Host 23.32.238.122
Germany
Software information
AmazonS3
tcp/443 tcp/80
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-23 21:51
Last seen 2026-02-01 23:49
Open for 70 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-01 23:49
-
-
Open service 23.32.238.122:443 · neweteaching.hess.com.tw
2026-01-22 22:13
HTTP/1.1 200 OK Content-Length: 3430 Content-Type: text/html Last-Modified: Thu, 12 Sep 2024 23:31:48 GMT Accept-Ranges: bytes ETag: "1db056befc70766" Server: Kestrel X-Powered-By: ASP.NET Expires: Thu, 22 Jan 2026 22:13:28 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 22 Jan 2026 22:13:28 GMT Connection: close Set-Cookie: aka-hash=D77C459AC17E6E55FE4157F54D308231D5FB7A1897BECB8CA94FC770B82453BE; Max-Age=864000; Domain=hess.com.tw; Path=/ Akamai-Cache-Status: Miss from child, Miss from parent Page title: 何嘉仁國小英語教師網 <!doctype html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta charset="utf-8"><title>何嘉仁國小英語教師網</title><base href="/"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><!-- .cd-main-content --><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><link href="styles.3d48a4af43df604aaa2a.bundle.css" rel="stylesheet"/></head><body><app-root></app-root><script type="text/javascript">loadjs = function () { var n = function () {}, e = {}, t = {}, r = {}; function c(n, e) { if (n) { var c = r[n]; if (t[n] = e, c) for (; c.length;) c[0](n, e), c.splice(0, 1) } } function i(e, t) { e.call && (e = { success: e }), t.length ? (e.error || n)(t) : (e.success || n)(e) } function o(e, t, r, c) { var i, s, u = document, f = r.async, a = (r.numRetries || 0) + 1, h = r.before || n; c = c || 0, /(^css!|\.css$)/.test(e) ? (i = !0, (s = u.createElement("link")).rel = "stylesheet", s.href = e.replace( /^css!/, "")) : ((s = u.createElement("script")).src = e, s.async = void 0 === f || f), s.onload = s.onerror = s.onbeforeload = function (n) { var u = n.type[0]; if (i && "hideFocus" in s) try { s.sheet.cssText.length || (u = "e") } catch (n) { u = "e" } if ("e" == u && (c += 1) < a) return o(e, t, r, c); t(e, u, n.defaultPrevented) }, !1 !== h(e, s) && u.head.appendChild(s) } function s(n, t, r) { var s, u; if (t && t.trim && (s = t), u = (s ? r : t) || {}, s) { if (s in e) throw "LoadJS"; e[s] = !0 }! function (n, e, t) { var r, c, i = (n = n.push ? n : [n]).length, s = i, u = []; for (r = function (n, t, r) { if ("e" == t && u.push(n), "b" == t) { if (!r) return; u.push(n) }--i || e(u) }, c = 0; c < s; c++) o(n[c], r, t) }(n, function (n) { i(u, n), c(s, n) }, u) } return s.ready = function (n, e) { return function (n, e) { var c, i, o, s = [], u = (n = n.push ? n : [n]).length, f = u; for (c = function (n, t) { t.length && s.push(n), --f || e(s) }; u--;) i = n[u], (o = t[i]) ? c(i, o) : (r[i] = r[i] || []).push(c) }(n, function (n) { i(e, n) }), s }, s.done = function (n) { c(n, []) }, s.reset = function () { e = {}, t = {}, r = {} }, s.isDefined = function (n) { return n in e }, s }();</script><script type="text/javascript">loadjs([ ], { success: function () {}, async: false });</script><script type="text/javascript" src="inline.d17e86dd292a7b82f694.bundle.js"></script><script type="text/javascript" src="polyfills.41cdb42945d1c12d563e.bundle.js"></script><script type="text/javascript" src="main.f5dcce93fd68d6756640.bundle.js"></script></body></html>Found 2026-01-22 by HttpPluginCreate report
-
Open service 23.32.238.122:443 · neweteaching.hess.com.tw
2026-01-09 23:10
HTTP/1.1 200 OK Content-Length: 3430 Content-Type: text/html Last-Modified: Thu, 12 Sep 2024 23:31:48 GMT Accept-Ranges: bytes ETag: "1db056befc70766" Server: Kestrel X-Powered-By: ASP.NET Expires: Fri, 09 Jan 2026 23:10:55 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 23:10:55 GMT Connection: close Set-Cookie: aka-hash=5AEE9B69EF4C270BB4753C24548545327A492844B953CA729D4C61097E31F8BC; Max-Age=864000; Domain=hess.com.tw; Path=/ Akamai-Cache-Status: Miss from child, Miss from parent Page title: 何嘉仁國小英語教師網 <!doctype html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta charset="utf-8"><title>何嘉仁國小英語教師網</title><base href="/"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><!-- .cd-main-content --><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><link href="styles.3d48a4af43df604aaa2a.bundle.css" rel="stylesheet"/></head><body><app-root></app-root><script type="text/javascript">loadjs = function () { var n = function () {}, e = {}, t = {}, r = {}; function c(n, e) { if (n) { var c = r[n]; if (t[n] = e, c) for (; c.length;) c[0](n, e), c.splice(0, 1) } } function i(e, t) { e.call && (e = { success: e }), t.length ? (e.error || n)(t) : (e.success || n)(e) } function o(e, t, r, c) { var i, s, u = document, f = r.async, a = (r.numRetries || 0) + 1, h = r.before || n; c = c || 0, /(^css!|\.css$)/.test(e) ? (i = !0, (s = u.createElement("link")).rel = "stylesheet", s.href = e.replace( /^css!/, "")) : ((s = u.createElement("script")).src = e, s.async = void 0 === f || f), s.onload = s.onerror = s.onbeforeload = function (n) { var u = n.type[0]; if (i && "hideFocus" in s) try { s.sheet.cssText.length || (u = "e") } catch (n) { u = "e" } if ("e" == u && (c += 1) < a) return o(e, t, r, c); t(e, u, n.defaultPrevented) }, !1 !== h(e, s) && u.head.appendChild(s) } function s(n, t, r) { var s, u; if (t && t.trim && (s = t), u = (s ? r : t) || {}, s) { if (s in e) throw "LoadJS"; e[s] = !0 }! function (n, e, t) { var r, c, i = (n = n.push ? n : [n]).length, s = i, u = []; for (r = function (n, t, r) { if ("e" == t && u.push(n), "b" == t) { if (!r) return; u.push(n) }--i || e(u) }, c = 0; c < s; c++) o(n[c], r, t) }(n, function (n) { i(u, n), c(s, n) }, u) } return s.ready = function (n, e) { return function (n, e) { var c, i, o, s = [], u = (n = n.push ? n : [n]).length, f = u; for (c = function (n, t) { t.length && s.push(n), --f || e(s) }; u--;) i = n[u], (o = t[i]) ? c(i, o) : (r[i] = r[i] || []).push(c) }(n, function (n) { i(e, n) }), s }, s.done = function (n) { c(n, []) }, s.reset = function () { e = {}, t = {}, r = {} }, s.isDefined = function (n) { return n in e }, s }();</script><script type="text/javascript">loadjs([ ], { success: function () {}, async: false });</script><script type="text/javascript" src="inline.d17e86dd292a7b82f694.bundle.js"></script><script type="text/javascript" src="polyfills.41cdb42945d1c12d563e.bundle.js"></script><script type="text/javascript" src="main.f5dcce93fd68d6756640.bundle.js"></script></body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.32.238.122:443 · iab.fwmrm.net
2026-01-08 22:51
HTTP/1.1 403 Forbidden x-amz-bucket-region: us-east-1 x-amz-request-id: H6RAGD5GJM29FTE3 x-amz-id-2: EPNMfg0C4tUs9JAhxetvZz6Qy/SLBo8pldDmXzRZ87DdId3RFn3eXrKmJfzx31LjPCD7ZXE+uHDcy+Mz55lBswTSPozD/Wol Content-Type: application/xml Server: AmazonS3 Expires: Thu, 08 Jan 2026 22:51:54 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 08 Jan 2026 22:51:54 GMT Connection: close Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: * <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>User: arn:aws:iam::081103041648:user/origin-prd is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::fw-vi-prd-origin-use1" because no identity-based policy allows the s3:ListBucket action</Message><RequestId>H6RAGD5GJM29FTE3</RequestId><HostId>EPNMfg0C4tUs9JAhxetvZz6Qy/SLBo8pldDmXzRZ87DdId3RFn3eXrKmJfzx31LjPCD7ZXE+uHDcy+Mz55lBswTSPozD/Wol</HostId></Error>
Found 2026-01-08 by HttpPluginCreate report
-
Open service 23.32.238.122:80 · iab.fwmrm.net
2026-01-08 22:51
HTTP/1.1 403 Forbidden x-amz-bucket-region: us-east-1 x-amz-request-id: 6FCTJT95TMNSW9F6 x-amz-id-2: 0HTviKm1Wa2BHBiau0NLDzxvkN2CJjh8rT7cwxb/e7e8m0TKgf8tRFVGfS7IhSXdwvGJl2k0txA= Content-Type: application/xml Server: AmazonS3 Expires: Thu, 08 Jan 2026 22:52:34 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 08 Jan 2026 22:52:34 GMT Connection: close Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: * <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>User: arn:aws:iam::081103041648:user/origin-prd is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::fw-vi-prd-origin-use1" because no identity-based policy allows the s3:ListBucket action</Message><RequestId>6FCTJT95TMNSW9F6</RequestId><HostId>0HTviKm1Wa2BHBiau0NLDzxvkN2CJjh8rT7cwxb/e7e8m0TKgf8tRFVGfS7IhSXdwvGJl2k0txA=</HostId></Error>
Found 2026-01-08 by HttpPluginCreate report
-
Open service 23.32.238.122:443 · neweteaching.hess.com.tw
2026-01-02 13:48
HTTP/1.1 200 OK Content-Length: 3430 Content-Type: text/html Last-Modified: Thu, 12 Sep 2024 23:31:48 GMT Accept-Ranges: bytes ETag: "1db056befc70766" Server: Kestrel X-Powered-By: ASP.NET Expires: Fri, 02 Jan 2026 13:49:01 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 13:49:01 GMT Connection: close Set-Cookie: aka-hash=9F5F1628AF09DBB597A141CEC45020D820C02C5351EAF52DF9288B482A826C1A; Max-Age=864000; Domain=hess.com.tw; Path=/ Akamai-Cache-Status: Miss from child, Miss from parent Page title: 何嘉仁國小英語教師網 <!doctype html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta charset="utf-8"><title>何嘉仁國小英語教師網</title><base href="/"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><!-- .cd-main-content --><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><link href="styles.3d48a4af43df604aaa2a.bundle.css" rel="stylesheet"/></head><body><app-root></app-root><script type="text/javascript">loadjs = function () { var n = function () {}, e = {}, t = {}, r = {}; function c(n, e) { if (n) { var c = r[n]; if (t[n] = e, c) for (; c.length;) c[0](n, e), c.splice(0, 1) } } function i(e, t) { e.call && (e = { success: e }), t.length ? (e.error || n)(t) : (e.success || n)(e) } function o(e, t, r, c) { var i, s, u = document, f = r.async, a = (r.numRetries || 0) + 1, h = r.before || n; c = c || 0, /(^css!|\.css$)/.test(e) ? (i = !0, (s = u.createElement("link")).rel = "stylesheet", s.href = e.replace( /^css!/, "")) : ((s = u.createElement("script")).src = e, s.async = void 0 === f || f), s.onload = s.onerror = s.onbeforeload = function (n) { var u = n.type[0]; if (i && "hideFocus" in s) try { s.sheet.cssText.length || (u = "e") } catch (n) { u = "e" } if ("e" == u && (c += 1) < a) return o(e, t, r, c); t(e, u, n.defaultPrevented) }, !1 !== h(e, s) && u.head.appendChild(s) } function s(n, t, r) { var s, u; if (t && t.trim && (s = t), u = (s ? r : t) || {}, s) { if (s in e) throw "LoadJS"; e[s] = !0 }! function (n, e, t) { var r, c, i = (n = n.push ? n : [n]).length, s = i, u = []; for (r = function (n, t, r) { if ("e" == t && u.push(n), "b" == t) { if (!r) return; u.push(n) }--i || e(u) }, c = 0; c < s; c++) o(n[c], r, t) }(n, function (n) { i(u, n), c(s, n) }, u) } return s.ready = function (n, e) { return function (n, e) { var c, i, o, s = [], u = (n = n.push ? n : [n]).length, f = u; for (c = function (n, t) { t.length && s.push(n), --f || e(s) }; u--;) i = n[u], (o = t[i]) ? c(i, o) : (r[i] = r[i] || []).push(c) }(n, function (n) { i(e, n) }), s }, s.done = function (n) { c(n, []) }, s.reset = function () { e = {}, t = {}, r = {} }, s.isDefined = function (n) { return n in e }, s }();</script><script type="text/javascript">loadjs([ ], { success: function () {}, async: false });</script><script type="text/javascript" src="inline.d17e86dd292a7b82f694.bundle.js"></script><script type="text/javascript" src="polyfills.41cdb42945d1c12d563e.bundle.js"></script><script type="text/javascript" src="main.f5dcce93fd68d6756640.bundle.js"></script></body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.32.238.122:443 · neweteaching.hess.com.tw
2025-12-22 19:52
HTTP/1.1 200 OK Content-Length: 3430 Content-Type: text/html Last-Modified: Thu, 12 Sep 2024 23:31:48 GMT Accept-Ranges: bytes ETag: "1db056befc70766" Server: Kestrel X-Powered-By: ASP.NET Expires: Mon, 22 Dec 2025 19:52:32 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 19:52:32 GMT Connection: close Set-Cookie: aka-hash=1835381DC3E67E08D8C54FB28639990DCD026AE03FB9E9566F607811DA945514; Max-Age=864000; Domain=hess.com.tw; Path=/ Akamai-Cache-Status: Miss from child, Miss from parent Page title: 何嘉仁國小英語教師網 <!doctype html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta charset="utf-8"><title>何嘉仁國小英語教師網</title><base href="/"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><!-- .cd-main-content --><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><link href="styles.3d48a4af43df604aaa2a.bundle.css" rel="stylesheet"/></head><body><app-root></app-root><script type="text/javascript">loadjs = function () { var n = function () {}, e = {}, t = {}, r = {}; function c(n, e) { if (n) { var c = r[n]; if (t[n] = e, c) for (; c.length;) c[0](n, e), c.splice(0, 1) } } function i(e, t) { e.call && (e = { success: e }), t.length ? (e.error || n)(t) : (e.success || n)(e) } function o(e, t, r, c) { var i, s, u = document, f = r.async, a = (r.numRetries || 0) + 1, h = r.before || n; c = c || 0, /(^css!|\.css$)/.test(e) ? (i = !0, (s = u.createElement("link")).rel = "stylesheet", s.href = e.replace( /^css!/, "")) : ((s = u.createElement("script")).src = e, s.async = void 0 === f || f), s.onload = s.onerror = s.onbeforeload = function (n) { var u = n.type[0]; if (i && "hideFocus" in s) try { s.sheet.cssText.length || (u = "e") } catch (n) { u = "e" } if ("e" == u && (c += 1) < a) return o(e, t, r, c); t(e, u, n.defaultPrevented) }, !1 !== h(e, s) && u.head.appendChild(s) } function s(n, t, r) { var s, u; if (t && t.trim && (s = t), u = (s ? r : t) || {}, s) { if (s in e) throw "LoadJS"; e[s] = !0 }! function (n, e, t) { var r, c, i = (n = n.push ? n : [n]).length, s = i, u = []; for (r = function (n, t, r) { if ("e" == t && u.push(n), "b" == t) { if (!r) return; u.push(n) }--i || e(u) }, c = 0; c < s; c++) o(n[c], r, t) }(n, function (n) { i(u, n), c(s, n) }, u) } return s.ready = function (n, e) { return function (n, e) { var c, i, o, s = [], u = (n = n.push ? n : [n]).length, f = u; for (c = function (n, t) { t.length && s.push(n), --f || e(s) }; u--;) i = n[u], (o = t[i]) ? c(i, o) : (r[i] = r[i] || []).push(c) }(n, function (n) { i(e, n) }), s }, s.done = function (n) { c(n, []) }, s.reset = function () { e = {}, t = {}, r = {} }, s.isDefined = function (n) { return n in e }, s }();</script><script type="text/javascript">loadjs([ ], { success: function () {}, async: false });</script><script type="text/javascript" src="inline.d17e86dd292a7b82f694.bundle.js"></script><script type="text/javascript" src="polyfills.41cdb42945d1c12d563e.bundle.js"></script><script type="text/javascript" src="main.f5dcce93fd68d6756640.bundle.js"></script></body></html>Found 2025-12-22 by HttpPluginCreate report