LeakIX - Host 23.50.131.145

Host 23.50.131.145

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

Apache Apache 2.4.64

tcp/443

OpenSSL OpenSSL 3.2.2

tcp/443

nginx nginx 1.20.1

tcp/443

nginx nginx

tcp/443

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 95.100.110.20
Domain: wscomprovantes-hom.portalconsignado.com.br
Port: 443
URL: https://wscomprovantes-hom.portalconsignado.com.br

First seen 2025-11-21 19:27
Last seen 2026-01-14 21:17
Open for 54 days

Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652249ae0bac

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:glcbt-6b_WuFS_73DYTxvxn3-ynTQ@gitlab.com/finnet-sa/consignado/apis-burhmais/ws-comprovantes.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[lfs]
	repositoryformatversion = 0

Found on 2026-01-14 21:17

317 Bytes

Severity: critical
Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba918840231b48733e60e035b

[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[credential]
	interactive = never
[gc]
	autoDetach = false
[include]
	path = /builds/finnet-sa/consignado/apis-burhmais/ws-comprovantes.tmp/.gitlab-runner.ext.conf
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:glcbt-6b_PishcWZP5pNP4Cb3Q4Kf@gitlab.com/finnet-sa/consignado/apis-burhmais/ws-comprovantes.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[lfs]
	repositoryformatversion = 0

Found on 2025-12-05 21:57

545 Bytes

Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652280a3b0e2

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:glcbt-6b_rPkssJHSukBU8554p14S@gitlab.com/finnet-sa/consignado/apis-burhmais/ws-comprovantes.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[lfs]
	repositoryformatversion = 0

Found on 2025-11-30 09:38

317 Bytes

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652282a65399

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab.com/finnet-sa/consignado/apis-burhmais/ws-comprovantes.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "cobranca-verbas-rescisorias-510"]
	remote = origin
	merge = refs/heads/cobranca-verbas-rescisorias-510

Found on 2025-11-28 08:25

410 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: refunds.checkin.life
Port: 80
URL: http://refunds.checkin.life

First seen 2025-12-04 10:19
Last seen 2026-01-10 02:14
Open for 36 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-10 02:14
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils.miumiu.com
Port: 443
URL: https://api-utils.miumiu.com

First seen 2025-11-16 11:29
Last seen 2026-01-10 02:05
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-10 02:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: refunds.checkin.life
Port: 443
URL: https://refunds.checkin.life

First seen 2025-12-04 10:19
Last seen 2026-01-10 02:03
Open for 36 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-10 02:03
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: tst-api.leap.mdm.ferguson.com
Port: 443
URL: https://tst-api.leap.mdm.ferguson.com

First seen 2025-11-16 09:19
Last seen 2026-01-09 22:14
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 22:14
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-bff.measurements.suitsupply.com
Port: 443
URL: https://api-bff.measurements.suitsupply.com

First seen 2025-12-09 08:37
Last seen 2026-01-09 17:00
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e27190fddfc77801748b2b0c8259789a752635cd

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Cache/Clear
GET /api/v1/Cache/View
GET /api/v1/SizeChart
GET /api/v1/SizeChart/ByFit
GET /api/v1/SizeChart/CML
GET /api/v1/SizeChart/CountryRegion
GET /api/v1/SizeChart/GetIsSizeChartEnabledForSizePassport
GET /api/v1/SizeChart/GetSizeRecommendations
GET /api/v1/SizeChart/GetSizeRecommendationsByCountryCode
GET /api/v1/SizeChart/RtwProductFits
GET /api/v1/SizeChart/RtwProductMeasurements
GET /api/v1/SizeChart/RtwProductMeasurementsByFit
GET /api/v1/SizeChart/SuitProductSizes
GET /api/v1/SizeConversion/SizeConversions
GET /api/v1/SizeConversion/SizeConversionsByProductType
GET /api/v1/SizePassport/Product/CircumferenceMeasurements
GET /api/v1/SizePassport/Product/CustomerProfileProductTypes
GET /api/v1/SizePassport/Product/FitMeasurements
GET /api/v1/SizePassport/Product/Fits
GET /api/v1/SizePassport/Product/IgnoredAlterationValues
GET /api/v1/SizePassport/Product/Measurements
GET /api/v1/SizePassport/Product/RtwProductSizes
GET /api/v1/SizePassport/Product/SizeGroups
GET /api/v1/SizePassport/Product/fallback-measurements
GET /api/v1/SizePassport/Product/{ProductTypeId}/FitCountries
POST /api/v1/Alteration/FindAlterationPrices
POST /api/v1/Alteration/FindVariants

Found on 2026-01-09 17:00

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils-preprod.carshoe.com
Port: 443
URL: https://api-utils-preprod.carshoe.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 16:53
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-09 16:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: dev-api.leap.mdm.ferguson.com
Port: 443
URL: https://dev-api.leap.mdm.ferguson.com

First seen 2025-11-16 09:19
Last seen 2026-01-09 16:27
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 16:27
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: www.caco.com.tw
Port: 443
URL: https://www.caco.com.tw

First seen 2025-10-23 23:44
Last seen 2026-01-09 14:40
Open for 77 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-09 14:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils.marchesi1824.com
Port: 443
URL: https://api-utils.marchesi1824.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 12:03
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-09 12:03
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: puntivendita-dev.prada.com
Port: 443
URL: https://puntivendita-dev.prada.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 11:36
Open for 54 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496bf479f767f82a86d02349b40f083f11b6f89294

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AreaMerceologies/{id}
GET /Proxy/{path}
GET /api/Anagrafica/hierarchybygender/{brandId}
GET /api/Anagrafica/hierarchymerc/{brandId}
GET /api/Aree/merceologies-recap
GET /api/Aree/merchandise-recap-complete
GET /api/Aree/{shopCode}/{buildingId}/{mapId}
GET /api/Brand
GET /api/Brand/{brandId}
GET /api/Continent/{continentId}
GET /api/Country/{countryId}
GET /api/Export/beil-areamerceologies/{fromDate}
GET /api/Kpi
GET /api/Pdf/project/{projectId}
GET /api/Pdf/simulate/{projectId}/{storeIds}
GET /api/Pdf/{shopCode}/{buildingId}
GET /api/Pdf/{shopCode}/{buildingId}/piantine
GET /api/Pdf/{shopCode}/{buildingId}/piantine-aree
GET /api/Pdf/{shopCode}/{buildingId}/report140
GET /api/Pdf/{shopCode}/{buildingId}/stockroom
GET /api/Pdf/{shopCode}/{buildingId}/vetrine
GET /api/Pictures/batch
GET /api/Pictures/{shopCode}/{buildingId}
GET /api/Preamo
GET /api/Priority/{projectId}
GET /api/Project/{projectId}
GET /api/Store/cartigli/{shopCode}/{buildingId}
GET /api/Store/{storeIds}
GET /api/Window/{windowId}
GET /api/aree-details/{areaDetailsId}
GET /api/aree-details/{areaDetailsId}/recap
GET /api/real-estate-photo/{shopCode}/{buildingId}
GET /api/real-estate/merceologies-recap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/withrecap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/{brandId}/{shopCode}/{buildingId}
GET /api/sub-aree-details-audit/list/{subAreaDetId}
GET /api/sub-aree-details-audit/{snapshotId}
GET /api/sub-aree-details/{subAreaDetailsId}
GET /api/window-image/{windowImageId}
POST /api/AreaMerceologies
POST /api/AreaMerceologies/bulk
POST /api/AreaMerceologies/calculate-macrocode
POST /api/Aree/upsert
POST /api/Auth/login
POST /api/Auth/refresh_token
POST /api/Excel/display-capacity/{brandId}/{shopCode}/{buildingId}
POST /api/Excel/generation
POST /api/Pdf/project
POST /api/Pictures/resize
POST /api/Priority
POST /api/Project
POST /api/Project/update
POST /api/Psd
POST /api/Test/fronti
POST /api/Window/{storeId}
POST /api/aree-details
POST /api/aree-details/edit-position
POST /api/aree-details/upload-pdf
POST /api/eventgrid/storage
POST /api/sub-aree-details
POST /api/sub-aree-details/edit-position
POST /api/sub-aree-details/upload-fronte
POST /api/window-image

Found on 2026-01-09 11:36

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496bf479f767f82a86d02349b40f083f11a61ca6c4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AreaMerceologies/{id}
GET /Proxy/{path}
GET /api/Anagrafica/hierarchybygender/{brandId}
GET /api/Anagrafica/hierarchymerc/{brandId}
GET /api/Aree/merceologies-recap
GET /api/Aree/merchandise-recap-complete
GET /api/Aree/{shopCode}/{buildingId}/{mapId}
GET /api/Brand
GET /api/Brand/{brandId}
GET /api/Continent/{continentId}
GET /api/Country/{countryId}
GET /api/Export/beil-areamerceologies/{fromDate}
GET /api/Kpi
GET /api/Pdf/project/{projectId}
GET /api/Pdf/simulate/{projectId}/{storeIds}
GET /api/Pdf/{shopCode}/{buildingId}
GET /api/Pdf/{shopCode}/{buildingId}/piantine
GET /api/Pdf/{shopCode}/{buildingId}/piantine-aree
GET /api/Pdf/{shopCode}/{buildingId}/report140
GET /api/Pdf/{shopCode}/{buildingId}/stockroom
GET /api/Pdf/{shopCode}/{buildingId}/vetrine
GET /api/Pictures/batch
GET /api/Pictures/{shopCode}/{buildingId}
GET /api/Preamo
GET /api/Priority/{projectId}
GET /api/Project/{projectId}
GET /api/Store/cartigli/{shopCode}/{buildingId}
GET /api/Store/{storeIds}
GET /api/Window/{windowId}
GET /api/aree-details/{areaDetailsId}
GET /api/aree-details/{areaDetailsId}/recap
GET /api/real-estate-photo/{shopCode}/{buildingId}
GET /api/real-estate/merceologies-recap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/withrecap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/{brandId}/{shopCode}/{buildingId}
GET /api/sub-aree-details-audit/list/{subAreaDetId}
GET /api/sub-aree-details-audit/{snapshotId}
GET /api/sub-aree-details/{subAreaDetailsId}
GET /api/window-image/{windowImageId}
POST /api/AreaMerceologies
POST /api/AreaMerceologies/bulk
POST /api/Aree/upsert
POST /api/Auth/login
POST /api/Auth/refresh_token
POST /api/Excel/display-capacity/{brandId}/{shopCode}/{buildingId}
POST /api/Excel/generation
POST /api/Pdf/project
POST /api/Pictures/resize
POST /api/Priority
POST /api/Project
POST /api/Project/update
POST /api/Psd
POST /api/Test/fronti
POST /api/Window/{storeId}
POST /api/aree-details
POST /api/aree-details/edit-position
POST /api/aree-details/upload-pdf
POST /api/eventgrid/storage
POST /api/sub-aree-details
POST /api/sub-aree-details/edit-position
POST /api/sub-aree-details/upload-fronte
POST /api/window-image

Found on 2025-12-13 15:08

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: prev.cledigitale.espace-client.hellobank.fr
Port: 443
URL: https://prev.cledigitale.espace-client.hellobank.fr

First seen 2025-11-17 00:10
Last seen 2026-01-09 10:07
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-01-09 10:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: queenscliffe-api-uat.vmonline.com.au
Port: 443
URL: https://queenscliffe-api-uat.vmonline.com.au

First seen 2025-10-29 07:49
Last seen 2026-01-09 06:10
Open for 71 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496fec35e198c771c7063b67d4e68a0001fbf72084
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /BuildingPermit
POST /Land
POST /Lease
POST /Owners
POST /PlanningPermit
POST /Properties
POST /Sales
POST /SouthAustraliaProperties
POST /Token
POST /Valuation
```
  Found on 2026-01-09 06:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils-preprod.miumiu.com
Port: 443
URL: https://api-utils-preprod.miumiu.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 05:30
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-09 05:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils.carshoe.com
Port: 443
URL: https://api-utils.carshoe.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 05:30
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-09 05:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: api-utils-dev.prada.com
Port: 443
URL: https://api-utils-dev.prada.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 04:57
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb450568cc07178d73e7178d73e7178d73e7178d73e
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /liveness
POST /cybersource/responseUrl
```
  Found on 2026-01-09 04:57
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: prev.connexion-mabanque.bnpparibas
Port: 443
URL: https://prev.connexion-mabanque.bnpparibas

First seen 2025-11-17 00:10
Last seen 2026-01-09 04:07
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-01-09 04:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: productconfiguration.custommade.suitsupply.com
Port: 443
URL: https://productconfiguration.custommade.suitsupply.com

First seen 2025-12-09 08:37
Last seen 2026-01-09 03:44
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354920c561732d0124b5d494beef2f5a88ab638d8ad0
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/configurations
GET /v1/configurations/{id}
GET /v1/legacy/configurations/{id}
GET /v1/sub-configurations/prices
GET /v1/sub-configurations/{id}
POST /v1/configurations/{id}/validate
PUT /v1/configurations/size-passport-ids
PUT /v1/configurations/{id}/country-code
```
  Found on 2026-01-09 03:44
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: puntivendita-tst.prada.com
Port: 443
URL: https://puntivendita-tst.prada.com

First seen 2025-11-16 11:29
Last seen 2026-01-09 01:31
Open for 53 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496bf479f767f82a86d02349b40f083f11b6f89294

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AreaMerceologies/{id}
GET /Proxy/{path}
GET /api/Anagrafica/hierarchybygender/{brandId}
GET /api/Anagrafica/hierarchymerc/{brandId}
GET /api/Aree/merceologies-recap
GET /api/Aree/merchandise-recap-complete
GET /api/Aree/{shopCode}/{buildingId}/{mapId}
GET /api/Brand
GET /api/Brand/{brandId}
GET /api/Continent/{continentId}
GET /api/Country/{countryId}
GET /api/Export/beil-areamerceologies/{fromDate}
GET /api/Kpi
GET /api/Pdf/project/{projectId}
GET /api/Pdf/simulate/{projectId}/{storeIds}
GET /api/Pdf/{shopCode}/{buildingId}
GET /api/Pdf/{shopCode}/{buildingId}/piantine
GET /api/Pdf/{shopCode}/{buildingId}/piantine-aree
GET /api/Pdf/{shopCode}/{buildingId}/report140
GET /api/Pdf/{shopCode}/{buildingId}/stockroom
GET /api/Pdf/{shopCode}/{buildingId}/vetrine
GET /api/Pictures/batch
GET /api/Pictures/{shopCode}/{buildingId}
GET /api/Preamo
GET /api/Priority/{projectId}
GET /api/Project/{projectId}
GET /api/Store/cartigli/{shopCode}/{buildingId}
GET /api/Store/{storeIds}
GET /api/Window/{windowId}
GET /api/aree-details/{areaDetailsId}
GET /api/aree-details/{areaDetailsId}/recap
GET /api/real-estate-photo/{shopCode}/{buildingId}
GET /api/real-estate/merceologies-recap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/withrecap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/{brandId}/{shopCode}/{buildingId}
GET /api/sub-aree-details-audit/list/{subAreaDetId}
GET /api/sub-aree-details-audit/{snapshotId}
GET /api/sub-aree-details/{subAreaDetailsId}
GET /api/window-image/{windowImageId}
POST /api/AreaMerceologies
POST /api/AreaMerceologies/bulk
POST /api/AreaMerceologies/calculate-macrocode
POST /api/Aree/upsert
POST /api/Auth/login
POST /api/Auth/refresh_token
POST /api/Excel/display-capacity/{brandId}/{shopCode}/{buildingId}
POST /api/Excel/generation
POST /api/Pdf/project
POST /api/Pictures/resize
POST /api/Priority
POST /api/Project
POST /api/Project/update
POST /api/Psd
POST /api/Test/fronti
POST /api/Window/{storeId}
POST /api/aree-details
POST /api/aree-details/edit-position
POST /api/aree-details/upload-pdf
POST /api/eventgrid/storage
POST /api/sub-aree-details
POST /api/sub-aree-details/edit-position
POST /api/sub-aree-details/upload-fronte
POST /api/window-image

Found on 2026-01-09 01:31

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496bf479f767f82a86d02349b40f083f11a61ca6c4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AreaMerceologies/{id}
GET /Proxy/{path}
GET /api/Anagrafica/hierarchybygender/{brandId}
GET /api/Anagrafica/hierarchymerc/{brandId}
GET /api/Aree/merceologies-recap
GET /api/Aree/merchandise-recap-complete
GET /api/Aree/{shopCode}/{buildingId}/{mapId}
GET /api/Brand
GET /api/Brand/{brandId}
GET /api/Continent/{continentId}
GET /api/Country/{countryId}
GET /api/Export/beil-areamerceologies/{fromDate}
GET /api/Kpi
GET /api/Pdf/project/{projectId}
GET /api/Pdf/simulate/{projectId}/{storeIds}
GET /api/Pdf/{shopCode}/{buildingId}
GET /api/Pdf/{shopCode}/{buildingId}/piantine
GET /api/Pdf/{shopCode}/{buildingId}/piantine-aree
GET /api/Pdf/{shopCode}/{buildingId}/report140
GET /api/Pdf/{shopCode}/{buildingId}/stockroom
GET /api/Pdf/{shopCode}/{buildingId}/vetrine
GET /api/Pictures/batch
GET /api/Pictures/{shopCode}/{buildingId}
GET /api/Preamo
GET /api/Priority/{projectId}
GET /api/Project/{projectId}
GET /api/Store/cartigli/{shopCode}/{buildingId}
GET /api/Store/{storeIds}
GET /api/Window/{windowId}
GET /api/aree-details/{areaDetailsId}
GET /api/aree-details/{areaDetailsId}/recap
GET /api/real-estate-photo/{shopCode}/{buildingId}
GET /api/real-estate/merceologies-recap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/withrecap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/{brandId}/{shopCode}/{buildingId}
GET /api/sub-aree-details-audit/list/{subAreaDetId}
GET /api/sub-aree-details-audit/{snapshotId}
GET /api/sub-aree-details/{subAreaDetailsId}
GET /api/window-image/{windowImageId}
POST /api/AreaMerceologies
POST /api/AreaMerceologies/bulk
POST /api/Aree/upsert
POST /api/Auth/login
POST /api/Auth/refresh_token
POST /api/Excel/display-capacity/{brandId}/{shopCode}/{buildingId}
POST /api/Excel/generation
POST /api/Pdf/project
POST /api/Pictures/resize
POST /api/Priority
POST /api/Project
POST /api/Project/update
POST /api/Psd
POST /api/Test/fronti
POST /api/Window/{storeId}
POST /api/aree-details
POST /api/aree-details/edit-position
POST /api/aree-details/upload-pdf
POST /api/eventgrid/storage
POST /api/sub-aree-details
POST /api/sub-aree-details/edit-position
POST /api/sub-aree-details/upload-fronte
POST /api/window-image

Found on 2025-12-13 13:31

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60ecfcad0c1bd87be3241724c387c789e4e86caeb9

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/AreaMerceologies/{id}
GET /Proxy/{path}
GET /api/Anagrafica/hierarchybygender/{brandId}
GET /api/Anagrafica/hierarchymerc/{brandId}
GET /api/Aree/merceologies-recap
GET /api/Aree/merchandise-recap-complete
GET /api/Aree/{shopCode}/{buildingId}/{mapId}
GET /api/Brand
GET /api/Brand/{brandId}
GET /api/Continent/{continentId}
GET /api/Country/{countryId}
GET /api/Export/beil-areamerceologies/{fromDate}
GET /api/Kpi
GET /api/Pdf/project/{projectId}
GET /api/Pdf/simulate/{projectId}/{storeIds}
GET /api/Pdf/{shopCode}/{buildingId}
GET /api/Pdf/{shopCode}/{buildingId}/piantine
GET /api/Pdf/{shopCode}/{buildingId}/piantine-aree
GET /api/Pdf/{shopCode}/{buildingId}/report140
GET /api/Pdf/{shopCode}/{buildingId}/stockroom
GET /api/Pdf/{shopCode}/{buildingId}/vetrine
GET /api/Pictures/batch
GET /api/Pictures/{shopCode}/{buildingId}
GET /api/Preamo
GET /api/Priority/{projectId}
GET /api/Project/{projectId}
GET /api/Store/cartigli/{shopCode}/{buildingId}
GET /api/Store/{storeIds}
GET /api/Window/{windowId}
GET /api/aree-details/{areaDetailsId}
GET /api/aree-details/{areaDetailsId}/recap
GET /api/real-estate-photo/{shopCode}/{buildingId}
GET /api/real-estate/merceologies-recap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/withrecap/{brandId}/{shopCode}/{buildingId}
GET /api/real-estate/{brandId}/{shopCode}/{buildingId}
GET /api/sub-aree-details-audit/list/{subAreaDetId}
GET /api/sub-aree-details-audit/{snapshotId}
GET /api/sub-aree-details/{subAreaDetailsId}
GET /api/window-image/{windowImageId}
POST /api/AreaMerceologies
POST /api/AreaMerceologies/bulk
POST /api/Aree/upsert
POST /api/Auth/login
POST /api/Auth/refresh_token
POST /api/Excel/display-capacity/{brandId}/{shopCode}/{buildingId}
POST /api/Excel/generation
POST /api/Pdf/project
POST /api/Pictures/resize
POST /api/Priority
POST /api/Project
POST /api/Project/update
POST /api/Psd
POST /api/Test/fronti
POST /api/Window/{storeId}
POST /api/aree-details
POST /api/aree-details/edit-position
POST /api/aree-details/upload-pdf
POST /api/eventgrid/storage
POST /api/sub-aree-details
POST /api/sub-aree-details/edit-position
POST /api/sub-aree-details/upload-fronte
POST /api/window-image

Found on 2025-11-29 01:12

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: prev-espace-client.hellobank.fr
Port: 443
URL: https://prev-espace-client.hellobank.fr

First seen 2025-11-17 00:10
Last seen 2026-01-09 01:07
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-01-09 01:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: sandbox.espace-client.hellobank.fr
Port: 443
URL: https://sandbox.espace-client.hellobank.fr

First seen 2025-11-17 00:08
Last seen 2026-01-08 22:21
Open for 52 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-01-08 22:21
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 23.50.131.145
Domain: www.datos.gob.mx
Port: 443
URL: https://www.datos.gob.mx

First seen 2025-10-26 00:09
Last seen 2026-01-02 18:30
Open for 68 days

Severity: medium
Fingerprint: 5f32cf5d6962f09c8efce1938efce193a12570f5215ad8ef1b10714a75347322

Found 36 files trough .DS_Store spidering:

/base
/base/css
/base/images
/base/images/background-tile.png
/base/images/bg.png
/base/images/ckan-logo-footer.png
/base/images/ckan-logo.png
/base/images/ckan.ico
/base/images/dashboard-followee-related.png
/base/images/default.svg
/base/images/favicon.png
/base/images/gobmx
/base/images/gobmx/datos_abiertos.svg
/base/images/gobmx/footer
/base/images/gobmx/footer/ic_facebook.svg
/base/images/gobmx/footer/ic_twitter.svg
/base/images/gobmx/group
/base/images/gobmx/home
/base/images/gobmx/home/billboard_banner.jpg
/base/images/gobmx/Logo Gobierno 2025.png
/base/images/gobmx/logo_gob_mx.svg
/base/images/gobmx/organization
/base/images/gobmx/search
/base/images/gobmx/sistema_ajolote.svg
/base/images/gobmx/viz
/base/images/od_80x15_blue.png
/base/images/placeholder-420x220.png
/base/images/placeholder-group.png
/base/images/placeholder-organization.png
/base/images/placeholder-user.png
/base/images/sprite-resource-icons.png
/base/images/table-seperator.png
/base/javascript
/base/scss
/base/vendor
/fonts

Found on 2026-01-02 18:30

Severity: medium
Fingerprint: 5f32cf5d6962f09c2acf29aa2acf29aa3540e3faf8e76f5af0e5c26bebc0fabd

Found 33 files trough .DS_Store spidering:

/base
/base/css
/base/images
/base/images/background-tile.png
/base/images/bg.png
/base/images/ckan-logo-footer.png
/base/images/ckan-logo.png
/base/images/ckan.ico
/base/images/dashboard-followee-related.png
/base/images/default.svg
/base/images/favicon.png
/base/images/gobmx
/base/images/gobmx/datos_abiertos.svg
/base/images/gobmx/footer
/base/images/gobmx/group
/base/images/gobmx/home
/base/images/gobmx/Logo Gobierno 2025.png
/base/images/gobmx/logo_gob_mx.svg
/base/images/gobmx/organization
/base/images/gobmx/search
/base/images/gobmx/sistema_ajolote.svg
/base/images/gobmx/viz
/base/images/od_80x15_blue.png
/base/images/placeholder-420x220.png
/base/images/placeholder-group.png
/base/images/placeholder-organization.png
/base/images/placeholder-user.png
/base/images/sprite-resource-icons.png
/base/images/table-seperator.png
/base/javascript
/base/scss
/base/vendor
/fonts

Found on 2025-11-14 11:46

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 23.50.131.145
Domain: iris.vegas.com
Port: 443
URL: https://iris.vegas.com

First seen 2025-11-22 11:52
Last seen 2026-01-02 12:41
Open for 41 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3664684a3dd695861fce92a8a8a42feda8a42feda

GraphQL introspection enabled at /graphql
Types: 103 (by kind: ENUM: 9, INPUT_OBJECT: 14, OBJECT: 72, SCALAR: 8)
Operations:
- Query: Query | fields: bazaarVoiceReviews, contentEntry, inventory, product, productLink
Directives: cacheControl, deprecated, include, oneOf, skip, specifiedBy (total: 6)

Found on 2026-01-02 12:41

124.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3171832053e7025c750539f640668ee500668ee50

GraphQL introspection enabled at /graphql
Types: 102 (by kind: ENUM: 9, INPUT_OBJECT: 14, OBJECT: 71, SCALAR: 8)
Operations:
- Query: Query | fields: bazaarVoiceReviews, contentEntry, inventory, product, productLink
Directives: cacheControl, deprecated, include, oneOf, skip, specifiedBy (total: 6)

Found on 2025-12-16 14:05

123.4 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: melton-api-uat.vmonline.com.au
Port: 443
URL: https://melton-api-uat.vmonline.com.au

First seen 2025-12-04 22:11
Last seen 2026-01-02 05:39
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496fec35e198c771c7063b67d4e68a0001fbf72084
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /BuildingPermit
POST /Land
POST /Lease
POST /Owners
POST /PlanningPermit
POST /Properties
POST /Sales
POST /SouthAustraliaProperties
POST /Token
POST /Valuation
```
  Found on 2026-01-02 05:39
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 23.50.131.145
Domain: awardaccess.com
Port: 443
URL: https://awardaccess.com

First seen 2025-10-22 14:18
Last seen 2025-12-31 04:01
Open for 69 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa337aebf941839cd5838f6675897acd9d45a357253

GraphQL introspection enabled at /graphql
Types: 260 (by kind: ENUM: 17, INPUT_OBJECT: 65, INTERFACE: 13, OBJECT: 160, SCALAR: 5)
Operations:
- Query: Query | fields: cart, category, categoryList, checkoutAgreements, cmsBlocks
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addSimpleProductsToCart, addVirtualProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-31 04:01

413.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e29f81aaefbf4166bdfdc7c16526546a1bfdd42916

GraphQL introspection enabled at /graphql/api
Types: 260 (by kind: ENUM: 17, INPUT_OBJECT: 65, INTERFACE: 13, OBJECT: 160, SCALAR: 5)
Operations:
- Query: Query | fields: cart, category, categoryList, checkoutAgreements, cmsBlocks
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addSimpleProductsToCart, addVirtualProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-17 03:39

413.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa337aebf941839cd5838f6675897acd9d4d3b1c22c

GraphQL introspection enabled at /graphql
Types: 260 (by kind: ENUM: 17, INPUT_OBJECT: 65, INTERFACE: 13, OBJECT: 160, SCALAR: 5)
Operations:
- Query: Query | fields: cart, category, categoryList, checkoutAgreements, cmsBlocks
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addSimpleProductsToCart, addVirtualProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-01 12:48

413.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e29f81aaefbf4166bdfdc7c16526546a1b7a68babb

GraphQL introspection enabled at /graphql/api
Types: 260 (by kind: ENUM: 17, INPUT_OBJECT: 65, INTERFACE: 13, OBJECT: 160, SCALAR: 5)
Operations:
- Query: Query | fields: cart, category, categoryList, checkoutAgreements, cmsBlocks
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addSimpleProductsToCart, addVirtualProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-14 14:17

413.4 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: ms-enrollment-service.qa.ehealthmedicareplans.com
Port: 443
URL: https://ms-enrollment-service.qa.ehealthmedicareplans.com

First seen 2025-11-22 07:44
Last seen 2025-12-16 20:52
Open for 24 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b0e46de342099c4844adb7f3f8d4ae8bd6e791cef
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /v1/tokens/{application_id}
GET /v1/applications/summary/{application_id}
GET /v1/applications/{application_id}
GET /v1/applications/{application_id}/pdf
GET /v1/applications/{application_id}/xml
GET /v1/tpi/{application_id}
PATCH /v1/applications/{application_id}/associate-uuid
POST /v1/applications/{applicationId}/submit
POST /v1/fast-apply-v2
```
  Found on 2025-12-16 20:52
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 23.50.131.145
Domain: datos.gob.mx
Port: 443
URL: https://datos.gob.mx

First seen 2025-10-26 00:09
Last seen 2025-11-12 07:18
Open for 17 days

Severity: medium
Fingerprint: 5f32cf5d6962f09c8efce1938efce193a12570f5215ad8ef1b10714a75347322

Found 36 files trough .DS_Store spidering:

/base
/base/css
/base/images
/base/images/background-tile.png
/base/images/bg.png
/base/images/ckan-logo-footer.png
/base/images/ckan-logo.png
/base/images/ckan.ico
/base/images/dashboard-followee-related.png
/base/images/default.svg
/base/images/favicon.png
/base/images/gobmx
/base/images/gobmx/datos_abiertos.svg
/base/images/gobmx/footer
/base/images/gobmx/footer/ic_facebook.svg
/base/images/gobmx/footer/ic_twitter.svg
/base/images/gobmx/group
/base/images/gobmx/home
/base/images/gobmx/home/billboard_banner.jpg
/base/images/gobmx/Logo Gobierno 2025.png
/base/images/gobmx/logo_gob_mx.svg
/base/images/gobmx/organization
/base/images/gobmx/search
/base/images/gobmx/sistema_ajolote.svg
/base/images/gobmx/viz
/base/images/od_80x15_blue.png
/base/images/placeholder-420x220.png
/base/images/placeholder-group.png
/base/images/placeholder-organization.png
/base/images/placeholder-user.png
/base/images/sprite-resource-icons.png
/base/images/table-seperator.png
/base/javascript
/base/scss
/base/vendor
/fonts

Found on 2025-11-12 07:18

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 23.50.131.145
Domain: dev.tribalworldwide.es
Port: 80
URL: http://dev.tribalworldwide.es

First seen 2025-10-02 16:37
Last seen 2025-10-18 23:08
Open for 16 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d8c99f75a8c99f75a8c99f75a8c99f75a
```
Found 1 files trough .DS_Store spidering:

/src
```
  Found on 2025-10-18 23:08
Create report

Open service 23.50.131.145:443 · atg-audio.com

2026-01-12 21:18

HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 367
Expires: Mon, 12 Jan 2026 21:18:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 12 Jan 2026 21:18:04 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Server-Timing: ak_p; desc="1768252684339_389224216_1855033347_31_14825_11_83_-";dur=1

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;atg&#45;audio&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;18173317&#46;1768252684&#46;6e919003
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;18173317&#46;1768252684&#46;6e919003</P>
</BODY>
</HTML>

Found 2 days ago by HttpPlugin