LeakIX - Host 20.49.104.52

Host 20.49.104.52

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Debian

Software information

Apache Apache

tcp/443 tcp/80

Apache Apache 2.4.54

tcp/443

Kestrel Kestrel

tcp/443 tcp/80

gunicorn

tcp/443

nginx nginx 1.28.0

tcp/443

nginx nginx

tcp/443 tcp/80

nginx nginx 1.27.3

tcp/443

nginx nginx 1.24.0

tcp/443

uvicorn

tcp/443

waitress

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: matomo-report.crowdpoint.cloud
Port: 443
URL: https://matomo-report.crowdpoint.cloud

First seen 2025-10-15 09:49
Last seen 2026-02-09 18:36
Open for 117 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e5ecf60221ecf60221ecf60221ecf60221ecf60221
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /report/{website-domain}
```
  Found on 2026-02-09 18:36
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2025-11-10 21:50
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: www.estimatorx.com
Port: 443
URL: https://www.estimatorx.com

First seen 2026-01-10 05:25
Last seen 2026-02-09 17:45
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497a9880e8507ef9f524beef04d759757d0e33c22b
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Invite
GET /api/Invite/key/{securityKey}
GET /api/Invite/{id}/{partitionKey}
GET /api/Organization
GET /api/Organization/{id}/{partitionKey}
GET /api/Project
GET /api/Project/{id}/{partitionKey}
GET /api/Template
GET /api/Template/{id}/{partitionKey}
GET /api/User
GET /api/User/me
GET /api/User/{id}/{partitionKey}
GET /api/administrative/logging
GET /api/administrative/logging/{file}
GET /api/administrative/organizations
GET /api/administrative/organizations/{id}/{partitionKey}
GET /api/administrative/users
GET /api/administrative/users/{id}/{partitionKey}
POST /api/Invite/key/{securityKey}/redeem
POST /api/Invite/{id}/{partitionKey}/send
```
  Found on 2026-02-09 17:45
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiatend-phidelis.d.plurall.net
Port: 80
URL: http://apiatend-phidelis.d.plurall.net

First seen 2026-01-12 09:09
Last seen 2026-02-09 15:14
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035490d88be64b4e7641454b557c454b557c454b557c4
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mensagem/mensagens/getSetor/{id}
GET /api/Mensagem/mensagens/listarAtendimentos
GET /api/Mensagem/mensagens/listarSetores/{unidadeId}
```
  Found on 2026-02-09 15:14
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: api.vhtest.org
Port: 443
URL: https://api.vhtest.org

First seen 2025-10-16 06:33
Last seen 2026-02-09 14:05
Open for 116 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 14:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: odoo.logyca.com
Port: 80
URL: http://odoo.logyca.com

First seen 2026-01-11 16:57
Last seen 2026-02-09 06:00
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff431d5c02051d5c02051d5c02051d5c02051d5c0205
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /login
```
  Found on 2026-02-09 06:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiauth-phidelis.s.plurall.net
Port: 80
URL: http://apiauth-phidelis.s.plurall.net

First seen 2026-01-12 09:00
Last seen 2026-02-09 01:15
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549e06c4adf00342a38858ee05957b516d198af466e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/Identidade/autenticar
POST /api/Identidade/autenticar-token-plurall
POST /api/Identidade/refresh-token
POST /api/Identidade/trocar-contexto-aluno
POST /api/Identidade/trocar-contexto-perfil
POST /api/Phidelis/autenticar-login-phidelis
POST /api/Phidelis/autenticar-token-phidelis
```
  Found on 2026-02-09 01:15
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiatend-phidelis.d.plurall.net
Port: 443
URL: https://apiatend-phidelis.d.plurall.net

First seen 2026-01-12 09:09
Last seen 2026-02-02 05:34
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035490d88be64b4e7641454b557c454b557c454b557c4
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mensagem/mensagens/getSetor/{id}
GET /api/Mensagem/mensagens/listarAtendimentos
GET /api/Mensagem/mensagens/listarSetores/{unidadeId}
```
  Found on 2026-02-02 05:34
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: logycaintegracionesapi.logyca.com
Port: 443
URL: https://logycaintegracionesapi.logyca.com

First seen 2026-01-11 15:13
Last seen 2026-02-02 00:23
Open for 21 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035490e4ee233eb09bbbc995d521e441b1744abe3313f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /GetToken
GET /api/Clientes/CustomerByContactEmail
GET /api/Clientes/CustomerExistByEmail
GET /api/Clientes/CustomerIsUnlinkedByNit
GET /api/Clientes/GetCustomer
GET /api/Codigos/Get
GET /api/Contactos/GetContact
GET /api/FacturaCliente/GetFacturasNit
GET /api/FacturaCliente/InvoiceByVtexOC
GET /api/FacturaCliente/InvoicesByContactEmail
GET /api/Generics/AssetRange
GET /api/Generics/ResponsibilitiesRut
GET /api/Generics/Sectors
GET /api/Generics/Sponsors
GET /api/Poblacion/GetCiudad/{idDepartamento}
GET /api/Poblacion/GetDepartamentos/{idPais}
GET /api/Poblacion/GetPaises
GET /api/RangoIngresos/Incomes
GET /api/RangoIngresos/IncomesByMacroSectorName
GET /api/RangoIngresos/IncomesBySectorId
POST /api/Activador
POST /api/ClientesContactos/PostCustomerContact
POST /api/Contactos/PostContact
POST /api/SupportCase

Found on 2026-02-02 00:23

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: odoo.logyca.com
Port: 443
URL: https://odoo.logyca.com

First seen 2026-01-11 16:57
Last seen 2026-02-02 00:23
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff431d5c02051d5c02051d5c02051d5c02051d5c0205
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /login
```
  Found on 2026-02-02 00:23
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiatend-phidelis.s.plurall.net
Port: 443
URL: https://apiatend-phidelis.s.plurall.net

First seen 2026-01-12 09:00
Last seen 2026-02-01 23:56
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035490d88be64b4e7641454b557c44bdefcfa4395b60a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mensagem/mensagens/getSetor/{id}
GET /api/Mensagem/mensagens/listarAtendimentos
GET /api/Mensagem/mensagens/listarSetores/{unidadeId}
POST /api/ImportacaoDados/processarAcessos
POST /api/Mensagem/mensagens/salvarArquivoChat
```
  Found on 2026-02-01 23:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiauth-phidelis.s.plurall.net
Port: 443
URL: https://apiauth-phidelis.s.plurall.net

First seen 2026-01-12 09:00
Last seen 2026-02-01 23:56
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549e06c4adf00342a38858ee05957b516d198af466e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/Identidade/autenticar
POST /api/Identidade/autenticar-token-plurall
POST /api/Identidade/refresh-token
POST /api/Identidade/trocar-contexto-aluno
POST /api/Identidade/trocar-contexto-perfil
POST /api/Phidelis/autenticar-login-phidelis
POST /api/Phidelis/autenticar-token-phidelis
```
  Found on 2026-02-01 23:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apimens-phidelis.s.plurall.net
Port: 443
URL: https://apimens-phidelis.s.plurall.net

First seen 2026-01-12 09:01
Last seen 2026-02-01 23:56
Open for 20 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354955a5f21d57b41f6d42c055ee2484224903c6d842

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/agendaonline/{id}
GET /api/Agenda/{qtdDias}/{tiposDeEventos}
GET /api/Calendario/obterCalendario
GET /api/Comunicado/comunicados/{pagina}/{registrosPorPagina}
GET /api/Comunicado/detalhesComunicado/{publicacaoId}
GET /api/Comunicado/{publicacaoId}/comentario/{pagina}/{registrosPorPagina}
GET /api/Dashboard/contadores
GET /api/Dashboard/dashboard/{topTipoPublicacao}
GET /api/Dashboard/detalhesPublicacao/{publicacaoId}
GET /api/Dashboard/home/{pagina}/{registrosPorPagina}
GET /api/agendaonline/obterCalendario/{data}
GET /api/agendaonlineconfiguracao/{unidadeId}
GET /api/integracao/{unidadeId}
GET /api/v2/Agenda/obterAgenda/{data}
GET /api/v2/Agenda/obterEvento/{id}
GET /api/v2/Agenda/obterProgramacao/{pagina}/{registrosPorPagina}
GET /api/v2/AgendaOnline/obterAgenda/{UnidadeId}/{Data}
GET /api/v2/AgendaOnline/obterDestaques/{unidadeId}/{pagina}/{registrosPorPagina}
GET /api/v2/AgendaOnline/obterEvento/{unidadeId}/{id}
GET /api/v2/AgendaOnline/obterProgramacao/{unidadeId}/{pagina}/{registrosPorPagina}/{cursoId}
GET /api/v2/AgendaOnline/pesquisar/{AnoLetivo}/{TurmaId}
POST /api/Comunicado/ativarComentario/{id}
POST /api/Comunicado/comentarPublicacao
POST /api/Comunicado/curtirPublicacao/{publicacaoId}
POST /api/v2/Agenda/responderEnquete
POST /api/v2/AgendaOnline

Found on 2026-02-01 23:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apimens-phidelis.d.plurall.net
Port: 443
URL: https://apimens-phidelis.d.plurall.net

First seen 2026-01-11 10:44
Last seen 2026-01-16 14:47
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354955a5f21dba410e60b65f722f9193ef878022323c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/agendaonline/{id}
GET /api/Agenda/detalhesPublicacao/{publicacaoId}
GET /api/Agenda/publicacoes
GET /api/Agenda/{qtdDias}/{tiposDeEventos}
GET /api/Calendario/obterCalendario
GET /api/Comunicado/comunicados/{pagina}/{registrosPorPagina}
GET /api/Comunicado/detalhesComunicado/{publicacaoId}
GET /api/Dashboard/contadores
GET /api/Dashboard/dashboard/{topTipoPublicacao}
GET /api/Dashboard/detalhesPublicacao/{publicacaoId}
GET /api/agendaonline/obter/{id}
GET /api/agendaonline/obterCalendario/{data}
GET /api/agendaonline/pesquisar/{AnoLetivo}/{TurmaId}
GET /api/agendaonline/{Data}/{TurmaId}
GET /api/agendaonlineconfiguracao/{unidadeId}
POST /api/Comunicado/curtirPublicacao/{publicacaoId}
POST /api/agendaonline
```
  Found on 2026-01-16 14:47
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: broadcaster-staging.displaynow.io
Port: 443
URL: https://broadcaster-staging.displaynow.io

First seen 2026-01-11 23:52
Last seen 2026-01-16 14:35
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549e57f2256b325d341ca6f3604d4ad5fc8604f1d6d
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Broadcast/get-occurrences-to-start
GET /MicrosoftIdentity/Account/Challenge/{scheme}
GET /MicrosoftIdentity/Account/EditProfile/{scheme}
GET /MicrosoftIdentity/Account/ResetPassword/{scheme}
GET /MicrosoftIdentity/Account/SignIn/{scheme}
GET /MicrosoftIdentity/Account/SignOut/{scheme}
POST /Broadcast
POST /Broadcast/delete/{id}
```
  Found on 2026-01-16 14:35
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: apiauth-phidelis.d.plurall.net
Port: 443
URL: https://apiauth-phidelis.d.plurall.net

First seen 2026-01-12 09:01
Last seen 2026-01-16 13:43
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549e06c4adf00342a38858ee05957b516d198af466e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/Identidade/autenticar
POST /api/Identidade/autenticar-token-plurall
POST /api/Identidade/refresh-token
POST /api/Identidade/trocar-contexto-aluno
POST /api/Identidade/trocar-contexto-perfil
POST /api/Phidelis/autenticar-login-phidelis
POST /api/Phidelis/autenticar-token-phidelis
```
  Found on 2026-01-16 13:43
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.49.104.52
Domain: smartwaytravel.tripmee.com.br
Port: 443
URL: https://smartwaytravel.tripmee.com.br

First seen 2025-11-18 13:41
Last seen 2026-01-16 07:23
Open for 58 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65225288a8f2

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://trip-mee@dev.azure.com/trip-mee/TripMeeApp/_git/TripMeeApp-Form
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbImNvbmZpZyJdLCJzb3VyY2VzQ29udGVudCI6WyJbY29yZV1cblx0cmVwb3NpdG9yeWZvcm1hdHZlcnNpb24gPSAwXG5cdGZpbGVtb2RlID0gdHJ1ZVxuXHRiYXJlID0gZmFsc2Vcblx0bG9nYWxscmVmdXBkYXRlcyA9IHRydWVcblx0bG9uZ3BhdGhzID0gdHJ1ZVxuW3JlbW90ZSBcIm9yaWdpblwiXVxuXHR1cmwgPSBodHRwczovL3RyaXAtbWVlQGRldi5henVyZS5jb20vdHJpcC1tZWUvVHJpcE1lZUFwcC9fZ2l0L1RyaXBNZWVBcHAtRm9ybVxuXHRmZXRjaCA9ICtyZWZzL2hlYWRzLyo6cmVmcy9yZW1vdGVzL29yaWdpbi8qXG5bZXh0ZW5zaW9uc11cblx0d29ya3RyZWVDb25maWcgPSB0cnVlXG5bZ2NdXG5cdGF1dG8gPSAwXG5baHR0cF1cblx0dmVyc2lvbiA9IEhUVFAvMS4xXG4iXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsQ0FBQyxJQUFJLENBQUM7QUFDTixDQUFDLHVCQUF1QixDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzVCLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxJQUFJO0FBQ2hCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLO0FBQ2IsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsSUFBSTtBQUN4QixDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSTtBQUNqQixDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQ2pCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJO0FBQzlFLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDNUMsQ0FBQyxVQUFVLENBQUM7QUFDWixDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsSUFBSTtBQUN0QixDQUFDLEVBQUUsQ0FBQztBQUNKLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQ1QsQ0FBQyxJQUFJLENBQUM7QUFDTixDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDOyJ9

Found on 2026-01-16 07:23

1.9 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.49.104.52
Domain: dev1.unitas.api.vergentlms.com
Port: 443
URL: https://dev1.unitas.api.vergentlms.com

First seen 2025-11-07 21:58
Last seen 2025-11-30 13:08
Open for 22 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-30 13:08
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: chris-finster.xyz
Port: 443
URL: https://chris-finster.xyz

First seen 2024-03-29 02:42
Last seen 2024-12-20 20:04
Open for 266 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94de8919b64c8919b64c8919b64c
```
Found 2 files trough .DS_Store spidering:

/assets
/index.html
```
  Found on 2024-12-20 20:04
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2024-06-22 18:14
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.4.244.223
Domain: gala.roundabouttheatre.org
Port: 443
URL: https://gala.roundabouttheatre.org

First seen 2023-02-01 20:08
Last seen 2024-04-30 22:38
Open for 454 days

Severity: low
Fingerprint: 5f32cf5d6962f09c3c1fc5e93c1fc5e9cdbb983aa96345f0c54202729731e6f5
```
Found 5 files trough .DS_Store spidering:

/images
/index.html
/README!!!.txt
/static
/translation.json
```
Found on 2024-04-30 22:38

Severity: high
Fingerprint: 5f32cf5d6962f09cef4770e6ef4770e63fc83863aeb3bcd9c987493185fb5511

Found 42 files trough .DS_Store spidering:

/.git
/.github
/catalog-info.yaml
/favicon.png
/Futura Std
/futura-std-bold_Wf2rS.zip
/FuturaStdBold
/FuturaStdBook
/FuturaStdExtraBold
/FuturaStdHeavy
/FuturaStdLight
/FuturaStdMedium
/gala.css
/index.html
/main_assets
/main_assets/1200px-Capital_One_logo.png
/main_assets/1200px-Capital_One_logoBLUE.png
/main_assets/1200px-Capital_One_logoWHITE.png
/main_assets/COLogo-white.png
/main_assets/Gala23_Background.png
/main_assets/Gala23_BackgroundExtended.png
/main_assets/Gala23_BackgroundHor.png
/main_assets/Gala23_BevelButton.png
/main_assets/Gala23_BlackDiamond.png
/main_assets/Gala23_BlackDiamondCrop.png
/main_assets/Gala23_ButtonLarge.png
/main_assets/Gala23_ButtonLargeBevel.png
/main_assets/Gala23_Date.png
/main_assets/Gala23_DateAndLocation.png
/main_assets/Gala23_LearnMoreButton.png
/main_assets/Gala23_RedFrame.png
/main_assets/Gala23_RedFramLarge.png
/main_assets/Gala23_RTCLogo.png
/main_assets/Gala23_SaveTheDate.png
/main_assets/Gala23_TitleTreatment.png
/main_assets/Gala23_TitleTreatmentLarge.png
/main_assets/Gala23_TitleTreatmentRed.png
/main_assets/Gala23_TitleTreatmentRedVersion2.png
/main_assets/play-button.html
/main_assets/RTC_Gala2023_RedBackground.png
/README.md
/safety.html

Found on 2023-02-01 20:08

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: dagessecurityblog.com
Port: 443
URL: https://dagessecurityblog.com

First seen 2023-09-28 00:31
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2023-09-28 00:31
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.49.104.52
Domain: sixfour.io
Port: 443
URL: https://sixfour.io

First seen 2023-04-18 00:05
Last seen 2023-08-04 00:39
Open for 108 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65221f4fa9af

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://sixfour@dev.azure.com/sixfour/core/_git/sixfour-landing-page
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2023-04-26 09:25

273 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522914d8ae6

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://wsdsoftware@dev.azure.com/wsdsoftware/Projetos/_git/sixfour-landing-page
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2023-04-18 00:05

285 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: mgsecurity.website
Port: 443
URL: https://mgsecurity.website

First seen 2023-06-16 01:20
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2023-06-16 01:20
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: financegpt.co.za
Port: 443
URL: https://financegpt.co.za

First seen 2023-03-25 22:41
- Severity: low
  Fingerprint: 5f32cf5d6962f09cab28146bab28146b8e7024c3f228fa5bcd1e4bdb7ba63a66
```
Found 21 files trough .DS_Store spidering:

/admin
/admin/img
/admin/js
/assets
/assets/img
/assets/img/brand
/assets/img/explain.png
/assets/img/explain1.png
/assets/img/explain2.png
/assets/img/hero.jpg
/assets/img/hero2.jpg
/assets/img/hero6.jpg
/assets/img/profile.png
/assets/js
/css
/favicon.ico
/index.php
/js
/robots.txt
/storage
/vendor
```
  Found on 2023-03-25 22:41
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: financegpt.co.za
Port: 80
URL: http://financegpt.co.za

First seen 2023-03-25 22:41
- Severity: low
  Fingerprint: 5f32cf5d6962f09c31c2f0b631c2f0b671da2a224ea3e1aa8f0fac84f16379e8
```
Found 28 files trough .DS_Store spidering:

/admin
/admin/img
/admin/js
/assets
/assets/img
/assets/img/brand
/assets/img/explain.png
/assets/img/explain1.png
/assets/img/explain2.png
/assets/img/hero.jpg
/assets/img/hero2.jpg
/assets/img/hero6.jpg
/assets/img/profile.png
/assets/js
/css
/favicon.ico
/index.php
/js
/robots.txt
/storage
/vendor
/vendor/apexcharts
/vendor/fontawesome-free
/vendor/livewire
/vendor/livewire-alert
/vendor/notyf
/vendor/sweetalert
/vendor/sweetalert2
```
  Found on 2023-03-25 22:41
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: oscarscheffera.com
Port: 443
URL: https://oscarscheffera.com

First seen 2023-01-05 02:15
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2023-01-05 02:15
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: cybersecuritywithluca.club
Port: 443
URL: https://cybersecuritywithluca.club

First seen 2022-11-30 03:36
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-11-30 03:36
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: pricesecurityblog.com
Port: 443
URL: https://pricesecurityblog.com

First seen 2022-08-29 23:40
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-08-29 23:40
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.49.104.52
Domain: cdhcyberblog.com
Port: 443
URL: https://cdhcyberblog.com

First seen 2022-08-29 23:15
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c2a8d359c60181061c4cd40bd
```
Found 4 files trough .DS_Store spidering:

/assets
/assets/css
/assets/css/style.css
/index.html
```
  Found on 2022-08-29 23:15
Create report

Open service 20.49.104.52:80 · um-prod.processtwin-innomotics.com

2026-02-11 03:13

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Wed, 11 Feb 2026 03:13:42 GMT
Location: https://um-prod.processtwin-innomotics.com/

Found 13 hours ago by HttpPlugin