LeakIX - Host 40.119.12.82

Host 40.119.12.82

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Ubuntu

Software information

Kestrel Kestrel

tcp/443 tcp/80

gunicorn

tcp/443 tcp/80

nginx nginx 1.29.4

tcp/443

nginx nginx 1.23.4

tcp/443

nginx nginx 1.28.0

tcp/443

nginx nginx

tcp/443 tcp/80

nginx nginx 1.18.0

tcp/443

nginx nginx 1.27.4

tcp/443

unknown

tcp/443

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: api-qa.planrollouts.com
Port: 443
URL: https://api-qa.planrollouts.com

First seen 2025-12-07 00:40
Last seen 2026-02-09 14:59
Open for 64 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035498bc9b856620a90a1ff7a0a25ddcf2790ebb018df
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Participants/status
POST /api/v1/OAuth/Token
POST /api/v1/Participants
POST /api/v1/Participants/Search
POST /api/v1/Participants/upload-pdf
```
  Found on 2026-02-09 14:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: pensionproapi-qa.plannotice.com
Port: 443
URL: https://pensionproapi-qa.plannotice.com

First seen 2025-12-29 11:02
Last seen 2026-02-09 14:48
Open for 42 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035498ae12abcad3195041689161d3cc6b7a8a9feb41e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Accounts/tpa-billing-report
GET /api/v1/Accounts/{pensionProTpaId}
GET /api/v1/Accounts/{pensionProTpaId}/plans
GET /api/v1/Accounts/{pensionProTpaId}/users
POST /api/v1/Accounts/noticeRequest
POST /api/v1/Accounts/setup
POST /api/v1/Accounts/uploadCensus
POST /api/v1/OAuth/Token
PUT /api/v1/Accounts/{pensionProTpaId}/plans/{pensionProPlanId}
PUT /api/v1/Accounts/{pensionProTpaId}/users/{pensionProUserId}
```
  Found on 2026-02-09 14:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: qpfc.api.vergentlms.com
Port: 443
URL: https://qpfc.api.vergentlms.com

First seen 2025-12-19 04:58
Last seen 2026-02-02 12:06
Open for 45 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 12:06
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 40.119.12.82
Domain: ai.crol.mx
Port: 443
URL: https://ai.crol.mx

First seen 2025-11-12 18:50
Last seen 2026-02-02 12:03
Open for 81 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0f253daf9a881ea764d8176276d8176276
```
Found 3 files trough .DS_Store spidering:

/build
/docs
/storage
```
  Found on 2026-02-02 12:03
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: qpfc.ext.api.vergentlms.com
Port: 443
URL: https://qpfc.ext.api.vergentlms.com

First seen 2026-01-06 08:11
Last seen 2026-02-02 07:58
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 07:58
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: mngweb.celltrion.com.br
Port: 443
URL: https://mngweb.celltrion.com.br

First seen 2025-12-29 10:43
Last seen 2026-02-02 06:17
Open for 34 days

Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec220724c3f8131092954ad23b4bf6fdd539690392

Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
GET /api/boards
GET /api/boards/exist/code
GET /api/boards/exist/{no}
GET /api/boards/info/{code}
GET /api/boards/{no}
GET /api/codes/main-codes
GET /api/codes/main-codes/all
GET /api/codes/main-codes/exist/code/{code}
GET /api/codes/main-codes/exist/name/{name}
GET /api/codes/main-codes/{code}
GET /api/codes/sub-codes
GET /api/codes/sub-codes/all
GET /api/codes/sub-codes/exist/code/{mainCd}/{code}
GET /api/codes/sub-codes/exist/count/{mainCd}
GET /api/codes/sub-codes/exist/name/{mainCd}/{name}
GET /api/codes/sub-codes/exist/nameEng/{mainCd}/{nameEng}
GET /api/codes/sub-codes/{mainCd}/{code}
GET /api/common/current-account-info
GET /api/common/files/download
GET /api/common/site-info
GET /api/contact-us/cdmo
GET /api/contact-us/cdmo/{no}
GET /api/contact-us/common/{type}
GET /api/contact-us/common/{type}/{no}
GET /api/contact-us/email
GET /api/contact-us/email/{no}
GET /api/contact-us/ethical
GET /api/contact-us/ethical/{no}
GET /api/contact-us/procure
GET /api/contact-us/procure/{no}
GET /api/contents/{code}
GET /api/contents/{code}/last-contents
GET /api/contents/{code}/{no}
GET /api/display/popups
GET /api/display/popups/common-setting
GET /api/display/popups/{no}
GET /api/esg/directorate
GET /api/esg/directorate/sort
GET /api/esg/directorate/{no}
GET /api/family-site
GET /api/history
GET /api/history/exist/year
GET /api/history/{no}
GET /api/ir/shareholder
GET /api/menus/all
GET /api/menus/authorities/{authNo}/gnb
GET /api/menus/authorities/{authNo}/lnb
GET /api/menus/current/name
GET /api/permission/{type}
GET /api/permission/{type}/cert/{no}
GET /api/permission/{type}/sort
GET /api/permission/{type}/{no}
GET /api/pipeline/{type}
GET /api/pipeline/{type}/sort
GET /api/pipeline/{type}/{no}
GET /api/qrcode
GET /api/qrcode/download/{no}
GET /api/qrcode/{no}
GET /api/recruit
GET /api/superintend/accounts
GET /api/superintend/accounts/all
GET /api/superintend/accounts/authorities/{authNo}
GET /api/superintend/accounts/exist/{id}
GET /api/superintend/accounts/{no}
GET /api/superintend/authorities
GET /api/superintend/authorities/all
GET /api/superintend/authorities/{no}
GET /api/superintend/logs/authority
GET /api/superintend/logs/login
GET /api/superintend/logs/pi-access
GET /api/superintend/policies
GET /api/terms/{type}
GET /api/terms/{type}/last-contents
GET /api/terms/{type}/{no}
POST /api/common/files/upload/editor/image
POST /api/login/code-auth
POST /api/login/code-mail
POST /api/login/pre-check
PUT /api/display/popups/common-setting/{closePolicy}
PUT /api/display/popups/yn/{no}
PUT /api/superintend/accounts/my
PUT /api/superintend/accounts/password
PUT /api/superintend/accounts/password/reset/{no}

Found on 2026-02-02 06:17

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 40.119.12.82
Domain: docs.equifyllc.com
Port: 443
URL: https://docs.equifyllc.com

First seen 2024-09-06 19:29
Last seen 2026-02-02 02:58
Open for 513 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d325beceb325beceb325beceb325beceb
```
Found 1 files trough .DS_Store spidering:

/assets
```
  Found on 2026-02-02 02:58
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: stg-pb-api-acna.atlascopco.group
Port: 443
URL: https://stg-pb-api-acna.atlascopco.group

First seen 2025-12-25 06:50
Last seen 2026-02-01 23:42
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549fcb09f809c1a1b5f9315d16fcb2d8e389d59356d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1
GET /api/v1/auth/user-role
GET /api/v1/blockers/read
GET /api/v1/blockers/read-is
GET /api/v1/emails/get-email-customer-template
GET /api/v1/emails/get-employees-emails
GET /api/v1/employees/planners
GET /api/v1/employees/technicians
GET /api/v1/employees/unassignmentAllValidation
GET /api/v1/employees/unassignmentValidation
GET /api/v1/jobs/assigned
GET /api/v1/jobs/awaitNewAssignmentJobsAmount
GET /api/v1/jobs/jobDetails
GET /api/v1/jobs/locations
GET /api/v1/jobs/unassigned/column-values
GET /api/v1/jobs/unassigned/job
GET /api/v1/jobs/unassigned/job-numbers
GET /api/v1/public-holidays/read
GET /api/v1/reminders/read
GET /api/v1/settings/read
POST /api/v1/blockers/create
POST /api/v1/blockers/delete
POST /api/v1/blockers/reassign
POST /api/v1/blockers/update
POST /api/v1/emails/create-email-log
POST /api/v1/emails/send-email
POST /api/v1/emails/send-schedule-email
POST /api/v1/jobs/assign
POST /api/v1/jobs/attachFilesToEventAndWorkOrder
POST /api/v1/jobs/edit
POST /api/v1/jobs/reassign
POST /api/v1/jobs/unassign
POST /api/v1/jobs/unassigned
POST /api/v1/reminders/create
POST /api/v1/reminders/create-for-technicians
POST /api/v1/reminders/delete
POST /api/v1/reminders/reassign
POST /api/v1/reminders/update
POST /api/v1/settings/save

Found on 2026-02-01 23:42

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-27 02:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: fae-api-latest.azure.chevron.com
Port: 443
URL: https://fae-api-latest.azure.chevron.com

First seen 2025-12-26 07:22
Last seen 2026-02-01 22:24
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ddc651c4b69347da64046475a6878a54c7bff307

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /business-units
GET /business-units/{id}/contractors
GET /business-units/{id}/hierarchy
GET /business-units/{id}/logo
GET /business-units/{id}/users
GET /engagement-definitions
GET /engagement-definitions/{id}/protocols
GET /engagement-definitions/{id}/questions
GET /engagements
GET /engagements/counts
GET /engagements/outdated
GET /engagements/{id}
GET /engagements/{id}/protocols
GET /engagements/{id}/question-answers
GET /engagements/{id}/question-answers/{questionId}/attachments
GET /engagements/{id}/question-answers/{questionId}/attachments/{fileName}
GET /features
GET /info
GET /ping
GET /registrations/business-units
GET /registrations/{businessUnitId}/contractors
GET /revalidations
GET /revalidations/counts
GET /users
GET /users/graph
GET /users/me
GET /users/{id}
POST /business-units/hierarchy
POST /engagement-definitions/{definitionId}/protocol/{protocolId}/question
POST /engagement-definitions/{id}/protocol
POST /registrations
POST /revalidations/{id}/attempts/{questionId}
PUT /engagement-definitions/{definitionId}/protocol/{id}
PUT /engagement-definitions/{definitionId}/protocol/{protocolId}/question/{id}

Found on 2026-02-01 22:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: subscriptions-qa.plannotice.com
Port: 443
URL: https://subscriptions-qa.plannotice.com

First seen 2025-12-29 10:52
Last seen 2026-01-29 23:19
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354963f030aa1fcb3f1cc20d2396c1f45bc1bd6f3f43

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Invoices/{id}
DELETE /api/Invoices/{invoiceItemId}/invoiceitem
GET /WeatherForecast
GET /api/BillToTypes
GET /api/BillToTypes/{id}
GET /api/BillingCycles
GET /api/BillingCycles/{id}
GET /api/BillingUnits
GET /api/BillingUnits/productService/{productServiceId}
GET /api/BillingUnits/{id}
GET /api/InvoiceRecipientTypes
GET /api/InvoiceRecipientTypes/{id}
GET /api/Invoices/active/subscription/{subscriptionId}
GET /api/Invoices/eligibleforsftpupload
GET /api/Invoices/getbysubscription/{subscriptionId}/{skip}/{take}
GET /api/Invoices/getbysubscriptionId/{subscriptionId}
GET /api/Invoices/itemsbybillingcycle/{billingCycleId}
GET /api/Invoices/records
GET /api/Invoices/voided/subscription/{subscriptionId}
GET /api/Invoices/{invoiceId}
GET /api/Invoices/{invoiceId}/items
GET /api/Invoices/{invoiceId}/items/data
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}/data
GET /api/Invoices/{invoiceId}/record
GET /api/PaymentRevenueCommission
GET /api/PaymentRevenueCommission/get_all_by_rcd_Id/{revenueCommissionDetailId}
GET /api/PaymentRevenueCommission/{id}
GET /api/ProductServiceBillingUnits
GET /api/ProductServiceBillingUnits/{productServiceBillingUnitId}
GET /api/ProductServices
GET /api/ProductServices/GetAllProductServiceDropDown
GET /api/ProductServices/GetByProductAndServiceId/{productId}/{serviceId}
GET /api/ProductServices/GetPlansWithNoticingEscalation
GET /api/ProductServices/bysubscriptionId
GET /api/ProductServices/{productServiceId}
GET /api/Products
GET /api/Products/getbyCode/{productCode}
GET /api/Products/{id}
GET /api/RevenueCommissions
GET /api/RevenueCommissions/revenuecommissiondetail/{invoiceId}
GET /api/RevenueCommissions/{id}
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail/{revenueCommissionDetailId}
GET /api/Services
GET /api/Services/getbyCode/{serviceCode}
GET /api/Services/{id}
GET /api/SubscriptionContractItems
GET /api/SubscriptionContractItems/{id}
GET /api/SubscriptionWorkerAccounts
GET /api/SubscriptionWorkerAccounts/GetBillableAccounts/{accountId}/{canCreateOrders}
GET /api/SubscriptionWorkerAccounts/GetSubscriptionWorkerAccountsBySubscriptionId/{subscriptinId}
GET /api/SubscriptionWorkerAccounts/WorkerAccountBySubscriptionId/{subscriptionId}
GET /api/SubscriptionWorkerAccounts/{id}
GET /api/SubscriptionWorkerAccounts/{subscriptionId}/{accountId}
GET /api/Subscriptions
GET /api/Subscriptions/GetSubscriptionItemsByPlanIdAndProductCode/{planId}/{productCode}
GET /api/Subscriptions/SubscriptionAccounts
GET /api/Subscriptions/SubscriptionByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByRequestedAccountId/{accountId}
GET /api/Subscriptions/UpdateInvoiceItemsPlanId
GET /api/Subscriptions/UpdateMigratedSubscriptionData
GET /api/Subscriptions/subscription/items/{subscriptionItemId}
GET /api/Subscriptions/{id}
GET /api/Subscriptions/{productServiceId}/GetSubscriptionItemsByProductServiceId
GET /api/Subscriptions/{subscriptionId}/items
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data/{subscriptionItemDataId}
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/GetSubscriptionItemsBySubscriptionIdAndProductServiceId
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/{planId}/GetSubscriptionItemsBySubscriptionIdProductServiceIdAndPlanId
POST /api/Invoices
POST /api/Invoices/Ids
POST /api/Invoices/Ids/records
POST /api/Invoices/bulk/itemdata
POST /api/Invoices/download/getfilteredAccountinvoices/{fileType}/{search}
POST /api/Invoices/download/getfilteredinvoices/{fileType}/{search}
POST /api/Invoices/getfilteredAccountinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoicesIds/{search}
POST /api/Invoices/getinvoiceitemsbyinvoiceid/{invoiceId}/{skip}/{take}/{search}
POST /api/Invoices/void/subscription
POST /api/Oauth/token
POST /api/ProductServices/GetAllProductService/{skip}/{take}/{search}
POST /api/RevenueCommissions/items/{search}/{skip}/{take}
POST /api/SubscriptionContractItems/{skip}/{take}
POST /api/SubscriptionWorkerAccounts/{skip}/{take}
POST /api/Subscriptions/GetSubscriptionItemsByPlanIdsAndProductServiceId
POST /api/Subscriptions/PlanSubscriptionLocationServices
POST /api/Subscriptions/SubscriptionWorkerAccountBillings
POST /api/Subscriptions/plan/{planId}/items/{skip}/{take}/{search}/{includePagination}
POST /api/Subscriptions/subscription/items/bulk
POST /api/Subscriptions/subscriptionItems/{search}
POST /api/Subscriptions/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/BulkItems
POST /api/Subscriptions/{subscriptionId}/grouped-items/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/items/{skip}/{take}/{search}

Found on 2026-01-29 23:19

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354963f030aa1fcb3f1cc20d2396c1f45bc1fa737892

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Invoices/{id}
DELETE /api/Invoices/{invoiceItemId}/invoiceitem
GET /WeatherForecast
GET /api/BillToTypes
GET /api/BillToTypes/{id}
GET /api/BillingCycles
GET /api/BillingCycles/{id}
GET /api/BillingUnits
GET /api/BillingUnits/productService/{productServiceId}
GET /api/BillingUnits/{id}
GET /api/InvoiceRecipientTypes
GET /api/InvoiceRecipientTypes/{id}
GET /api/Invoices/eligibleforsftpupload
GET /api/Invoices/getbysubscription/{subscriptionId}/{skip}/{take}
GET /api/Invoices/getbysubscriptionId/{subscriptionId}
GET /api/Invoices/itemsbybillingcycle/{billingCycleId}
GET /api/Invoices/records
GET /api/Invoices/{invoiceId}
GET /api/Invoices/{invoiceId}/items
GET /api/Invoices/{invoiceId}/items/data
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}/data
GET /api/Invoices/{invoiceId}/record
GET /api/PaymentRevenueCommission
GET /api/PaymentRevenueCommission/get_all_by_rcd_Id/{revenueCommissionDetailId}
GET /api/PaymentRevenueCommission/{id}
GET /api/ProductServiceBillingUnits
GET /api/ProductServiceBillingUnits/{productServiceBillingUnitId}
GET /api/ProductServices
GET /api/ProductServices/GetAllProductServiceDropDown
GET /api/ProductServices/GetByProductAndServiceId/{productId}/{serviceId}
GET /api/ProductServices/GetPlansWithNoticingEscalation
GET /api/ProductServices/bysubscriptionId
GET /api/ProductServices/{productServiceId}
GET /api/Products
GET /api/Products/getbyCode/{productCode}
GET /api/Products/{id}
GET /api/RevenueCommissions
GET /api/RevenueCommissions/revenuecommissiondetail/{invoiceId}
GET /api/RevenueCommissions/{id}
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail/{revenueCommissionDetailId}
GET /api/Services
GET /api/Services/getbyCode/{serviceCode}
GET /api/Services/{id}
GET /api/SubscriptionContractItems
GET /api/SubscriptionContractItems/{id}
GET /api/SubscriptionWorkerAccounts
GET /api/SubscriptionWorkerAccounts/GetBillableAccounts/{accountId}/{canCreateOrders}
GET /api/SubscriptionWorkerAccounts/GetSubscriptionWorkerAccountsBySubscriptionId/{subscriptinId}
GET /api/SubscriptionWorkerAccounts/WorkerAccountBySubscriptionId/{subscriptionId}
GET /api/SubscriptionWorkerAccounts/{id}
GET /api/SubscriptionWorkerAccounts/{subscriptionId}/{accountId}
GET /api/Subscriptions
GET /api/Subscriptions/GetSubscriptionItemsByPlanIdAndProductCode/{planId}/{productCode}
GET /api/Subscriptions/SubscriptionAccounts
GET /api/Subscriptions/SubscriptionByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByRequestedAccountId/{accountId}
GET /api/Subscriptions/UpdateInvoiceItemsPlanId
GET /api/Subscriptions/UpdateMigratedSubscriptionData
GET /api/Subscriptions/subscription/items/{subscriptionItemId}
GET /api/Subscriptions/{id}
GET /api/Subscriptions/{productServiceId}/GetSubscriptionItemsByProductServiceId
GET /api/Subscriptions/{subscriptionId}/items
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data/{subscriptionItemDataId}
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/GetSubscriptionItemsBySubscriptionIdAndProductServiceId
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/{planId}/GetSubscriptionItemsBySubscriptionIdProductServiceIdAndPlanId
POST /api/Invoices
POST /api/Invoices/Ids
POST /api/Invoices/Ids/records
POST /api/Invoices/bulk/itemdata
POST /api/Invoices/download/getfilteredAccountinvoices/{fileType}/{search}
POST /api/Invoices/download/getfilteredinvoices/{fileType}/{search}
POST /api/Invoices/getfilteredAccountinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoicesIds/{search}
POST /api/Invoices/getinvoiceitemsbyinvoiceid/{invoiceId}/{skip}/{take}/{search}
POST /api/ProductServices/GetAllProductService/{skip}/{take}/{search}
POST /api/RevenueCommissions/items/{search}/{skip}/{take}
POST /api/SubscriptionContractItems/{skip}/{take}
POST /api/SubscriptionWorkerAccounts/{skip}/{take}
POST /api/Subscriptions/GetSubscriptionItemsByPlanIdsAndProductServiceId
POST /api/Subscriptions/PlanSubscriptionLocationServices
POST /api/Subscriptions/SubscriptionWorkerAccountBillings
POST /api/Subscriptions/plan/{planId}/items/{skip}/{take}/{search}/{includePagination}
POST /api/Subscriptions/subscription/items/bulk
POST /api/Subscriptions/subscriptionItems/{search}
POST /api/Subscriptions/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/BulkItems
POST /api/Subscriptions/{subscriptionId}/grouped-items/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/items/{skip}/{take}/{search}

Found on 2026-01-15 20:06

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354963f030aa1fcb3f1cc20d2396c1f45bc108dd8ba1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Invoices/{id}
DELETE /api/Invoices/{invoiceItemId}/invoiceitem
GET /WeatherForecast
GET /api/BillToTypes
GET /api/BillToTypes/{id}
GET /api/BillingCycles
GET /api/BillingCycles/{id}
GET /api/BillingUnits
GET /api/BillingUnits/productService/{productServiceId}
GET /api/BillingUnits/{id}
GET /api/InvoiceRecipientTypes
GET /api/InvoiceRecipientTypes/{id}
GET /api/Invoices/getbysubscription/{subscriptionId}/{skip}/{take}
GET /api/Invoices/getbysubscriptionId/{subscriptionId}
GET /api/Invoices/itemsbybillingcycle/{billingCycleId}
GET /api/Invoices/records
GET /api/Invoices/{invoiceId}
GET /api/Invoices/{invoiceId}/items
GET /api/Invoices/{invoiceId}/items/data
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}
GET /api/Invoices/{invoiceId}/items/{invoiceItemId}/data
GET /api/Invoices/{invoiceId}/record
GET /api/PaymentRevenueCommission
GET /api/PaymentRevenueCommission/get_all_by_rcd_Id/{revenueCommissionDetailId}
GET /api/PaymentRevenueCommission/{id}
GET /api/ProductServiceBillingUnits
GET /api/ProductServiceBillingUnits/{productServiceBillingUnitId}
GET /api/ProductServices
GET /api/ProductServices/GetAllProductServiceDropDown
GET /api/ProductServices/GetByProductAndServiceId/{productId}/{serviceId}
GET /api/ProductServices/GetPlansWithNoticingEscalation
GET /api/ProductServices/bysubscriptionId
GET /api/ProductServices/{productServiceId}
GET /api/Products
GET /api/Products/getbyCode/{productCode}
GET /api/Products/{id}
GET /api/RevenueCommissions
GET /api/RevenueCommissions/revenuecommissiondetail/{invoiceId}
GET /api/RevenueCommissions/{id}
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail
GET /api/RevenueCommissions/{revenueCommissionId}/revenuecommissiondetail/{revenueCommissionDetailId}
GET /api/Services
GET /api/Services/getbyCode/{serviceCode}
GET /api/Services/{id}
GET /api/SubscriptionContractItems
GET /api/SubscriptionContractItems/{id}
GET /api/SubscriptionWorkerAccounts
GET /api/SubscriptionWorkerAccounts/GetBillableAccounts/{accountId}/{canCreateOrders}
GET /api/SubscriptionWorkerAccounts/GetSubscriptionWorkerAccountsBySubscriptionId/{subscriptinId}
GET /api/SubscriptionWorkerAccounts/WorkerAccountBySubscriptionId/{subscriptionId}
GET /api/SubscriptionWorkerAccounts/{id}
GET /api/SubscriptionWorkerAccounts/{subscriptionId}/{accountId}
GET /api/Subscriptions
GET /api/Subscriptions/GetSubscriptionItemsByPlanIdAndProductCode/{planId}/{productCode}
GET /api/Subscriptions/SubscriptionAccounts
GET /api/Subscriptions/SubscriptionByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByAccountId/{accountId}
GET /api/Subscriptions/SubscriptionsByRequestedAccountId/{accountId}
GET /api/Subscriptions/UpdateInvoiceItemsPlanId
GET /api/Subscriptions/UpdateMigratedSubscriptionData
GET /api/Subscriptions/subscription/items/{subscriptionItemId}
GET /api/Subscriptions/{id}
GET /api/Subscriptions/{productServiceId}/GetSubscriptionItemsByProductServiceId
GET /api/Subscriptions/{subscriptionId}/items
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data
GET /api/Subscriptions/{subscriptionId}/items/{subscriptionItemId}/data/{subscriptionItemDataId}
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/GetSubscriptionItemsBySubscriptionIdAndProductServiceId
GET /api/Subscriptions/{subscriptionId}/{productServiceId}/{planId}/GetSubscriptionItemsBySubscriptionIdProductServiceIdAndPlanId
POST /api/Invoices
POST /api/Invoices/Ids
POST /api/Invoices/Ids/records
POST /api/Invoices/bulk/itemdata
POST /api/Invoices/download/getfilteredAccountinvoices/{fileType}/{search}
POST /api/Invoices/download/getfilteredinvoices/{fileType}/{search}
POST /api/Invoices/getfilteredAccountinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoices/{skip}/{take}/{search}
POST /api/Invoices/getfilteredinvoicesIds/{search}
POST /api/Invoices/getinvoiceitemsbyinvoiceid/{invoiceId}/{skip}/{take}/{search}
POST /api/ProductServices/GetAllProductService/{skip}/{take}/{search}
POST /api/RevenueCommissions/items/{search}/{skip}/{take}
POST /api/SubscriptionContractItems/{skip}/{take}
POST /api/SubscriptionWorkerAccounts/{skip}/{take}
POST /api/Subscriptions/GetSubscriptionItemsByPlanIdsAndProductServiceId
POST /api/Subscriptions/PlanSubscriptionLocationServices
POST /api/Subscriptions/SubscriptionWorkerAccountBillings
POST /api/Subscriptions/plan/{planId}/items/{skip}/{take}/{search}/{includePagination}
POST /api/Subscriptions/subscription/items/bulk
POST /api/Subscriptions/subscriptionItems/{search}
POST /api/Subscriptions/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/BulkItems
POST /api/Subscriptions/{subscriptionId}/grouped-items/{skip}/{take}/{search}
POST /api/Subscriptions/{subscriptionId}/items/{skip}/{take}/{search}

Found on 2026-01-03 09:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: api.address.qa.plannotice.com
Port: 443
URL: https://api.address.qa.plannotice.com

First seen 2025-12-29 10:53
Last seen 2026-01-23 13:14
Open for 25 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549edc759acc97cc37bbeb8b2febeb8b2febeb8b2fe
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Cache/{addressHash}
POST /api/v1/OAuth/Token
POST /api/v1/Validate/full-address
```
  Found on 2026-01-23 13:14
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: fae-api.azure.chevron.com
Port: 443
URL: https://fae-api.azure.chevron.com

First seen 2025-12-26 09:32
Last seen 2026-01-23 12:28
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493af9150125b2940c0490a04223d141adfc2049e1

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /engagement-definitions/{definitionId}/question/{id}
GET /business-units
GET /business-units/{id}/contractors
GET /business-units/{id}/hierarchy
GET /business-units/{id}/logo
GET /business-units/{id}/users
GET /engagement-definitions
GET /engagement-definitions/{id}/protocols
GET /engagement-definitions/{id}/questions
GET /engagements
GET /engagements/counts
GET /engagements/outdated
GET /engagements/{id}
GET /engagements/{id}/protocols
GET /engagements/{id}/question-answers
GET /engagements/{id}/question-answers/{questionId}/attachments
GET /engagements/{id}/question-answers/{questionId}/attachments/{fileName}
GET /features
GET /info
GET /ping
GET /registrations/business-units
GET /registrations/{businessUnitId}/contractors
GET /revalidations
GET /revalidations/counts
GET /users
GET /users/graph
GET /users/me
GET /users/{id}
POST /business-units/hierarchy
POST /engagement-definitions/{definitionId}/protocol
POST /engagement-definitions/{definitionId}/question
POST /registrations
POST /revalidations/{id}/attempts/{questionId}
PUT /engagement-definitions/{definitionId}/protocol/{id}
PUT /engagement-definitions/{definitionId}/protocol/{protocolId}/question

Found on 2026-01-23 12:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: test-api.paytable.mx
Port: 443
URL: https://test-api.paytable.mx

First seen 2026-01-04 07:37
Last seen 2026-01-23 11:50
Open for 19 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 11:50
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: stg.api.acna.ais-spiritconnect.com
Port: 443
URL: https://stg.api.acna.ais-spiritconnect.com

First seen 2025-12-25 06:35
Last seen 2026-01-23 02:29
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 02:29

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913d0e784382c0c31565ec7e420513cb1528d301b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/event-attachments/work-order/{workOrderNumber}/equipment/{serialNumber}/{fileId}
DELETE /api/v1/work-orders/{workOrderNumber}/expenses/{expenseId}
GET /api/v1/app-languages/available-languages
GET /api/v1/app-languages/{applicationId}
GET /api/v1/app-translations/{applicationId}/languages/{languageCode}
GET /api/v1/companies/{companyId}/contact-persons
GET /api/v1/equipment-templates
GET /api/v1/equipment/{companyId}/{serialNumber}/history
GET /api/v1/equipment/{id}/purchase-date
GET /api/v1/event-attachments/work-order/{workOrderNumber}/equipment/{equipmentSerialNumber}/files/{fileId}
GET /api/v1/event-attachments/work-order/{workOrderNumber}/equipment/{serialNumber}/files
GET /api/v1/event/{eventNum}/document/{docNum}
GET /api/v1/fsa/actual-services
GET /api/v1/fsa/company/{companyId}/equipment
GET /api/v1/fsa/labor-types/{workType}
GET /api/v1/fsa/work-types
GET /api/v1/global-variables/workshop/{locationCode}/actual-services
GET /api/v1/global-variables/{locationCode}/work-types
GET /api/v1/manufacturers
GET /api/v1/my-schedule/assignments
GET /api/v1/my-schedule/blockers
GET /api/v1/my-schedule/nphs
GET /api/v1/parts/search/by-description
GET /api/v1/parts/search/by-number
GET /api/v1/public-holidays/{year}
GET /api/v1/time-log-entries
GET /api/v1/time-log-entries/check-overlappings
GET /api/v1/time-log-entries/nph-types
GET /api/v1/user-profile
GET /api/v1/users/locations/{flowType}
GET /api/v1/work-orders/{workOrderNumber}
GET /api/v1/work-orders/{workOrderNumber}/documents
GET /api/v1/work-orders/{workOrderNumber}/documents/{fileName}
GET /api/v1/work-orders/{workOrderNumber}/equipment
GET /api/v1/work-orders/{workOrderNumber}/event-documents
GET /api/v1/workshop-dashboard/{locationCode}/equipment-collection
GET /api/v1/workshop-work-order/{workOrderNumber}/details
GET /api/v1/workshop-work-order/{workOrderNumber}/equipment/{serialNumber}/charges
GET /api/v1/workshop-work-order/{workOrderNumber}/equipment/{serialNumber}/details
GET /api/v1/workshop-work-order/{workOrderNumber}/equipment/{serialNumber}/parts
POST /api/v1/app-languages
POST /api/v1/app-translations
POST /api/v1/companies/search
POST /api/v1/equipment
POST /api/v1/equipment-matches/find
POST /api/v1/equipment/assign
POST /api/v1/equipment/merge
POST /api/v1/equipment/transfer/{targetCompanyId}
POST /api/v1/event-attachments/work-order/{workOrderNumber}/equipment/{serialNumber}
POST /api/v1/fsa/events/fs-calibration
POST /api/v1/fsa/events/fs-service
POST /api/v1/fsa/time-log/check-overlapping
POST /api/v1/inspection-event/complete
POST /api/v1/inspection-event/discard-activities
POST /api/v1/parts/find/by-number
POST /api/v1/time-log-entries/nphs
POST /api/v1/time-log-entries/nphs-multiple
POST /api/v1/users/logout
POST /api/v1/work-order-reports/get-work-order-report
POST /api/v1/work-order-reports/save-file-to-work-order
POST /api/v1/work-order-reports/sign-save-work-order-report
POST /api/v1/work-orders/{workOrderNumber}/assignments/close-all
POST /api/v1/work-orders/{workOrderNumber}/assignments/close-my
POST /api/v1/work-orders/{workOrderNumber}/assignments/{assignmentId}/close
POST /api/v1/work-orders/{workOrderNumber}/customer-comments
POST /api/v1/work-orders/{workOrderNumber}/expenses
POST /api/v1/work-orders/{workOrderNumber}/on-site-contact
POST /api/v1/work-orders/{workOrderNumber}/technician-notes
POST /api/v1/workshop-dashboard/work-order/{workOrderNumber}/lock
PUT /api/v1/app-translations/{applicationId}/languages/{languageCode}/translations/{translationKey}
PUT /api/v1/equipment/toggle-active
PUT /api/v1/fsa/{workOrderNumber}/assignments/request-new
PUT /api/v1/time-log-entries/nphs/{entryId}
PUT /api/v1/work-orders/{workOrderNumber}/internal-notes

Found on 2026-01-16 04:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: api.theaquasolar.net
Port: 443
URL: https://api.theaquasolar.net

First seen 2025-11-23 08:05
Last seen 2026-01-20 00:08
Open for 57 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ff8722ca62429fac78c156472730ad5dd9bf33d6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /customer/{customerId}
GET /customer/{customerId}/invitations
GET /events/{customerId}/query
GET /events/{customerId}/unacknowledged
GET /invitation/{invitationId}
GET /telemetry/analytics/environmental
GET /telemetry/analytics/power
GET /telemetry/analytics/trends
GET /telemetry/{customerId}/devices/latest
GET /telemetry/{customerId}/query
GET /telemetry/{customerId}/{hardwareId}
GET /user
GET /user/customers
GET /user/invitations
POST /contact-us
POST /customer
POST /events/acknowledge
POST /invitation
POST /telemetry
PUT /invitation/{invitationId}/accept
PUT /invitation/{invitationId}/reject

Found on 2026-01-20 00:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ff8722ca556a2861487cef5f07c15d978aa8d9d6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /customer/{customerId}
GET /customer/{customerId}/devices
GET /customer/{customerId}/invitations
GET /customer/{customerId}/schedules
GET /customer/{customerId}/zones
GET /invitation/{invitationId}
GET /user
GET /user/customers
GET /user/invitations
POST /contact-us
POST /customer
POST /invitation
PUT /invitation/{invitationId}/accept
PUT /invitation/{invitationId}/reject

Found on 2026-01-09 17:17

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-21 04:41

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: api.reporting-qa.plannotice.com
Port: 443
URL: https://api.reporting-qa.plannotice.com

First seen 2025-12-05 20:39
Last seen 2026-01-16 14:43
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035494d266166692c087bfab4eb772565607df6d6d1aa
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/ExportReports
GET /api/v1/ExportReports/{id}
GET /api/v1/ScheduledReports
GET /api/v1/ScheduledReports/paged
GET /api/v1/ScheduledReports/{id}
GET /api/v1/StandardReports
GET /api/v1/StandardReports/code/{code}
GET /api/v1/StandardReports/{id}
POST /api/v1/ExportReports/search
POST /api/v1/OAuth/Token
PUT /api/v1/ScheduledReports/{id}/cancel
```
  Found on 2026-01-16 14:43
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: api-qa.plancensus.com
Port: 443
URL: https://api-qa.plancensus.com

First seen 2025-12-07 00:41
Last seen 2026-01-16 12:56
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549839f06fb546453adaa63e579f897b2908432710f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/ExplicitKeys
GET /api/ExplicitKeys/{id}
GET /api/Health
GET /api/Health/detailed
GET /api/Health/live
GET /api/Health/ready
GET /api/KeyVault/get-secret
GET /api/v1/AutomateRK/get
GET /api/v1/AutomateRK/get-plans
GET /api/v1/AutomateRK/get-rks
GET /api/v1/CensusFile/download-census-file/{fileType}/{fileName}
GET /api/v1/CensusFile/get-all-census-file-script-executions
GET /api/v1/CensusFile/get-all-census-file-script-executions-by-date-filter
GET /api/v1/CensusFile/get-all-script-execution-logs-with-status-filter
GET /api/v1/CensusFile/get-audit-trail-for-script-execution/{id}
GET /api/v1/CensusFile/get-census-file-script-execution/{id}
GET /api/v1/CensusFile/get-census-file/{logId}
GET /api/v1/CensusFile/get-script-executions-count
GET /api/v1/Client/download-blob
GET /api/v1/Client/download-file/{fileId}
GET /api/v1/Client/file-transfers
GET /api/v1/Client/get-plans-by-script/{scriptId}
GET /api/v1/Client/jobs
GET /api/v1/Client/list
GET /api/v1/Client/plans-by-recordkeeper/{recordKeeperId}
GET /api/v1/Client/processed-files
GET /api/v1/Configuration/get-all
GET /api/v1/Credential/fetch-code/{number}
GET /api/v1/Credential/get-2fa/{planId}
GET /api/v1/Credential/get-existing-plans
GET /api/v1/Credential/get-existing-record-keeper-numbers/{recordId}
GET /api/v1/Credential/get-existing-rks
GET /api/v1/Credential/get-ids-for-today
GET /api/v1/Credential/get-login-credentials/{planId}
GET /api/v1/Credential/get-new-number
GET /api/v1/Credential/get-otp/{number}
GET /api/v1/Credential/get-plans
GET /api/v1/Credential/get-plans-by-rk-full/{accountId}
GET /api/v1/Credential/get-plans-by-rk/{accountId}
GET /api/v1/Credential/get-plans-for-script/{scriptSource}
GET /api/v1/Credential/get-pn-plans
GET /api/v1/Credential/get-pn-rks
GET /api/v1/Credential/get-rks
GET /api/v1/Credential/get/{credential}
GET /api/v1/Credential/show-plans-with-id/{credentialId}
GET /api/v1/Credential/show-plans/{credentialId}
GET /api/v1/Dashboard/get-operational-stats
GET /api/v1/Dashboard/get-stats
GET /api/v1/Dashboard/get-stats-v2
GET /api/v1/Script/check-default-exists/{recordKeeperId}
GET /api/v1/Script/download-script-by-blob-id/{blobId}
GET /api/v1/Script/download-script/{planId}
GET /api/v1/Script/ge-by-id/{id}
GET /api/v1/Script/get-all
GET /api/v1/Script/get-all-configured-scripts
GET /api/v1/Script/get-by-name/{name}
GET /api/v1/Script/get-by-plan-id/{planId}
GET /api/v1/Script/get-by-recordkeeper-id/{recordKeeperId}
GET /api/v1/Script/get-default-by-recordkeeper/{recordKeeperId}
GET /api/v1/Setting/get-all
GET /api/v1/Setting/get-by-category/{category}
GET /api/v1/Setting/get-by-id/{id}
GET /api/v1/Setting/get-by-key/{key}
GET /api/v1/Setting/get-dashboard-tiles-color-settings
POST /api/KeyVault/create-secret
POST /api/v1/Auth/Login
POST /api/v1/AutomateRK/add-manual-automation
POST /api/v1/AutomateRK/post-otp
POST /api/v1/CensusFile/log-script-file-3Es/{logId}
POST /api/v1/CensusFile/log-script-file/{logId}/{result}
POST /api/v1/CensusFile/log-status
POST /api/v1/Client/process-file
POST /api/v1/Credential/create-credentials
POST /api/v1/Credential/delete
POST /api/v1/Credential/purchase-number/{number}
POST /api/v1/Credential/retrive-credential
POST /api/v1/ExceptionLog/log
POST /api/v1/MessageDetails/log-plivo-message
POST /api/v1/Script/add-script
POST /api/v1/Script/delete-script
POST /api/v1/Script/set-default-script
POST /api/v1/Script/unset-default-script
POST /api/v1/Setting/delete-setting
POST /api/v1/Setting/post-setting
PUT /api/v1/Credential/update-credential
PUT /api/v1/Credential/{credentialId}/put-source-file
PUT /api/v1/Script/update-script
PUT /api/v1/Setting/put-setting

Found on 2026-01-16 12:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: deepbluelink-test.com
Port: 443
URL: https://deepbluelink-test.com

First seen 2025-10-24 11:27
Last seen 2026-01-16 07:34
Open for 83 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354948ee7b5616bcc254276042be471a9fb664f2643f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Account/{id}
DELETE /App/deleteApiKey
DELETE /App/{id}/removeFromDomain
DELETE /Domain/{id}
DELETE /users/{userId}/roles/{roleId}/apps/{appId}
DELETE /users/{userId}/roles/{roleId}/organizations/{organizationId}
GET /.well-known/{path}
GET /App/all
GET /App/list
GET /App/{id}
GET /Domain
GET /Domain/{id}/verify
GET /Link/{id}
GET /Link/{id}/{fileName}
GET /Organization/all
GET /Organization/list
GET /Organization/{id}
GET /Roles
GET /StoreFingerprint/keys
GET /Subscription/checkout
GET /Subscription/list
GET /Subscription/manage
GET /Subscription/pricing
GET /Subscription/update
GET /User
GET /User/list
GET /users/{userId}/roles/apps
GET /users/{userId}/roles/organizations
POST /App
POST /App/{id}/addToDomain
POST /App/{id}/generateApiKey
POST /App/{id}/removeUserFromApp
POST /Docs/webhook
POST /Domain/{id}/renew
POST /Link
POST /Link/checkdeferred
POST /Organization
POST /Organization/{id}/removeUserFromOrg
POST /StoreFingerprint
POST /StoreFingerprint/key/value
POST /Subscription/webhook
POST /User/invite
POST /apps/{appId}/users/{userId}/roles/{roleId}
POST /organizations/{organizationId}/users/{userId}/roles/{roleId}
PUT /Roles/users/{userId}/apps/{appId}
PUT /Roles/users/{userId}/organizations/{orgId}

Found on 2026-01-16 07:34

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-07 00:37

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.119.12.82
Domain: rd-pruebasti-dev.holo.rd-its.com
Port: 443
URL: https://rd-pruebasti-dev.holo.rd-its.com

First seen 2026-01-02 14:30
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-02 14:30
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 172.169.67.159
Domain: careers.tricolor.com
Port: 443
URL: https://careers.tricolor.com

First seen 2022-07-02 07:01
Last seen 2025-08-12 01:20
Open for 1136 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65227eb719f0

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://Tricolor-Auto-Group@dev.azure.com/Tricolor-Auto-Group/Tricolor/_git/Careers.Tricolor.Com
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2025-08-12 01:20

319 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522ffa94daf

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://Tricolor-Auto-Group@dev.azure.com/Tricolor-Auto-Group/Tricolor/_git/Careers.Tricolor.Com
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0

Found on 2024-05-12 21:52

292 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65220fffa7af

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://Tricolor-Auto-Group@dev.azure.com/Tricolor-Auto-Group/Tricolor/_git/Careers.Tricolor.Com
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0

Found on 2024-03-27 12:31

274 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbba5bd31b2

[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	worktree = X:/
	symlinks = false
	ignorecase = true
[remote "origin"]
	url = https://Tricolor-Auto-Group@dev.azure.com/Tricolor-Auto-Group/Tricolor/_git/Careers.Tricolor.Com
	fetch = +refs/heads/*:refs/remotes/origin/*
[gui]
	wmstate = normal
	geometry = 893x435+429+226 175 196
[branch "masterOld"]
	remote = origin
	merge = refs/heads/masterOld
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "develop"]
	remote = origin
	merge = refs/heads/develop

Found on 2022-07-02 07:01

567 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 40.119.12.82
Domain: nrotracker.com
Port: 443
URL: https://nrotracker.com

First seen 2023-07-18 00:01
Last seen 2025-03-26 16:32
Open for 617 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc64097d28509860c3c6f1841dccf536ff
```
Found 4 files trough .DS_Store spidering:

/img
/img/Pins
/img/Pins/blue
/includes
```
  Found on 2025-03-26 16:32
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176421954ce76a7289256a7289256a7289256
```
Found 2 files trough .DS_Store spidering:

/img
/includes
```
  Found on 2025-03-20 22:56
- Severity: low
  Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0fb246cfc71b1449aeaae1e9a0aae1e9a0
```
Found 3 files trough .DS_Store spidering:

/img
/img/Pins
/img/Pins/blue
```
  Found on 2024-01-07 01:57
Create report

Open service 40.119.12.82:443 · avi.infosapiens.mx

2026-02-03 21:29

HTTP/1.1 200 OK
Content-Length: 87173
Connection: close
Content-Type: text/html; charset=utf-8
Date: Tue, 03 Feb 2026 21:29:46 GMT
Server: nginx/1.29.4
Cache-Control: s-maxage=31536000
ETag: "14a3d1ie8561v63"
Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch, Accept-Encoding
x-nextjs-cache: HIT
x-nextjs-prerender: 1
x-nextjs-stale-time: 4294967294
X-Powered-By: Next.js

Page title: InfoSapiens AVI - Plataforma Empresarial de IA

<!DOCTYPE html><html lang="es"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" href="/_next/static/media/5b01f339abf2f1a5.p.woff2" as="font" crossorigin="" type="font/woff2"/><link rel="preload" href="/_next/static/media/9cf9c6e84ed13b5e-s.p.woff2" as="font" crossorigin="" type="font/woff2"/><link rel="preload" href="/_next/static/media/eaead17c7dbfcd5d-s.p.woff2" as="font" crossorigin="" type="font/woff2"/><link rel="preload" as="image" href="https://avi.infosapiens.mx/assets/img/AVI_Logo.png"/><link rel="stylesheet" href="/_next/static/css/48aa2379ea63a8e8.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/cb8544a4ef612ecd.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-29d2ac524c46a80e.js"/><script src="/_next/static/chunks/4bd1b696-75688abf446dcbb2.js" async=""></script><script src="/_next/static/chunks/684-5b49777fe2982aa1.js" async=""></script><script src="/_next/static/chunks/main-app-86201a5c7b6d811b.js" async=""></script><script src="/_next/static/chunks/470-c07d1af6ad0b7865.js" async=""></script><script src="/_next/static/chunks/app/layout-3350bd826e5ac6ac.js" async=""></script><script src="/_next/static/chunks/137-6262cc60d7479f3f.js" async=""></script><script src="/_next/static/chunks/app/page-3b754a3bba126479.js" async=""></script><meta name="next-size-adjust" content=""/><title>InfoSapiens AVI - Plataforma Empresarial de IA</title><meta name="description" content="Crea agentes virtuales inteligentes para tu empresa con InfoSapiens AVI. Soluciones de IA empresarial innovadoras y confiables."/><link rel="icon" href="/landing-favicon.ico"/><script src="/_next/static/chunks/polyfills-42372ed130431b0a.js" noModule=""></script></head><body class="font-sans __variable_1fdbab __variable_0a80b4 __variable_f910ec antialiased"><div class="min-h-screen bg-background"><header class="sticky top-0 z-50 w-full border-b border-border/40 bg-background/95 backdrop-blur supports-[backdrop-filter]:bg-background/60"><div class="container flex h-16 max-w-7xl xl:max-w-none items-center justify-between px-4 md:px-6 lg:px-8 xl:px-12 2xl:px-16"><div class="flex items-center space-x-2"><img src="https://avi.infosapiens.mx/assets/img/AVI_Logo.png" alt="InfoSapiens AVI Logo" class="h-8 w-auto"/></div><nav class="hidden md:flex items-center space-x-6 text-sm font-medium"><a href="#inicio" class="transition-colors hover:text-primary">Inicio</a><a href="#caracteristicas" class="transition-colors hover:text-primary">Características</a><a href="#precios" class="transition-colors hover:text-primary">Precios</a><a href="#seguridad" class="transition-colors hover:text-primary">Seguridad</a></nav><button data-slot="button" class="inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&amp;_svg]:pointer-events-none [&amp;_svg:not([class*=&#x27;size-&#x27;])]:size-4 shrink-0 [&amp;_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive shadow-xs h-9 px-4 py-2 has-[&gt;svg]:px-3 bg-primary hover:bg-primary/90 text-primary-foreground cursor-pointer">Ir a InfoSapiens</button></div></header><section id="inicio" class="relative overflow-hidden py-12 px-4 md:px-6"><div class="absolute inset-0 bg-gradient-to-br from-muted/50 to-background"></div><div class="container relative max-w-7xl xl:max-w-none xl:px-12 2xl:px-16"><div class="flex flex-col items-center justify-center text-center"><div class="space-y-8 max-w-4xl"><div class="space-y-4"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&amp;&gt;svg]:size-3 gap-1 [&amp;&gt;svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invali

Found 2026-02-03 by HttpPlugin

Host 40.119.12.82

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

MacOS file listing through .DS_Store file