriceListId}/validitystart
```
  Found on 2026-02-02 00:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyssnowmed.alpha-cr.com
Port: 443
URL: https://ichtyssnowmed.alpha-cr.com

First seen 2025-12-07 10:19
Last seen 2026-02-01 22:28
Open for 56 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c32cc0a74557ba204557ba204557ba204557ba20
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /SearchByExpression/{expression}/{term}
GET /SearchInConcept/{conceptId}/{term}
```
  Found on 2026-02-01 22:28
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysprebillerprotocols.alpha-cr.com
Port: 443
URL: https://ichtysprebillerprotocols.alpha-cr.com

First seen 2026-01-13 05:29
Last seen 2026-01-23 15:36
Open for 10 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494b47c58ff8980400f2ed18dcf776f06fba7f443a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /consumers
GET /consumers/{consumerId}/services
GET /consumers/{id}
GET /info
GET /practitioners/consumptions/sync/{PractitionerConsumptionSyncProcessId}
GET /practitioners/consumptions/{PractitionerConsumptionId}
GET /practitioners/{PractitionerId}/consumptions
GET /practitioners/{PractitionerId}/consumptions/status/{status}
GET /practitioners/{PractitionerId}/consumptions/sync
GET /practitioners/{PractitionerId}/consumptions/sync/last
GET /practitioners/{practitionerId}/consumptions/export
GET /protocols
GET /protocols/consumptions/movements/{ServiceConsumedMovementId}
GET /protocols/consumptions/provider/{ProviderId}
GET /protocols/consumptions/sync/{ProtocolConsumptionSyncProcessId}
GET /protocols/consumptions/visit/totals/{VisitTotalId}
GET /protocols/consumptions/visit/{ProtocolVisitId}/totals
GET /protocols/consumptions/visit/{visitId}
GET /protocols/consumptions/{ProtocolConsumptionId}
GET /protocols/consumptions/{ProtocolConsumptionId}/movements
GET /protocols/contracts/{ProtocolContractId}
GET /protocols/patients
GET /protocols/practitioners/{PractitionerId}/visits
GET /protocols/practitioners/{PractitionerId}/visits/excel
GET /protocols/practitioners/{PractitionerId}/visits/pdf
GET /protocols/studytasks
GET /protocols/studytasks/{StudyTaskId}
GET /protocols/visits/{VisitId}
GET /protocols/{ProtocolId}
GET /protocols/{ProtocolId}/consumptions
GET /protocols/{ProtocolId}/consumptions/export
GET /protocols/{ProtocolId}/consumptions/stage/{StageId}
GET /protocols/{ProtocolId}/consumptions/status/{StatusId}
GET /protocols/{ProtocolId}/consumptions/sync
GET /protocols/{ProtocolId}/consumptions/sync/last
GET /protocols/{ProtocolId}/consumptions/totals
GET /protocols/{ProtocolId}/consumptions/visit
GET /protocols/{ProtocolId}/consumptions/visit/{stageId}
GET /protocols/{ProtocolId}/consumptions/withholding
GET /protocols/{ProtocolId}/contracts
GET /protocols/{ProtocolId}/patients
GET /protocols/{ProtocolId}/patients/{MedicalRecordNumber}
GET /protocols/{ProtocolId}/patients/{NumberInProtocol}
GET /protocols/{ProtocolId}/practitioners
GET /protocols/{ProtocolId}/practitioners/{PractitionerId}
GET /protocols/{ProtocolId}/practitioners/{PractitionerId}/visits
GET /protocols/{ProtocolId}/practitionersStudyTasks
GET /protocols/{ProtocolId}/practitionersStudyTasks/{PractitionerId}
GET /protocols/{ProtocolId}/sponsorId
GET /protocols/{ProtocolId}/visits
GET /protocols/{ProtocolId}/visits-full
GET /protocols/{ProtocolId}/visits/excel
GET /protocols/{protocolId}/visits/{crossVersionId}/patient/{numberInProtocol}/concepts
GET /service-categories
GET /service-categories/{id}
GET /services
GET /services/{id}
GET /visits/export
GET /visits/patient/{PatientId}
GET /visits/protocol/{ProtocolId}
GET /visits/{PatientVisitId}
PATCH /practitioners/consumptions/unlink-settlement/{SettlementId}
PATCH /practitioners/consumptions/{PractitionerConsumptionId}/link-settlement
PATCH /practitioners/consumptions/{PractitionerConsumptionId}/practitioner/{practitionerId}
PATCH /practitioners/consumptions/{ProtocolConsumptionId}/amount
PATCH /practitioners/consumptions/{ProtocolConsumptionId}/type/{newType}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/additional
PATCH /protocols/consumptions/{ProtocolConsumptionId}/amount
PATCH /protocols/consumptions/{ProtocolConsumptionId}/concept/{ConceptId}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/medicalService/{MedicalServiceId}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/procedure
PATCH /protocols/consumptions/{ProtocolConsumptionId}/producer/{ProducerId}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/provider/{ProviderId}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/type/{newType}
PATCH /protocols/consumptions/{ProtocolConsumptionId}/visit/{StageId}
POST /practitioners/consumptions
POST /practitioners/consumptions/sync
POST /protocols/consumptions
POST /protocols/consumptions/movements
POST /protocols/consumptions/sync
POST /protocols/consumptions/visit
POST /protocols/consumptions/visit/totals
POST /protocols/consumptions/{ConsumptionId}/visit/{ConsumptionVisitId}/link
POST /protocols/consumptions/{ConsumptionId}/visit/{ConsumptionVisitId}/unlink
POST /protocols/contracts

Found on 2026-01-23 15:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyssettlement.alpha-cr.com
Port: 443
URL: https://ichtyssettlement.alpha-cr.com

First seen 2026-01-13 05:29
Last seen 2026-01-23 15:33
Open for 10 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d807de2171428b09f3889c47074a218cbe47adc7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /contract/settlements/{associationId}
DELETE /medicalagreements/settlements/{ContractSettlementId}
GET /Practitioners/settlements/{PractitionerSettlementId}
GET /Practitioners/{PractitionerId}/settlements
GET /Sponsors/settlements/{SponsorSettlementId}
GET /Sponsors/{SponsorId}/settlements
GET /contract/settlements/{ContractSettlementId}
GET /contract/{ContractID}/settlements
GET /info
GET /medicalagreements/settlements/{AgreementSettlementId}
GET /medicalagreements/{agreementId}/settlements
GET /protocol/settlements/{ProtocolSettlementId}
GET /protocol/{ProtocolId}/patients
GET /protocol/{ProtocolId}/settlements
GET /settlements
GET /settlements/concepts/{SettlementConceptId}
GET /settlements/debts/{SettlementDebtId}
GET /settlements/details/concept-values/{ConceptValueId}
GET /settlements/details/{DetailId}/concept-values
GET /settlements/details/{SettlementDetailId}
GET /settlements/resumes/{SettlementResumeId}
GET /settlements/{SettlementId}
GET /settlements/{SettlementId}/concepts
GET /settlements/{SettlementId}/debts
GET /settlements/{SettlementId}/details
GET /settlements/{SettlementId}/resumes
PATCH /settlements/details/exclude/{excludeStatus}
PATCH /settlements/details/{SettlementDetailId}/exclude/{excludeStatus}
PATCH /settlements/details/{SettlementDetailId}/markok/{Status}
PATCH /settlements/details/{SettlementDetailId}/marktoreview/{Status}
POST /Practitioners/settlements
POST /Sponsors/settlements
POST /contract/settlements
POST /medicalagreements/settlements
POST /protocol/settlements
POST /settlements/concepts
POST /settlements/details
POST /settlements/details/concept-values
POST /settlements/resumes

Found on 2026-01-23 15:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: service-project-credential.az.nexusradix.com
Port: 443
URL: https://service-project-credential.az.nexusradix.com

First seen 2026-01-13 09:25
Last seen 2026-01-23 13:41
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549aa384bbe05f3161cd949c7d5670160288c4ca576
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /credential/delete
GET /credential/automation
GET /credential/getCredentials
GET /credential/validate
GET /robots.txt
POST /credential/create
PUT /credential/update
```
  Found on 2026-01-23 13:41
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyspricelists.alpha-cr.com
Port: 443
URL: https://ichtyspricelists.alpha-cr.com

First seen 2025-12-06 10:55
Last seen 2026-01-23 11:42
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549ad2af78c2b860ab9cf1e5122ee3696d47c6c6493
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /PriceList/details/{PriceListDetialsId}
GET /PriceList/{priceListId}
GET /PriceList/{priceListId}/clone
GET /PriceList/{priceListId}/details
GET /info
GET /pricelist/details/{priceListDetailId}
GET /pricelist/{PriceListId}/details/{ItemRefererId}
POST /PriceList
POST /PriceList/details
```
  Found on 2026-01-23 11:42
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyspractitioneraggregator.alpha-cr.com
Port: 443
URL: https://ichtyspractitioneraggregator.alpha-cr.com

First seen 2025-12-02 10:48
Last seen 2026-01-23 11:37
Open for 52 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc490530a825cbdc7acbbd87690f474c3fe
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /practitioners
GET /practitioners/contracts/{PractitionerContractId}
GET /practitioners/medicalinsurances/{PractitionerMedicalInsuranceId}
GET /practitioners/medicalservices/{PractitionerMedicalServiceId}
GET /practitioners/{PractitionerId}/contracts
GET /practitioners/{PractitionerId}/medicalinsurances
GET /practitioners/{PractitionerId}/medicalservices
POST /practitioners/medicalinsurances
POST /practitioners/medicalservices
```
  Found on 2026-01-23 11:37
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyspersons.alpha-cr.com
Port: 443
URL: https://ichtyspersons.alpha-cr.com

First seen 2026-01-12 18:29
Last seen 2026-01-23 01:12
Open for 10 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc40a9a811379d2379fe5ae56822f0a69da

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /persons
GET /persons/addresses/{AddressId}
GET /persons/emails/{EmailId}
GET /persons/external-associations/{ExternalAssociationId}
GET /persons/genders
GET /persons/genders/{GenderId}
GET /persons/identifierTypes/{IdentifierTypeId}
GET /persons/identifiers/verification
GET /persons/identifiers/{PersonIdentifierId}
GET /persons/identifiertypes
GET /persons/maritalstatuses
GET /persons/maritalstatuses/{MaritalStatusId}
GET /persons/phones/{PhoneId}
GET /persons/preferences/{PersonPreferenceId}
GET /persons/relationships/{PersonRelationshipId}
GET /persons/relationshiptypes
GET /persons/relationshiptypes/{RelationshipTypeId}
GET /persons/{PersonId}
GET /persons/{PersonId}/addresses
GET /persons/{PersonId}/emails
GET /persons/{PersonId}/external-associations
GET /persons/{PersonId}/identifiers
GET /persons/{PersonId}/phones
GET /persons/{PersonId}/preferences
GET /persons/{PersonId}/relationships
GET /preferences-types
GET /preferences-types/{PreferenceTypeId}
GET /providers
GET /providers/{ProviderId}
GET /sponsors
GET /sponsors/resync
GET /sponsors/{SponsorId}
POST /persons/addresses
POST /persons/emails
POST /persons/external-associations
POST /persons/identifierTypes
POST /persons/identifiers
POST /persons/phones
POST /persons/preferences
POST /persons/relationships
PUT /persons/fix-identifiers

Found on 2026-01-23 01:12

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: assistant-operator-azuredevops.nexus.radixeng.com
Port: 443
URL: https://assistant-operator-azuredevops.nexus.radixeng.com

First seen 2026-01-12 23:31
Last seen 2026-01-22 20:06
Open for 9 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60669808a164fd6eb564fd6eb564fd6eb564fd6eb5
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /health
GET /robots.txt
```
  Found on 2026-01-22 20:06
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.40.202.29
Domain: idp.nexus.radixeng.com
Port: 443
URL: https://idp.nexus.radixeng.com

First seen 2025-12-05 23:00
Last seen 2026-01-17 02:00
Open for 42 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d67d18928b5580bb8979ca225533ec1d1345a276df

GraphQL introspection enabled at /api/graphql
Types: 283 (by kind: ENUM: 5, INPUT_OBJECT: 69, INTERFACE: 3, OBJECT: 197, SCALAR: 7, UNION: 2)
Operations:
- Query: Query | fields: getLibraryNewItems, getLibraryProductTypes, getLibraryTemplateBySlug, getLibraryTemplateFilterParams, getLibraryTemplates
- Mutation: Mutation | fields: addNewProductTypeToLibrary, addNewPropertyToLibrary, publishLibraryTemplate, sendLibraryAnalytics, unpublishLibraryTemplate
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-17 02:00

290.9 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: apidev.casemanagement.southwestkey.org
Port: 443
URL: https://apidev.casemanagement.southwestkey.org

First seen 2026-01-13 15:10
Last seen 2026-01-17 01:38
Open for 3 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-17 01:38

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354948e4dad232e30b20f6221c62e521229282bdf959

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Addresses/suggest
GET /api/CaseDismissalReasons
GET /api/CaseDismissalReasons/lookups
GET /api/CaseDismissalReasons/{id}
GET /api/CaseDismissalReasons/{programModelId}/lookups
GET /api/CaseFormFiles/{caseFormId}/{fieldId}
GET /api/CaseForms
GET /api/CaseForms/{caseFormId}
GET /api/CaseTasks/case/{caseId}
GET /api/Countries/lookups
GET /api/Enums/days-of-week
GET /api/Enums/formtypes
GET /api/Enums/genders
GET /api/Enums/maritalstatuses
GET /api/Enums/months
GET /api/Enums/numeric-field-types
GET /api/Enums/races
GET /api/Enums/task-assignment-triggers
GET /api/Enums/task-frecuencies
GET /api/Enums/task-priorities
GET /api/FormFiles/{formId}/{fieldId}
GET /api/Forms
GET /api/Forms/lookup
GET /api/Forms/{id}
GET /api/Languages
GET /api/Languages/lookup
GET /api/Languages/{id}
GET /api/Locations
GET /api/Locations/lookups
GET /api/Locations/{id}
GET /api/OccupantCases/{id}
GET /api/Occupants
GET /api/Occupants/{id}
GET /api/Occupants/{id}/cases
GET /api/Occupants/{id}/details
GET /api/Occupants/{occupantId}/cases/active
GET /api/Occupants/{occupantId}/files/{fileName}
GET /api/ProgramModels
GET /api/ProgramModels/lookups
GET /api/ProgramModels/{id}
GET /api/Roles/lookups
GET /api/SecurityGroups
GET /api/SecurityGroups/{id}
GET /api/TaskAssignmentRules
GET /api/TaskAssignmentRules/{id}
GET /api/TaskDefinitions
GET /api/TaskDefinitions/lookups
GET /api/TaskDefinitions/{id}
GET /api/cases/{caseId}/users
GET /api/cases/{caseId}/users/lookup
GET /api/countries/{countryId}/states
GET /api/location/{locationId}/users
GET /api/securitygroups/{id}/locations
GET /api/states/{stateId}/cities
GET /api/user/{id}/locations
GET /api/users/current/locations
GET /api/users/{userId}/cases
PATCH /api/OccupantCases/{caseId}/changestartdate
PATCH /api/OccupantCases/{caseId}/close
POST /api/CaseFormFiles
POST /api/FormFiles
PUT /api/CaseForms/{caseFormId}/complete
PUT /api/CaseForms/{caseFormId}/draft
PUT /api/CaseForms/{id}
PUT /api/CaseTasks/{id}
PUT /api/SecurityGroups/{securityGroupId}

Found on 2026-01-13 15:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysmedicalinsuranceagreements.alpha-cr.com
Port: 443
URL: https://ichtysmedicalinsuranceagreements.alpha-cr.com

First seen 2026-01-12 18:20
Last seen 2026-01-16 23:12
Open for 4 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dbb5c45dc2e304ce2d597054a93d36446547fa9d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /agreements/services/details/{AgreementServiceDetailsId}
DELETE /agreements/{agreementId}
DELETE /medicalservices/{serviceId}
GET /agreements
GET /agreements/PriceList/{AgreementPriceListId}
GET /agreements/services/details/{AgreementServiceDetailId}
GET /agreements/services/{AgreementServiceId}
GET /agreements/services/{AgreementServiceId}/details
GET /agreements/{AgreementId}
GET /agreements/{AgreementId}/PriceList
GET /agreements/{AgreementId}/activePriceList/{ReferecenceDate}
GET /agreements/{AgreementId}/services
GET /agreements/{AgreementId}/services/{MedicalServiceId}/details/{InsurancePlanId}
GET /info
GET /medicalservices
GET /medicalservices/{medicalServiceId}
GET /pathologies/{searchText}
GET /procedures/{searchText}
POST /agreements/PriceList
POST /agreements/PriceList/{AgreementPriceListId}/endvalidity
POST /agreements/PriceList/{AgreementPriceListId}/expire
POST /agreements/PriceList/{AgreementPriceListId}/startvalidity
POST /agreements/services
POST /agreements/services/details
POST /medicalservices/settings
PUT /agreements/services/{AgreementServiceId}/status/{newStatus}
PUT /medicalservices/{MedicalServiceId}/status/{NewStatus}

Found on 2026-01-16 23:12

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyscashflow.alpha-cr.com
Port: 443
URL: https://ichtyscashflow.alpha-cr.com

First seen 2026-01-13 08:13
Last seen 2026-01-16 22:22
Open for 3 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491d5bc99c39ae7b74e49b83b229c81b9b6ffd5007

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /accounts
GET /accounts/movements/{AccountMovementId}
GET /accounts/{AccountId}
GET /accounts/{AccountId}/movements
GET /debts/creditor/{CreditorId}
GET /debts/debtor/{DebtorId}
GET /debts/movements/{debtMovementId}
GET /debts/settlements/{SettlementId}
GET /debts/{DebtId}
GET /debts/{DebtId}/movements
GET /debts/{DebtorId}
GET /info
GET /movement
GET /movement-types
GET /movement-types/{MovementTypeId}
GET /paymentmovement/debt/{debtId}
GET /paymentmovement/payment/{paymentId}
GET /payments
GET /payments/chart-info
GET /payments/pending-imputation
GET /payments/{PaymentId}
GET /system-movements
GET /system-movements/{SystemMovementId}
POST /accounts/movements
POST /debts
POST /debts/movements
POST /debts/{debtId}/adjustment
POST /debts/{debtId}/forgiveness
POST /debts/{debtId}/rollback
POST /payments/{paymentId}/adjustment
POST /payments/{paymentId}/rollback-creation
POST /payments/{paymentId}/rollback-imputations

Found on 2026-01-16 22:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysproviderassociations.alpha-cr.com
Port: 443
URL: https://ichtysproviderassociations.alpha-cr.com

First seen 2026-01-13 05:03
Last seen 2026-01-16 21:27
Open for 3 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549716f07f925df82f625128180ef6eae439e361cb5
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /providers/PriceList/{ProviderPriceListId}
DELETE /providers/{ProviderID}/medicalservices/{MedicalServiceId}
DELETE /providers/{ProviderId}/PriceList/{PriceListId}
GET /info
GET /providers/medicalservices/{ProviderMedicalServiceId}
GET /providers/pricelists/{ProviderPriceListId}
GET /providers/{ProviderID}/medicalservices
GET /providers/{ProviderID}/pricelists
GET /providers/{ProviderId}/pricelists/{PriceListId}
POST /providers/medicalservices
PUT /providers/PriceList/{ProviderPriceListId}/endvalidity
PUT /providers/PriceList/{ProviderPriceListId}/expire
PUT /providers/PriceList/{ProviderPriceListId}/startvalidity
PUT /providers/pricelists
```
  Found on 2026-01-16 21:27
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtystenantpricelistaggregator.alpha-cr.com
Port: 443
URL: https://ichtystenantpricelistaggregator.alpha-cr.com

First seen 2026-01-13 05:32
Last seen 2026-01-16 21:17
Open for 3 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc41133263b68b07ac8c4601fa6c4601fa6
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /pricelist/{TenantPriceListId}/clone
GET /pricelists
GET /pricelists/{TenantPriceListId}
```
  Found on 2026-01-16 21:17
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: incubation-meeting-ai.seismic-dev.com
Port: 443
URL: https://incubation-meeting-ai.seismic-dev.com

First seen 2026-01-04 09:00
Last seen 2026-01-16 14:24
Open for 12 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyspractitionerassociations.alpha-cr.com
Port: 443
URL: https://ichtyspractitionerassociations.alpha-cr.com

First seen 2026-01-12 18:31
Last seen 2026-01-16 14:15
Open for 3 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354915c6233ed2847fd91a2c93149c6ef8b28bdafd98

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /practitioners/{PractitionerId}/medicalinsurances/{MedicalInsuranceId}
DELETE /practitioners/{PractitionerId}/medicalservices/{MedicalServiceId}
GET /info
GET /practitioners
GET /practitioners/contracts/{PractitionerContractId}
GET /practitioners/medicalinsurances/{PractitionerMedicalInsuranceId}
GET /practitioners/medicalservices/{PractitionerMedicalServiceId}
GET /practitioners/settings/particularattention/{ParticularAttentionStatus}
GET /practitioners/{PractitionerID}/contracts
GET /practitioners/{PractitionerID}/medicalinsurances
GET /practitioners/{PractitionerID}/medicalservices
GET /practitioners/{PractitionerID}/settings
POST /practitioners/contracts
POST /practitioners/medicalinsurances
POST /practitioners/medicalservices
POST /practitioners/settings

Found on 2026-01-16 14:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtysmedicalagreement.aggregator.alpha-cr.com
Port: 443
URL: https://ichtysmedicalagreement.aggregator.alpha-cr.com

First seen 2025-12-02 11:09
Last seen 2026-01-16 09:19
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549fa73fbfa8f46137f37848a07d5356e5adb1fbac0
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /agreements/pricelist/{AgreementPriceListId}/clone
GET /agreements/pricelist/{agreementPriceListId}
GET /agreements/{agreementId}
GET /info
POST /agreements/pricelist
POST /agreements/pricelist/currentPrice
POST /agreements/pricelist/details
```
  Found on 2026-01-16 09:19
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: xom-app-emrp-dns.rapp.com
Port: 443
URL: https://xom-app-emrp-dns.rapp.com

First seen 2024-01-17 19:50
Last seen 2026-01-16 09:19
Open for 729 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c2eda814e2eda814ed09d05e8cdc0ef4e6ee832798feda961
```
Found 6 files trough .DS_Store spidering:

/Resources
/Resources/css
/Resources/images
/Resources/images/chicagowhitesox
/Resources/images/default
/Resources/js
```
  Found on 2026-01-16 09:19
- Severity: low
  Fingerprint: 5f32cf5d6962f09c4239b3d84239b3d844e51606ab0badf800eb9f5a999c1d78
```
Found 8 files trough .DS_Store spidering:

/Resources
/Resources/css
/Resources/css/critical
/Resources/css/fonts
/Resources/images
/Resources/images/chicagowhitesox
/Resources/images/default
/Resources/js
```
  Found on 2024-03-22 22:12
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: xom-app-emrp-dns.rapp.com
Port: 80
URL: http://xom-app-emrp-dns.rapp.com

First seen 2024-01-17 19:50
Last seen 2026-01-16 04:57
Open for 729 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c2eda814e2eda814ed09d05e8cdc0ef4e6ee832798feda961
```
Found 6 files trough .DS_Store spidering:

/Resources
/Resources/css
/Resources/images
/Resources/images/chicagowhitesox
/Resources/images/default
/Resources/js
```
  Found on 2026-01-16 04:57
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d058d694f058d694f058d694f058d694f
```
Found 1 files trough .DS_Store spidering:

/Resources
```
  Found on 2025-02-18 09:07
- Severity: low
  Fingerprint: 5f32cf5d6962f09c4239b3d84239b3d844e51606ab0badf800eb9f5a999c1d78
```
Found 8 files trough .DS_Store spidering:

/Resources
/Resources/css
/Resources/css/critical
/Resources/css/fonts
/Resources/images
/Resources/images/chicagowhitesox
/Resources/images/default
/Resources/js
```
  Found on 2024-03-22 22:12
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: ichtyscontract.alpha-cr.com
Port: 443
URL: https://ichtyscontract.alpha-cr.com

First seen 2026-01-13 05:29
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-13 05:29
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: test-api.calculist.app
Port: 80
URL: http://test-api.calculist.app

First seen 2026-01-04 06:16

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549164c0560096d88cc9851a6a8b052e311fd1c0969

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Health/detailed
GET /api/v1/pdf/view
GET /api/v1/team/get-logo
POST /api/Help/request
POST /api/v1/admin/billing/pending-payments
POST /api/v1/admin/billing/recent-payments
POST /api/v1/admin/billing/revenue-by-year
POST /api/v1/admin/billing/upcoming-payments
POST /api/v1/admin/email-templates/list
POST /api/v1/admin/email-templates/send-test
POST /api/v1/admin/teams/get
POST /api/v1/admin/teams/list
POST /api/v1/admin/teams/update
POST /api/v1/admin/users/list
POST /api/v1/auth/forgot-password
POST /api/v1/auth/get-all-active-users
POST /api/v1/auth/impersonate
POST /api/v1/auth/login
POST /api/v1/auth/logout
POST /api/v1/auth/me
POST /api/v1/auth/refresh
POST /api/v1/auth/reset-password
POST /api/v1/auth/toggle-business-role
POST /api/v1/auth/toggle-subscription-type
POST /api/v1/auth/unsubscribe
POST /api/v1/auth/validate-reset-token
POST /api/v1/cases/accept-received
POST /api/v1/cases/copy
POST /api/v1/cases/copy-received
POST /api/v1/cases/get
POST /api/v1/cases/list
POST /api/v1/cases/list-received
POST /api/v1/cases/list-sent
POST /api/v1/cases/reject-received
POST /api/v1/cases/rescind-file
POST /api/v1/cases/save
POST /api/v1/cases/toggle-favorite
POST /api/v1/cases/update-note
POST /api/v1/cases/update-status
POST /api/v1/cases/{caseId}/archive
POST /api/v1/downloads/list
POST /api/v1/downloads/redownload
POST /api/v1/pdf/generate
POST /api/v1/team/cancel-subscription
POST /api/v1/team/create-expense-template
POST /api/v1/team/get
POST /api/v1/team/update
POST /api/v1/test/pdf/generate
POST /api/v1/users/archive-user
POST /api/v1/users/change-email
POST /api/v1/users/change-password
POST /api/v1/users/create-user
POST /api/v1/users/get-user-by-id
POST /api/v1/users/get-users
POST /api/v1/users/update-profile
POST /api/v1/users/update-user
POST /api/v1/users/update-user-status

Found on 2026-01-04 06:16

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.40.202.29
Domain: test-api.calculist.app
Port: 443
URL: https://test-api.calculist.app

First seen 2026-01-04 06:16

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549164c0560096d88cc9851a6a8b052e311fd1c0969

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Health/detailed
GET /api/v1/pdf/view
GET /api/v1/team/get-logo
POST /api/Help/request
POST /api/v1/admin/billing/pending-payments
POST /api/v1/admin/billing/recent-payments
POST /api/v1/admin/billing/revenue-by-year
POST /api/v1/admin/billing/upcoming-payments
POST /api/v1/admin/email-templates/list
POST /api/v1/admin/email-templates/send-test
POST /api/v1/admin/teams/get
POST /api/v1/admin/teams/list
POST /api/v1/admin/teams/update
POST /api/v1/admin/users/list
POST /api/v1/auth/forgot-password
POST /api/v1/auth/get-all-active-users
POST /api/v1/auth/impersonate
POST /api/v1/auth/login
POST /api/v1/auth/logout
POST /api/v1/auth/me
POST /api/v1/auth/refresh
POST /api/v1/auth/reset-password
POST /api/v1/auth/toggle-business-role
POST /api/v1/auth/toggle-subscription-type
POST /api/v1/auth/unsubscribe
POST /api/v1/auth/validate-reset-token
POST /api/v1/cases/accept-received
POST /api/v1/cases/copy
POST /api/v1/cases/copy-received
POST /api/v1/cases/get
POST /api/v1/cases/list
POST /api/v1/cases/list-received
POST /api/v1/cases/list-sent
POST /api/v1/cases/reject-received
POST /api/v1/cases/rescind-file
POST /api/v1/cases/save
POST /api/v1/cases/toggle-favorite
POST /api/v1/cases/update-note
POST /api/v1/cases/update-status
POST /api/v1/cases/{caseId}/archive
POST /api/v1/downloads/list
POST /api/v1/downloads/redownload
POST /api/v1/pdf/generate
POST /api/v1/team/cancel-subscription
POST /api/v1/team/create-expense-template
POST /api/v1/team/get
POST /api/v1/team/update
POST /api/v1/test/pdf/generate
POST /api/v1/users/archive-user
POST /api/v1/users/change-email
POST /api/v1/users/change-password
POST /api/v1/users/create-user
POST /api/v1/users/get-user-by-id
POST /api/v1/users/get-users
POST /api/v1/users/update-profile
POST /api/v1/users/update-user
POST /api/v1/users/update-user-status

Found on 2026-01-04 06:16

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.40.202.29
Domain: www.hotsystems.com
Port: 443
URL: https://www.hotsystems.com

First seen 2025-11-23 16:51
Last seen 2025-11-26 14:11
Open for 2 days

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522ae2ad0c9

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/Omicronian/space-invaders-website
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http "https://github.com/"]
	extraheader = AUTHORIZATION: basic eC1hY2Nlc3MtdG9rZW46Z2hzX2w5emo1YzJXdXJCRmF0eHVOSlVTMHJSWGhsY21USDFaY1Ftbw==
[branch "main"]
	remote = origin
	merge = refs/heads/main

Found on 2025-11-26 14:11

430 Bytes

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522841d7177

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/Omicronian/space-invaders-website
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http "https://github.com/"]
	extraheader = AUTHORIZATION: basic eC1hY2Nlc3MtdG9rZW46Z2hzX2lza3VuRXZqQ3lnN1ptUHRtb1NYVTZwTGRvUTRqazA1Y0VuSg==
[branch "main"]
	remote = origin
	merge = refs/heads/main

Found on 2025-11-23 16:51

430 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: securityresumegv.xyz
Port: 443
URL: https://securityresumegv.xyz

First seen 2022-09-21 02:44
Last seen 2024-08-14 18:26
Open for 693 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94de8919b64c8919b64c8919b64c
```
Found 2 files trough .DS_Store spidering:

/assets
/index.html
```
  Found on 2024-08-14 18:26
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2024-06-26 01:26
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: brandoncyberblog.com
Port: 443
URL: https://brandoncyberblog.com

First seen 2022-09-21 02:21
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-09-21 02:21
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: humanfrailty.online
Port: 443
URL: https://humanfrailty.online

First seen 2022-09-21 02:12
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-09-21 02:12
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.40.202.29
Domain: cyopsnerd.tech
Port: 443
URL: https://cyopsnerd.tech

First seen 2022-09-10 15:50
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-09-10 15:50
Create report

Open service 20.40.202.29:80 · mortgagestudiopro.com

2026-02-09 09:29

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Mon, 09 Feb 2026 09:30:23 GMT
Server: Kestrel
Set-Cookie: ARRAffinity=7fbfbdaad96551e1f9601736a7d57f0f5128560919bb65e942e820d9eca38bde;Path=/;HttpOnly;Domain=mortgagestudiopro.com

Found 2026-02-09 by HttpPlugin

Host 20.40.202.29

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file