LeakIX - Host 40.121.32.232

Host 40.121.32.232

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Apache Apache

tcp/443 tcp/80

Kestrel Kestrel

tcp/443

gunicorn

tcp/443

nginx nginx 1.28.0

tcp/443

nginx nginx

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://userapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:16
Last seen 2026-02-15 22:19
Open for 66 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-02-15 22:19

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-29 21:49

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-26 22:50

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: stjvntampa.org
Port: 443
URL: https://stjvntampa.org

First seen 2024-05-09 03:43
Last seen 2026-02-15 20:27
Open for 647 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-15 20:27
  
  380 Bytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://geographyapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:46
Last seen 2026-02-09 22:37
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 22:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hondausa-reportingdataapi.autodatadigitaldealer.com
Port: 443
URL: https://hondausa-reportingdataapi.autodatadigitaldealer.com

First seen 2025-12-24 02:41
Last seen 2026-02-09 22:11
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 22:11
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: statusreportapi.i-mazing.com
Port: 443
URL: https://statusreportapi.i-mazing.com

First seen 2026-01-10 01:10
Last seen 2026-02-09 22:05
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60d60e0745c1bf8cb8efb57717f0c5cf8cc72722e0
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /Contract
GET /Contract/{id}
GET /Employee
GET /Employee/{id}
GET /EmployeeReport
GET /EmployeeReport/{id}
GET /EmployeeReportData
GET /EmployeeReportData/{id}
GET /Project
GET /Project/{id}
GET /Report
GET /Report/{id}
GET /User
GET /User/{id}
POST /Token/authenticate
POST /Token/refresh
POST /Token/revoke
POST /User/forgotpassword
PUT /User/resetpassword
```
  Found on 2026-02-09 22:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: develop.marketware.com
Port: 443
URL: https://develop.marketware.com

First seen 2026-01-12 12:09
Last seen 2026-02-09 21:51
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 21:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi.hondaprogram.com
Port: 443
URL: https://reportingapi.hondaprogram.com

First seen 2025-12-24 02:35
Last seen 2026-02-09 21:15
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 21:15
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: gxthanhgiusetampa.org
Port: 443
URL: https://gxthanhgiusetampa.org

First seen 2024-05-09 03:43
Last seen 2026-02-09 20:36
Open for 641 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-09 20:36
  
  380 Bytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi-staging.hyundaicaprogram.com
Port: 443
URL: https://geographyapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:46
Last seen 2026-02-09 19:24
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: clientorganizationapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://clientorganizationapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:46
Last seen 2026-02-09 19:24
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497424ba182a7cdac1ed015a5d9215be791689a0a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/OrganizationNodeCommand/DeleteByCode
DELETE /api/command/OrganizationNodeCommand/DeleteById
DELETE /api/command/OrganizationSchemeCommand/DeleteByCode
DELETE /api/command/OrganizationSchemeCommand/DeleteById
GET /api/query/OrganizationNodeQuery/GetAll
GET /api/query/OrganizationNodeQuery/GetByCode
GET /api/query/OrganizationNodeQuery/GetByCodes
GET /api/query/OrganizationNodeQuery/GetById
GET /api/query/OrganizationNodeQuery/GetByIds
GET /api/query/OrganizationNodeQuery/GetBySchemeId
GET /api/query/OrganizationNodeQuery/GetBySchemeIds
GET /api/query/OrganizationNodeQuery/GetCurrentUserFranchises
GET /api/query/OrganizationNodeQuery/GetExpandedPermissionsByUserId
GET /api/query/OrganizationNodeQuery/GetExpandedPermissionsByUserIds
GET /api/query/OrganizationNodeQuery/GetFranchisesByOrganizationNodeIds
GET /api/query/OrganizationSchemeQuery/GetAll
GET /api/query/OrganizationSchemeQuery/GetByCode
GET /api/query/OrganizationSchemeQuery/GetByCodes
GET /api/query/OrganizationSchemeQuery/GetById
GET /api/query/OrganizationSchemeQuery/GetByIds
GET /api/query/RootHierarchyQuery/GetAllRootHierarchies
GET /api/query/RootHierarchyQuery/GetByParentId
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeCode
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeCodes
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeId
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeIds
GET /api/query/UserHierarchyQuery/GetAllUserHierarchies
GET /api/query/UserHierarchyQuery/GetByParentId
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeCode
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeCodes
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeId
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeIds
POST /api/command/OrganizationNodeCommand/Create
POST /api/command/OrganizationNodeCommand/CreateFranchiseFromCsvAsync
POST /api/command/OrganizationNodeCommand/CreateIfNotExistByCodeAsync
POST /api/command/OrganizationNodeCommand/CreateOrUpdateByCode
POST /api/command/OrganizationNodeCommand/CreateOrUpdateByCodes
POST /api/command/OrganizationNodeHierarchyCommand/Create
POST /api/command/OrganizationNodeHierarchyCommand/CreateFromCsv
POST /api/command/OrganizationSchemeCommand/Create
POST /api/command/OrganizationSchemeCommand/CreateFromCsv
POST /api/command/OrganizationSchemeCommand/CreateIfNotExistByCode
POST /api/command/OrganizationSchemeCommand/CreateIfNotExistByCodes
POST /api/command/OrganizationSchemeCommand/CreateOrUpdateByCodeAsync
POST /api/command/OrganizationSchemeCommand/CreateOrUpdateByCodesAsync
POST /api/query/OrganizationNodeFranchiseQuery/GetByLastDataSyncDate
POST /api/query/OrganizationNodeQuery/GetByLastDataSyncDate
POST /api/query/OrganizationSchemeQuery/GetByLastDataSyncDate
PUT /api/command/OrganizationNodeCommand/AddFranchise
PUT /api/command/OrganizationNodeCommand/AddFranchisesByCode
PUT /api/command/OrganizationNodeCommand/AddFranchisesByCodes
PUT /api/command/OrganizationNodeCommand/AddPermission
PUT /api/command/OrganizationNodeCommand/AddPermissions
PUT /api/command/OrganizationNodeCommand/RemoveAllPermissionsByUserId
PUT /api/command/OrganizationNodeCommand/RemoveAllPermissionsByUserIds
PUT /api/command/OrganizationNodeCommand/RemoveFranchise
PUT /api/command/OrganizationNodeCommand/RemoveFranchiseById
PUT /api/command/OrganizationNodeCommand/RemovePermission
PUT /api/command/OrganizationNodeCommand/RemovePermissionById
PUT /api/command/OrganizationNodeCommand/Update
PUT /api/command/OrganizationNodeHierarchyCommand/Move
PUT /api/command/OrganizationSchemeCommand/Update

Found on 2026-02-09 19:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi-staging.acuraprogram.com
Port: 443
URL: https://geographyapi-staging.acuraprogram.com

First seen 2025-12-24 02:46
Last seen 2026-02-09 19:24
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaiusaapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hyundaiusaapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:49
Last seen 2026-02-09 19:24
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b228a71862c9c4734aaff7616a8ff7616a8
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/Disclaimer/MaximumSalesDateDisclaimer
POST /api/query/Enrollment/EnrollmentDetails
POST /api/query/TrafficEvent/TrafficEvent
```
  Found on 2026-02-09 19:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://menuapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:48
Last seen 2026-02-09 19:24
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-02-09 19:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://reportingapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:49
Last seen 2026-02-09 19:24
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://styleapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:16
Last seen 2026-02-09 18:54
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-02-09 18:54

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://reportingapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:16
Last seen 2026-02-09 18:45
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:45
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: staging.api.colormanager.natific.com
Port: 443
URL: https://staging.api.colormanager.natific.com

First seen 2026-01-11 10:33
Last seen 2026-02-09 18:13
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:13
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: feature5.marketware.com
Port: 443
URL: https://feature5.marketware.com

First seen 2026-01-11 14:53
Last seen 2026-02-09 18:11
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:11
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: ws.timeclocknow.com
Port: 443
URL: https://ws.timeclocknow.com

First seen 2026-01-11 15:40
Last seen 2026-02-09 18:10
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60d58b789782cb442afd7f259af33ad86cf33ad86c
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Roles
GET /api/Roles/{id}
GET /api/jobs/time-sheet-lines
GET /api/simple-employees
```
  Found on 2026-02-09 18:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: demo-reportingdataapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://demo-reportingdataapi.dev.autodatadigitaldealer.com

First seen 2026-01-11 23:00
Last seen 2026-02-09 18:09
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:09
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://reportingdataapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:17
Last seen 2026-02-09 18:00
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://api-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:16
Last seen 2026-02-09 17:56
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b228a71862c9c4734aaff7616a8ff7616a8
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/Disclaimer/MaximumSalesDateDisclaimer
POST /api/query/Enrollment/EnrollmentDetails
POST /api/query/TrafficEvent/TrafficEvent
```
  Found on 2026-02-09 17:56
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: stjosephvietnameseparishtampa.org
Port: 443
URL: https://stjosephvietnameseparishtampa.org

First seen 2024-05-09 03:43
Last seen 2026-02-09 17:54
Open for 641 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-09 17:54
  
  380 Bytes
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi.hondaprogram.com
Port: 443
URL: https://dealerapi.hondaprogram.com

First seen 2025-12-24 02:34
Last seen 2026-02-09 17:51
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-02-09 17:51

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi-staging.hyundaicaprogram.com
Port: 443
URL: https://styleapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:39
Last seen 2026-02-09 17:37
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-02-09 17:37

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://menuapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:31
Last seen 2026-02-09 17:37
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-02-09 17:37

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-24 02:31

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi.acuraprogram.com
Port: 443
URL: https://reportingdataapi.acuraprogram.com

First seen 2025-12-24 02:52
Last seen 2026-02-09 17:37
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 17:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://reportingdataapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:08
Last seen 2026-02-09 16:52
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 16:52
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://geographyapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:24
Last seen 2026-02-09 16:14
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 16:14
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://styleapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:39
Last seen 2026-02-09 15:15
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-02-09 15:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaiusaapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hyundaiusaapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:31
Last seen 2026-02-09 15:15
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b228a71862c9c4734aaff7616a8ff7616a8
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/Disclaimer/MaximumSalesDateDisclaimer
POST /api/query/Enrollment/EnrollmentDetails
POST /api/query/TrafficEvent/TrafficEvent
```
  Found on 2026-02-09 15:15
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 03:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi.hondaprogram.com
Port: 443
URL: https://userapi.hondaprogram.com

First seen 2025-12-24 02:36
Last seen 2026-02-09 15:15
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-02-09 15:15

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-09 12:47

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: www.gxthanhgiusetampa.org
Port: 443
URL: https://www.gxthanhgiusetampa.org

First seen 2025-12-10 00:33
Last seen 2026-02-09 14:23
Open for 61 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-09 14:23
  
  380 Bytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: bisandbox.marketware.com
Port: 443
URL: https://bisandbox.marketware.com

First seen 2026-01-12 11:43
Last seen 2026-02-02 12:51
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 12:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausa-reportingdataapi.autodatadigitaldealer.com
Port: 443
URL: https://acurausa-reportingdataapi.autodatadigitaldealer.com

First seen 2025-12-24 02:51
Last seen 2026-02-02 12:30
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 12:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaiusa-reportingdataapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hyundaiusa-reportingdataapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:30
Last seen 2026-02-02 12:30
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 12:30
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://userapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:50
Last seen 2026-02-02 09:10
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-02-02 09:10

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 12:31

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-26 21:53

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausaapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://acurausaapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:44
Last seen 2026-02-02 09:10
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549059fa5ebeb32e4380bbf3f0b292307353a5102c7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalAdvertisingDisclaimer
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-02-02 09:10
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://dealerapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:44
Last seen 2026-02-02 09:10
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-02-02 09:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: brandapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://brandapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:18
Last seen 2026-02-02 08:02
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a2a5854356718e155fb0050e343f90773ecdc5fb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MakeCommand/DeleteByCode
DELETE /api/command/MakeCommand/DeleteById
DELETE /api/command/ModelCommand/DeleteByCode
DELETE /api/command/ModelCommand/DeleteById
DELETE /api/command/TrimCommand/DeleteByCode
DELETE /api/command/TrimCommand/DeleteById
GET /api/query/MakeQuery/GetAll
GET /api/query/MakeQuery/GetAllByModelYear
GET /api/query/MakeQuery/GetAllTenantOwned
GET /api/query/MakeQuery/GetAllTenantOwnedByModelYear
GET /api/query/MakeQuery/GetByCode
GET /api/query/MakeQuery/GetByCodes
GET /api/query/MakeQuery/GetById
GET /api/query/MakeQuery/GetByIds
GET /api/query/MakeQuery/GetByName
GET /api/query/ModelQuery/GetAll
GET /api/query/ModelQuery/GetAllByModelYear
GET /api/query/ModelQuery/GetByCode
GET /api/query/ModelQuery/GetByCodes
GET /api/query/ModelQuery/GetById
GET /api/query/ModelQuery/GetByIds
GET /api/query/ModelQuery/GetByMakeCode
GET /api/query/ModelQuery/GetByMakeCodes
GET /api/query/ModelQuery/GetByMakeId
GET /api/query/ModelQuery/GetByMakeIds
GET /api/query/ModelQuery/GetByModelYearAndMakeCode
GET /api/query/ModelQuery/GetByModelYearAndMakeCodes
GET /api/query/ModelQuery/GetByModelYearAndMakeId
GET /api/query/ModelQuery/GetByModelYearAndMakeIds
GET /api/query/ModelQuery/GetByName
GET /api/query/TrimQuery/GetAll
GET /api/query/TrimQuery/GetAllModelYear
GET /api/query/TrimQuery/GetByCode
GET /api/query/TrimQuery/GetByCodes
GET /api/query/TrimQuery/GetById
GET /api/query/TrimQuery/GetByIds
GET /api/query/TrimQuery/GetByModelAndYearCode
GET /api/query/TrimQuery/GetByModelAndYearCodes
GET /api/query/TrimQuery/GetByModelAndYearId
GET /api/query/TrimQuery/GetByModelAndYearIds
GET /api/query/TrimQuery/GetByName
POST /api/command/MakeCommand/Create
POST /api/command/MakeCommand/CreateIfNotExistByCode
POST /api/command/MakeCommand/CreateOrUpdateFromCsv
POST /api/command/ModelCommand/Create
POST /api/command/ModelCommand/CreateIfNotExistByCode
POST /api/command/ModelCommand/CreateOrUpdateFromCsv
POST /api/command/TrimCommand/Create
POST /api/command/TrimCommand/CreateIfNotExistByCode
POST /api/command/TrimCommand/CreateOrUpdateFromCsv
POST /api/query/MakeQuery/GetByLastDataSyncDate
POST /api/query/ModelQuery/GetByLastDataSyncDate
POST /api/query/TrimQuery/GetByLastDataSyncDate
PUT /api/command/MakeCommand/CreateOrUpdateByCode
PUT /api/command/MakeCommand/Update
PUT /api/command/ModelCommand/CreateOrUpdateByCode
PUT /api/command/ModelCommand/Update
PUT /api/command/TrimCommand/CreateOrUpdateByCode
PUT /api/command/TrimCommand/Update

Found on 2026-02-02 08:02

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausa-reportingdataapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://acurausa-reportingdataapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:44
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausaapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://acurausaapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:26
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549059fa5ebeb32e4380bbf3f0b292307353a5102c7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalAdvertisingDisclaimer
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-23 04:17
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi-staging.hondaprogram.com
Port: 443
URL: https://reportingdataapi-staging.hondaprogram.com

First seen 2025-12-24 02:40
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaicanada-reportingdataapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hyundaicanada-reportingdataapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:29
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi-staging.hondaprogram.com
Port: 443
URL: https://reportingapi-staging.hondaprogram.com

First seen 2025-12-24 02:36
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi-staging.hondaprogram.com
Port: 443
URL: https://geographyapi-staging.hondaprogram.com

First seen 2025-12-24 02:37
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi-staging.hyundaicaprogram.com
Port: 443
URL: https://reportingdataapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:47
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hondausa-reportingdataapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hondausa-reportingdataapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:28
Last seen 2026-02-02 08:02
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 08:02
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi-staging.acuraprogram.com
Port: 443
URL: https://styleapi-staging.acuraprogram.com

First seen 2025-12-24 02:39
Last seen 2026-02-02 08:02
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-02-02 08:02

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: brandapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://brandapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:45
Last seen 2026-02-02 08:02
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a2a5854356718e155fb0050e343f90773ecdc5fb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MakeCommand/DeleteByCode
DELETE /api/command/MakeCommand/DeleteById
DELETE /api/command/ModelCommand/DeleteByCode
DELETE /api/command/ModelCommand/DeleteById
DELETE /api/command/TrimCommand/DeleteByCode
DELETE /api/command/TrimCommand/DeleteById
GET /api/query/MakeQuery/GetAll
GET /api/query/MakeQuery/GetAllByModelYear
GET /api/query/MakeQuery/GetAllTenantOwned
GET /api/query/MakeQuery/GetAllTenantOwnedByModelYear
GET /api/query/MakeQuery/GetByCode
GET /api/query/MakeQuery/GetByCodes
GET /api/query/MakeQuery/GetById
GET /api/query/MakeQuery/GetByIds
GET /api/query/MakeQuery/GetByName
GET /api/query/ModelQuery/GetAll
GET /api/query/ModelQuery/GetAllByModelYear
GET /api/query/ModelQuery/GetByCode
GET /api/query/ModelQuery/GetByCodes
GET /api/query/ModelQuery/GetById
GET /api/query/ModelQuery/GetByIds
GET /api/query/ModelQuery/GetByMakeCode
GET /api/query/ModelQuery/GetByMakeCodes
GET /api/query/ModelQuery/GetByMakeId
GET /api/query/ModelQuery/GetByMakeIds
GET /api/query/ModelQuery/GetByModelYearAndMakeCode
GET /api/query/ModelQuery/GetByModelYearAndMakeCodes
GET /api/query/ModelQuery/GetByModelYearAndMakeId
GET /api/query/ModelQuery/GetByModelYearAndMakeIds
GET /api/query/ModelQuery/GetByName
GET /api/query/TrimQuery/GetAll
GET /api/query/TrimQuery/GetAllModelYear
GET /api/query/TrimQuery/GetByCode
GET /api/query/TrimQuery/GetByCodes
GET /api/query/TrimQuery/GetById
GET /api/query/TrimQuery/GetByIds
GET /api/query/TrimQuery/GetByModelAndYearCode
GET /api/query/TrimQuery/GetByModelAndYearCodes
GET /api/query/TrimQuery/GetByModelAndYearId
GET /api/query/TrimQuery/GetByModelAndYearIds
GET /api/query/TrimQuery/GetByName
POST /api/command/MakeCommand/Create
POST /api/command/MakeCommand/CreateIfNotExistByCode
POST /api/command/MakeCommand/CreateOrUpdateFromCsv
POST /api/command/ModelCommand/Create
POST /api/command/ModelCommand/CreateIfNotExistByCode
POST /api/command/ModelCommand/CreateOrUpdateFromCsv
POST /api/command/TrimCommand/Create
POST /api/command/TrimCommand/CreateIfNotExistByCode
POST /api/command/TrimCommand/CreateOrUpdateFromCsv
POST /api/query/MakeQuery/GetByLastDataSyncDate
POST /api/query/ModelQuery/GetByLastDataSyncDate
POST /api/query/TrimQuery/GetByLastDataSyncDate
PUT /api/command/MakeCommand/CreateOrUpdateByCode
PUT /api/command/MakeCommand/Update
PUT /api/command/ModelCommand/CreateOrUpdateByCode
PUT /api/command/ModelCommand/Update
PUT /api/command/TrimCommand/CreateOrUpdateByCode
PUT /api/command/TrimCommand/Update

Found on 2026-02-02 08:02

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi-staging.acuraprogram.com
Port: 443
URL: https://userapi-staging.acuraprogram.com

First seen 2025-12-24 02:37
Last seen 2026-02-02 08:02
Open for 40 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-02-02 08:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-26 21:53

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: www.sightpas.com
Port: 443
URL: https://www.sightpas.com

First seen 2026-01-10 02:31
Last seen 2026-02-02 05:38
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a97c089d9b2debca86dc8ec4c66dc738dc3cb3e7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Admin/{adminId}
GET /api/AuthApi/check-jwt-token
GET /api/Company/self
GET /api/Company/{companyId}
GET /api/Contractor/{contractorId}
GET /api/ContractorApi/info
GET /api/ContractorApi/photo
GET /api/Counter/Forms/Contractors
GET /api/Counter/Forms/Forms
GET /api/Counter/Forms/SiteSupervisors
GET /api/Counter/companies
GET /api/Counter/contractors
GET /api/Counter/detailedSites
GET /api/Counter/forms
GET /api/Counter/permissions/default
GET /api/Counter/permissions/types
GET /api/Counter/reports/forms
GET /api/Counter/reports/types
GET /api/Counter/secondary-companies
GET /api/Counter/sites
GET /api/EntranceEvent/BatteryLevels
GET /api/EntranceEvent/ContractorEvents
GET /api/EntranceEvent/EntranceEventThumbnail
GET /api/EntranceEvent/EntranceInfo
GET /api/EntranceEvent/HelpRequest
GET /api/EntranceEvent/LastBeaconScannerEvent
GET /api/FileApi/file/{id}
GET /api/FileApi/files
GET /api/FileApi/thumbnail/{id}
GET /api/Notification/{notificationId}
GET /api/NotificationApi/notifications
GET /api/Report/AccessToken
GET /api/Report/DownloadCsv
GET /api/Site/entrance/{entranceId}
GET /api/Site/entrance/{entranceId}/beaconScanners
GET /api/Site/entrance/{entranceId}/groundPlan
GET /api/Site/rebootResult
GET /api/Site/refreshAwxDevices
GET /api/Site/refreshAwxDevicesWebApp
GET /api/Site/siteSupervisor/{userId}
GET /api/Site/unlockResult
GET /api/Site/{siteId}
GET /api/SiteSupervisor/{siteSupervisorId}
POST /api/Admin
POST /api/Admin/changeStatus
POST /api/Admin/create
POST /api/AuthApi/authenticate
POST /api/BeaconApi/event
POST /api/BeaconScannerApi/event
POST /api/Company
POST /api/Company/changeStatus
POST /api/Company/create
POST /api/Company/createSecondaryCompany
POST /api/Contractor
POST /api/Contractor/changeStatus
POST /api/Contractor/create
POST /api/Contractor/resendAuthenticationCodeEmail/{contractorId}
POST /api/Contractor/resendAuthenticationCodePhone/{contractorId}
POST /api/Contractor/tempQrCode/create
POST /api/ContractorApi/cancelHelp
POST /api/ContractorApi/confirmHelp
POST /api/ContractorApi/requestHelp
POST /api/Counter/entrances
POST /api/Counter/sitesFromCompany
POST /api/Counter/sitesPaginated
POST /api/EntranceEvent/LastEvents
POST /api/EntranceEvent/ManualCheckIn
POST /api/EntranceEvent/ManualCheckOut
POST /api/FirmwareApi/motionSensor
POST /api/FormApi/prospect
POST /api/FormApi/submit
POST /api/MotionSensorApi/eventV2
POST /api/Notification
POST /api/Notification/create
POST /api/Notification/sendToContractors
POST /api/NotificationApi/register
POST /api/QRCodeApi/event
POST /api/RegisterApi/checkAuthCode
POST /api/RegisterApi/register
POST /api/Report/create
POST /api/Report/download
POST /api/Site
POST /api/Site/create
POST /api/Site/createEntrance
POST /api/Site/rebootDevice
POST /api/Site/unlockDoor
POST /api/Site/{siteId}/allEntrances
POST /api/Site/{siteId}/entrances
POST /api/Site/{siteId}/siteSupervisor
POST /api/Site/{siteId}/unassigned-site-supervisors
POST /api/SiteSupervisor
POST /api/SiteSupervisor/changeStatus
POST /api/SiteSupervisor/create
POST /api/UserAuth/authenticate
POST /api/UserAuth/forgotPassword
POST /api/UserAuth/reauthenticate
POST /api/UserAuth/resetPassword
PUT /api/Admin/update
PUT /api/Admin/updateSelf
PUT /api/Company/update
PUT /api/Company/updateBaseInfo
PUT /api/Company/updateCredentials
PUT /api/Company/updatePermissionsSecondaryCompanies
PUT /api/Company/updateSecondaryCompany
PUT /api/Contractor/facialRec/enroll/{contractorId}
PUT /api/Contractor/getClubData/{contractorId}
PUT /api/Contractor/update
PUT /api/Contractor/update-entrances
PUT /api/Contractor/update-vaccination
PUT /api/Contractor/update-vaccination-entrances
PUT /api/Site/assign-supervisor
PUT /api/Site/changeEntranceStatus
PUT /api/Site/changeStatus
PUT /api/Site/downloadClubMembers/{siteId}
PUT /api/Site/editBeaconScanners
PUT /api/Site/editEntrance
PUT /api/Site/editGroundPlan
PUT /api/Site/editSite
PUT /api/Site/site-supervisor
PUT /api/Site/site-supervisor-basic
PUT /api/Site/site-supervisor-credentials
PUT /api/Site/unassign-supervisor
PUT /api/SiteSupervisor/update

Found on 2026-02-02 05:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://styleapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-10 02:42
Last seen 2026-02-02 05:02
Open for 54 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-02-02 05:02

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: pprvmw.com
Port: 443
URL: https://pprvmw.com

First seen 2025-10-20 15:06
Last seen 2026-02-02 03:47
Open for 104 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 03:47

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73509db503bd5eb6ad3e101e8cfcc7f278f6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Property/GenerateQRCodeTest
GET /api/Property/GetProperties
GET /api/Property/GetPropertiesForDashBoard
GET /healthz
POST /AddOrEditMedia
POST /CreateChatMessage
POST /CreateOrUpdateEscalationSettings
POST /CreateOrUpdateGuests
POST /CreateOrUpdateItem
POST /CreateOrUpdateList
POST /CreateOrUpdateMenu
POST /CreateOrUpdateOperationalHours
POST /CreateOrUpdateServicesAndSubServices
POST /CreateOrUpdateVenue
POST /DeleteDepartmentItem
POST /DeleteEscalationSettingBy
POST /DeleteGuests
POST /DeleteListBy
POST /DeleteMedia
POST /DeleteMenus
POST /DeleteOperationalHoursBy
POST /DeleteServiceBy
POST /DeleteVenue
POST /GetActiveEndUsersByProperty
POST /GetAllDepartmentDetailsByProperty
POST /GetAllVenueByProperty
POST /GetDepartmentSettingByProperty
POST /GetListBy
POST /GetListByProperty
POST /GetOperationalHoursBy
POST /GetProfileByAppUser
POST /GetVenueBy
POST /Login
POST /TopLocationItemReport
POST /TopRequestedItemReport
POST /TopRoomServiceReport
POST /TopServiceReport
POST /UpdateDepartment
POST /UpdateProfile
POST /api/Communication/CreateEmailTemplate
POST /api/Communication/CreateUpdateGroup
POST /api/Communication/DeleteEmailTemplate
POST /api/Communication/DeleteGroup
POST /api/Communication/DeleteGroupMembers
POST /api/Communication/GetAllCommunicationPageDetails
POST /api/Communication/GetAllMailGroupsByProperty
POST /api/Communication/GetAllRecurringSettingsByProperty
POST /api/Communication/GetAllScheduledCommunicationSettingsByProperty
POST /api/Communication/GetAllTemplatesBy
POST /api/Communication/GetEmailTemplateById
POST /api/Communication/GetRecurringSettingById
POST /api/Communication/GetScheduledCommunicationSettingById
POST /api/Communication/RecuringSettingsCreate
POST /api/Communication/ScheduleComunicationBlast
POST /api/Communication/UpdateEmailTemplate
POST /api/Communication/UpdateRecuringSettings
POST /api/Communication/UpdateScheduledCommunication
POST /api/Communication/communications-by-month
POST /api/Communication/get-or-create
POST /api/Communication/list
POST /api/Communication/messages
POST /api/Communication/reply
POST /api/Communication/send
POST /api/Communication/update-participant-name
POST /api/Property/GetCmsViewByProperty
POST /api/Property/PropertyUpdate
POST /api/Request/BahiaFolioRequest
POST /api/Request/CreateRequest
POST /api/Request/CreateTicketNote
POST /api/Request/EditTicket
POST /api/Request/GetAllRequestByUserAndProperty
POST /api/Request/GetAllTicketsTable
POST /api/Request/GetTicketByRequestId
POST /api/Request/GetTicketFrontByRequestId
POST /api/Request/GetTicketsReport
POST /api/Request/UserValidation
POST /api/Survey/CreateAnswers
POST /api/Survey/CreateOrUpdateSurvey
POST /api/Survey/CreateQuestions
POST /api/Survey/DeleteSurveyByQuestion
POST /api/Survey/GetSurveyByProperty
POST /api/Survey/GetSurveyQuestionsBy
POST /api/Survey/GetSurveyReportBy
POST /api/Tiles/CreateOrUpdateTileItem
POST /api/Tiles/DeleteTileItem
POST /api/Tiles/GetTileItemBy
POST /api/Tiles/GetTilesByProperty
POST /api/Tiles/GetTilesItemListByTile
POST /api/Tiles/UpdateTile
POST /webhooks/acs/sms

Found on 2025-12-12 14:16

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73509db503bd5eb6ad3e101e8cfc1b98b76f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Property/GenerateQRCodeTest
GET /api/Property/GetProperties
GET /api/Property/GetPropertiesForDashBoard
GET /healthz
POST /AddOrEditMedia
POST /CreateChatMessage
POST /CreateOrUpdateEscalationSettings
POST /CreateOrUpdateGuests
POST /CreateOrUpdateItem
POST /CreateOrUpdateList
POST /CreateOrUpdateMenu
POST /CreateOrUpdateOperationalHours
POST /CreateOrUpdateServicesAndSubServices
POST /CreateOrUpdateVenue
POST /DeleteDepartmentItem
POST /DeleteEscalationSettingBy
POST /DeleteGuests
POST /DeleteListBy
POST /DeleteMedia
POST /DeleteMenus
POST /DeleteOperationalHoursBy
POST /DeleteServiceBy
POST /DeleteVenue
POST /GetActiveEndUsersByProperty
POST /GetAllDepartmentDetailsByProperty
POST /GetAllVenueByProperty
POST /GetDepartmentSettingByProperty
POST /GetListBy
POST /GetListByProperty
POST /GetOperationalHoursBy
POST /GetProfileByAppUser
POST /GetVenueBy
POST /Login
POST /TopLocationItemReport
POST /TopRequestedItemReport
POST /TopRoomServiceReport
POST /TopServiceReport
POST /UpdateDepartment
POST /UpdateProfile
POST /api/Communication/CreateEmailTemplate
POST /api/Communication/CreateUpdateGroup
POST /api/Communication/DeleteEmailTemplate
POST /api/Communication/DeleteGroup
POST /api/Communication/DeleteGroupMembers
POST /api/Communication/GetAllCommunicationPageDetails
POST /api/Communication/GetAllMailGroupsByProperty
POST /api/Communication/GetAllRecurringSettingsByProperty
POST /api/Communication/GetAllScheduledCommunicationSettingsByProperty
POST /api/Communication/GetAllTemplatesBy
POST /api/Communication/GetEmailTemplateById
POST /api/Communication/GetRecurringSettingById
POST /api/Communication/GetScheduledCommunicationSettingById
POST /api/Communication/RecuringSettingsCreate
POST /api/Communication/ScheduleComunicationBlast
POST /api/Communication/UpdateEmailTemplate
POST /api/Communication/UpdateRecuringSettings
POST /api/Communication/UpdateScheduledCommunication
POST /api/Communication/get-or-create
POST /api/Communication/list
POST /api/Communication/messages
POST /api/Communication/reply
POST /api/Communication/send
POST /api/Communication/update-participant-name
POST /api/Property/GetCmsViewByProperty
POST /api/Property/PropertyUpdate
POST /api/Request/BahiaFolioRequest
POST /api/Request/CreateRequest
POST /api/Request/CreateTicketNote
POST /api/Request/EditTicket
POST /api/Request/GetAllRequestByUserAndProperty
POST /api/Request/GetAllTicketsTable
POST /api/Request/GetTicketByRequestId
POST /api/Request/GetTicketFrontByRequestId
POST /api/Request/GetTicketsReport
POST /api/Request/UserValidation
POST /api/Survey/CreateAnswers
POST /api/Survey/CreateOrUpdateSurvey
POST /api/Survey/CreateQuestions
POST /api/Survey/DeleteSurveyByQuestion
POST /api/Survey/GetSurveyByProperty
POST /api/Survey/GetSurveyQuestionsBy
POST /api/Survey/GetSurveyReportBy
POST /api/Tiles/CreateOrUpdateTileItem
POST /api/Tiles/DeleteTileItem
POST /api/Tiles/GetTileItemBy
POST /api/Tiles/GetTilesByProperty
POST /api/Tiles/GetTilesItemListByTile
POST /api/Tiles/UpdateTile
POST /webhooks/acs/sms

Found on 2025-11-16 12:49

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73509db503bd5eb6ad3e101e8cfc93c6df1a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Property/GenerateQRCodeTest
GET /api/Property/GetProperties
GET /api/Property/GetPropertiesForDashBoard
GET /healthz
POST /AddOrEditMedia
POST /CreateChatMessage
POST /CreateOrUpdateEscalationSettings
POST /CreateOrUpdateGuests
POST /CreateOrUpdateItem
POST /CreateOrUpdateList
POST /CreateOrUpdateMenu
POST /CreateOrUpdateOperationalHours
POST /CreateOrUpdateServicesAndSubServices
POST /CreateOrUpdateVenue
POST /DeleteDepartmentItem
POST /DeleteEscalationSettingBy
POST /DeleteGuests
POST /DeleteListBy
POST /DeleteMedia
POST /DeleteMenus
POST /DeleteOperationalHoursBy
POST /DeleteServiceBy
POST /DeleteVenue
POST /GetActiveEndUsersByProperty
POST /GetAllDepartmentDetailsByProperty
POST /GetAllVenueByProperty
POST /GetDepartmentSettingByProperty
POST /GetListBy
POST /GetListByProperty
POST /GetOperationalHoursBy
POST /GetProfileByAppUser
POST /GetVenueBy
POST /Login
POST /TopLocationItemReport
POST /TopRequestedItemReport
POST /TopRoomServiceReport
POST /TopServiceReport
POST /UpdateDepartment
POST /UpdateProfile
POST /api/Communication/CreateEmailTemplate
POST /api/Communication/CreateUpdateGroup
POST /api/Communication/DeleteEmailTemplate
POST /api/Communication/DeleteGroup
POST /api/Communication/DeleteGroupMembers
POST /api/Communication/GetAllCommunicationPageDetails
POST /api/Communication/GetAllMailGroupsByProperty
POST /api/Communication/GetAllRecurringSettingsByProperty
POST /api/Communication/GetAllScheduledCommunicationSettingsByProperty
POST /api/Communication/GetAllTemplatesBy
POST /api/Communication/GetEmailTemplateById
POST /api/Communication/GetRecurringSettingById
POST /api/Communication/GetScheduledCommunicationSettingById
POST /api/Communication/RecuringSettingsCreate
POST /api/Communication/ScheduleComunicationBlast
POST /api/Communication/UpdateEmailTemplate
POST /api/Communication/UpdateRecuringSettings
POST /api/Communication/get-or-create
POST /api/Communication/list
POST /api/Communication/messages
POST /api/Communication/reply
POST /api/Communication/send
POST /api/Communication/update-participant-name
POST /api/Property/GetCmsViewByProperty
POST /api/Property/PropertyUpdate
POST /api/Request/BahiaFolioRequest
POST /api/Request/CreateRequest
POST /api/Request/CreateTicketNote
POST /api/Request/EditTicket
POST /api/Request/GetAllRequestByUserAndProperty
POST /api/Request/GetAllTicketsTable
POST /api/Request/GetTicketByRequestId
POST /api/Request/GetTicketFrontByRequestId
POST /api/Request/GetTicketsReport
POST /api/Request/UserValidation
POST /api/Survey/CreateAnswers
POST /api/Survey/CreateOrUpdateSurvey
POST /api/Survey/CreateQuestions
POST /api/Survey/DeleteSurveyByQuestion
POST /api/Survey/GetSurveyByProperty
POST /api/Survey/GetSurveyQuestionsBy
POST /api/Survey/GetSurveyReportBy
POST /api/Tiles/CreateOrUpdateTileItem
POST /api/Tiles/DeleteTileItem
POST /api/Tiles/GetTileItemBy
POST /api/Tiles/GetTilesByProperty
POST /api/Tiles/GetTilesItemListByTile
POST /api/Tiles/UpdateTile
POST /webhooks/acs/sms

Found on 2025-11-14 15:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73509db503bd5eb6ad3e101e8cfcbb9c85c6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Property/GenerateQRCodeTest
GET /api/Property/GetProperties
GET /api/Property/GetPropertiesForDashBoard
GET /healthz
POST /AddOrEditMedia
POST /CreateChatMessage
POST /CreateOrUpdateEscalationSettings
POST /CreateOrUpdateGuests
POST /CreateOrUpdateItem
POST /CreateOrUpdateList
POST /CreateOrUpdateMenu
POST /CreateOrUpdateOperationalHours
POST /CreateOrUpdateServicesAndSubServices
POST /CreateOrUpdateVenue
POST /DeleteDepartmentItem
POST /DeleteEscalationSettingBy
POST /DeleteGuests
POST /DeleteListBy
POST /DeleteMedia
POST /DeleteMenus
POST /DeleteOperationalHoursBy
POST /DeleteServiceBy
POST /DeleteVenue
POST /GetActiveEndUsersByProperty
POST /GetAllDepartmentDetailsByProperty
POST /GetAllVenueByProperty
POST /GetDepartmentSettingByProperty
POST /GetListBy
POST /GetListByProperty
POST /GetOperationalHoursBy
POST /GetProfileByAppUser
POST /GetVenueBy
POST /Login
POST /TopLocationItemReport
POST /TopRequestedItemReport
POST /TopRoomServiceReport
POST /TopServiceReport
POST /UpdateDepartment
POST /UpdateProfile
POST /api/Communication/CreateEmailTemplate
POST /api/Communication/CreateUpdateGroup
POST /api/Communication/DeleteEmailTemplate
POST /api/Communication/DeleteGroup
POST /api/Communication/DeleteGroupMembers
POST /api/Communication/GetAllCommunicationPageDetails
POST /api/Communication/GetAllMailGroupsByProperty
POST /api/Communication/GetAllTemplatesBy
POST /api/Communication/GetEmailTemplateById
POST /api/Communication/RecuringSettingsCreate
POST /api/Communication/ScheduleComunicationBlast
POST /api/Communication/UpdateEmailTemplate
POST /api/Communication/get-or-create
POST /api/Communication/list
POST /api/Communication/messages
POST /api/Communication/reply
POST /api/Communication/send
POST /api/Property/GetCmsViewByProperty
POST /api/Property/PropertyUpdate
POST /api/Request/BahiaFolioRequest
POST /api/Request/CreateRequest
POST /api/Request/CreateTicketNote
POST /api/Request/EditTicket
POST /api/Request/GetAllRequestByUserAndProperty
POST /api/Request/GetAllTicketsTable
POST /api/Request/GetTicketByRequestId
POST /api/Request/GetTicketFrontByRequestId
POST /api/Request/GetTicketsReport
POST /api/Request/UserValidation
POST /api/Survey/CreateAnswers
POST /api/Survey/CreateOrUpdateSurvey
POST /api/Survey/CreateQuestions
POST /api/Survey/DeleteSurveyByQuestion
POST /api/Survey/GetSurveyByProperty
POST /api/Survey/GetSurveyQuestionsBy
POST /api/Survey/GetSurveyReportBy
POST /api/Tiles/CreateOrUpdateTileItem
POST /api/Tiles/DeleteTileItem
POST /api/Tiles/GetTileItemBy
POST /api/Tiles/GetTilesByProperty
POST /api/Tiles/GetTilesItemListByTile
POST /api/Tiles/UpdateTile
POST /webhooks/acs/sms

Found on 2025-11-08 20:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://dealerapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:16
Last seen 2026-02-02 03:29
Open for 52 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-02-02 03:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: staging.marketware.com
Port: 443
URL: https://staging.marketware.com

First seen 2026-01-12 11:43
Last seen 2026-02-02 02:59
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 02:59
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://menuapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:14
Last seen 2026-02-02 02:56
Open for 52 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-02-02 02:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: feature2.marketware.com
Port: 443
URL: https://feature2.marketware.com

First seen 2026-01-10 04:27
Last seen 2026-02-02 00:39
Open for 22 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 00:39
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi-staging.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://geographyapi-staging.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:17
Last seen 2026-02-02 00:37
Open for 52 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 00:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: app2.timeclocknow.com
Port: 443
URL: https://app2.timeclocknow.com

First seen 2026-01-11 17:11
Last seen 2026-02-02 00:23
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60d58b789782cb442afd7f259af33ad86cf33ad86c
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Roles
GET /api/Roles/{id}
GET /api/jobs/time-sheet-lines
GET /api/simple-employees
```
  Found on 2026-02-02 00:23
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://reportingapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-10 02:44
Last seen 2026-02-01 23:48
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 23:48
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://menuapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-10 02:43
Last seen 2026-02-01 23:48
Open for 53 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-02-01 23:48

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: app.timeclocknow.com
Port: 443
URL: https://app.timeclocknow.com

First seen 2026-01-12 09:10
Last seen 2026-02-01 23:25
Open for 20 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60d58b789782cb442afd7f259af33ad86cf33ad86c
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Roles
GET /api/Roles/{id}
GET /api/jobs/time-sheet-lines
GET /api/simple-employees
```
  Found on 2026-02-01 23:25
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi-staging.acuraprogram.com
Port: 443
URL: https://reportingdataapi-staging.acuraprogram.com

First seen 2025-12-24 02:43
Last seen 2026-02-01 22:31
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 22:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausa-reportingdataapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://acurausa-reportingdataapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:29
Last seen 2026-02-01 22:31
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 22:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: schedulerapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://schedulerapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:32
Last seen 2026-02-01 22:31
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497d94d83b23206063935cc23e935cc23e935cc23e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/command/WebRequestJob/RemoveExistingJobs
POST /api/command/WebRequestJob/ScheduleDelayJob
POST /api/command/WebRequestJob/ScheduleOrUpdateRecurredJob
```
  Found on 2026-02-01 22:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://reportingapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:31
Last seen 2026-02-01 22:31
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 22:31
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.hyundaicaprogram.com
Port: 443
URL: https://styleapi.hyundaicaprogram.com

First seen 2025-12-24 02:44
Last seen 2026-01-23 12:46
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-23 12:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: schedulerapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://schedulerapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:50
Last seen 2026-01-23 12:46
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497d94d83b23206063935cc23e935cc23e935cc23e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/command/WebRequestJob/RemoveExistingJobs
POST /api/command/WebRequestJob/ScheduleDelayJob
POST /api/command/WebRequestJob/ScheduleOrUpdateRecurredJob
```
  Found on 2026-01-23 12:46
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://userapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:32
Last seen 2026-01-23 12:46
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-23 12:46

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-09 18:47

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-26 06:05

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi-staging.acuraprogram.com
Port: 443
URL: https://dealerapi-staging.acuraprogram.com

First seen 2025-12-24 02:43
Last seen 2026-01-23 12:46
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-01-23 12:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hondausaapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hondausaapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:29
Last seen 2026-01-23 12:46
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b222635dc29935dfc57e4b36821e4b36821
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-23 12:46
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 18:47
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://api.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:15
Last seen 2026-01-23 10:06
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b228a71862c9c4734aaff7616a8ff7616a8
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/Disclaimer/MaximumSalesDateDisclaimer
POST /api/query/Enrollment/EnrollmentDetails
POST /api/query/TrafficEvent/TrafficEvent
```
  Found on 2026-01-23 10:06
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://dealerapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-11 06:08
Last seen 2026-01-23 10:06
Open for 43 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-01-23 10:06

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: demoapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://demoapi.dev.autodatadigitaldealer.com

First seen 2026-01-11 23:28
Last seen 2026-01-23 01:16
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b221186babf1186babf1186babf1186babf
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
POST /api/query/DemoMetrics/PeriodMetricResults
```
  Found on 2026-01-23 01:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi.hondaprogram.com
Port: 443
URL: https://geographyapi.hondaprogram.com

First seen 2025-12-24 02:36
Last seen 2026-01-23 00:55
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 00:55
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.hondaprogram.com
Port: 443
URL: https://styleapi.hondaprogram.com

First seen 2025-12-24 02:38
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi-staging.hondaprogram.com
Port: 443
URL: https://menuapi-staging.hondaprogram.com

First seen 2025-12-24 02:37
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi-staging.hondaprogram.com
Port: 443
URL: https://dealerapi-staging.hondaprogram.com

First seen 2025-12-24 02:42
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi-staging.hondaprogram.com
Port: 443
URL: https://styleapi-staging.hondaprogram.com

First seen 2025-12-24 02:40
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api-staging.hondaprogram.com
Port: 443
URL: https://api-staging.hondaprogram.com

First seen 2025-12-24 02:36
Last seen 2026-01-23 00:55
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b222635dc29935dfc57e4b36821e4b36821
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-23 00:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: acurausaapi.autodatadigitaldealer.com
Port: 443
URL: https://acurausaapi.autodatadigitaldealer.com

First seen 2025-12-24 02:51
Last seen 2026-01-23 00:55
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549059fa5ebeb32e4380bbf3f0b292307353a5102c7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalAdvertisingDisclaimer
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-23 00:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api-staging.hyundaicaprogram.com
Port: 443
URL: https://api-staging.hyundaicaprogram.com

First seen 2025-12-24 02:47
Last seen 2026-01-23 00:55
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035494ccf6a5eb19a2fa0b19a2fa0b19a2fa0b19a2fa0
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/SalesProcessBySalesPersonDisclaimer
POST /api/query/SalesProcessBySalesPerson/SalesProcessBySalesPerson
```
  Found on 2026-01-23 00:55
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-12-24 02:47
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.acuraprogram.com
Port: 443
URL: https://styleapi.acuraprogram.com

First seen 2025-12-24 02:43
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi-staging.hyundaicaprogram.com
Port: 443
URL: https://dealerapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:42
Last seen 2026-01-23 00:55
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-01-23 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingdataapi.hondaprogram.com
Port: 443
URL: https://reportingdataapi.hondaprogram.com

First seen 2025-12-24 02:33
Last seen 2026-01-23 00:28
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 00:28
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: geographyapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://geographyapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:27
Last seen 2026-01-23 00:28
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 00:28
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaiusa-reportingdataapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hyundaiusa-reportingdataapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:49
Last seen 2026-01-23 00:28
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 00:28
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi-staging.acuraprogram.com
Port: 443
URL: https://menuapi-staging.acuraprogram.com

First seen 2025-12-24 02:48
Last seen 2026-01-23 00:28
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-01-23 00:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: sales.marketware.com
Port: 443
URL: https://sales.marketware.com

First seen 2026-01-12 12:23
Last seen 2026-01-22 23:16
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-22 23:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: release.marketware.com
Port: 443
URL: https://release.marketware.com

First seen 2026-01-12 12:13
Last seen 2026-01-22 23:16
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-22 23:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: sightpas.com
Port: 443
URL: https://sightpas.com

First seen 2025-10-16 06:11
Last seen 2026-01-22 23:15
Open for 98 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a97c089d9b2debca86dc8ec4c66dc738dc3cb3e7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Admin/{adminId}
GET /api/AuthApi/check-jwt-token
GET /api/Company/self
GET /api/Company/{companyId}
GET /api/Contractor/{contractorId}
GET /api/ContractorApi/info
GET /api/ContractorApi/photo
GET /api/Counter/Forms/Contractors
GET /api/Counter/Forms/Forms
GET /api/Counter/Forms/SiteSupervisors
GET /api/Counter/companies
GET /api/Counter/contractors
GET /api/Counter/detailedSites
GET /api/Counter/forms
GET /api/Counter/permissions/default
GET /api/Counter/permissions/types
GET /api/Counter/reports/forms
GET /api/Counter/reports/types
GET /api/Counter/secondary-companies
GET /api/Counter/sites
GET /api/EntranceEvent/BatteryLevels
GET /api/EntranceEvent/ContractorEvents
GET /api/EntranceEvent/EntranceEventThumbnail
GET /api/EntranceEvent/EntranceInfo
GET /api/EntranceEvent/HelpRequest
GET /api/EntranceEvent/LastBeaconScannerEvent
GET /api/FileApi/file/{id}
GET /api/FileApi/files
GET /api/FileApi/thumbnail/{id}
GET /api/Notification/{notificationId}
GET /api/NotificationApi/notifications
GET /api/Report/AccessToken
GET /api/Report/DownloadCsv
GET /api/Site/entrance/{entranceId}
GET /api/Site/entrance/{entranceId}/beaconScanners
GET /api/Site/entrance/{entranceId}/groundPlan
GET /api/Site/rebootResult
GET /api/Site/refreshAwxDevices
GET /api/Site/refreshAwxDevicesWebApp
GET /api/Site/siteSupervisor/{userId}
GET /api/Site/unlockResult
GET /api/Site/{siteId}
GET /api/SiteSupervisor/{siteSupervisorId}
POST /api/Admin
POST /api/Admin/changeStatus
POST /api/Admin/create
POST /api/AuthApi/authenticate
POST /api/BeaconApi/event
POST /api/BeaconScannerApi/event
POST /api/Company
POST /api/Company/changeStatus
POST /api/Company/create
POST /api/Company/createSecondaryCompany
POST /api/Contractor
POST /api/Contractor/changeStatus
POST /api/Contractor/create
POST /api/Contractor/resendAuthenticationCodeEmail/{contractorId}
POST /api/Contractor/resendAuthenticationCodePhone/{contractorId}
POST /api/Contractor/tempQrCode/create
POST /api/ContractorApi/cancelHelp
POST /api/ContractorApi/confirmHelp
POST /api/ContractorApi/requestHelp
POST /api/Counter/entrances
POST /api/Counter/sitesFromCompany
POST /api/Counter/sitesPaginated
POST /api/EntranceEvent/LastEvents
POST /api/EntranceEvent/ManualCheckIn
POST /api/EntranceEvent/ManualCheckOut
POST /api/FirmwareApi/motionSensor
POST /api/FormApi/prospect
POST /api/FormApi/submit
POST /api/MotionSensorApi/eventV2
POST /api/Notification
POST /api/Notification/create
POST /api/Notification/sendToContractors
POST /api/NotificationApi/register
POST /api/QRCodeApi/event
POST /api/RegisterApi/checkAuthCode
POST /api/RegisterApi/register
POST /api/Report/create
POST /api/Report/download
POST /api/Site
POST /api/Site/create
POST /api/Site/createEntrance
POST /api/Site/rebootDevice
POST /api/Site/unlockDoor
POST /api/Site/{siteId}/allEntrances
POST /api/Site/{siteId}/entrances
POST /api/Site/{siteId}/siteSupervisor
POST /api/Site/{siteId}/unassigned-site-supervisors
POST /api/SiteSupervisor
POST /api/SiteSupervisor/changeStatus
POST /api/SiteSupervisor/create
POST /api/UserAuth/authenticate
POST /api/UserAuth/forgotPassword
POST /api/UserAuth/reauthenticate
POST /api/UserAuth/resetPassword
PUT /api/Admin/update
PUT /api/Admin/updateSelf
PUT /api/Company/update
PUT /api/Company/updateBaseInfo
PUT /api/Company/updateCredentials
PUT /api/Company/updatePermissionsSecondaryCompanies
PUT /api/Company/updateSecondaryCompany
PUT /api/Contractor/facialRec/enroll/{contractorId}
PUT /api/Contractor/getClubData/{contractorId}
PUT /api/Contractor/update
PUT /api/Contractor/update-entrances
PUT /api/Contractor/update-vaccination
PUT /api/Contractor/update-vaccination-entrances
PUT /api/Site/assign-supervisor
PUT /api/Site/changeEntranceStatus
PUT /api/Site/changeStatus
PUT /api/Site/downloadClubMembers/{siteId}
PUT /api/Site/editBeaconScanners
PUT /api/Site/editEntrance
PUT /api/Site/editGroundPlan
PUT /api/Site/editSite
PUT /api/Site/site-supervisor
PUT /api/Site/site-supervisor-basic
PUT /api/Site/site-supervisor-credentials
PUT /api/Site/unassign-supervisor
PUT /api/SiteSupervisor/update

Found on 2026-01-22 23:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: feature4.marketware.com
Port: 443
URL: https://feature4.marketware.com

First seen 2026-01-12 11:43
Last seen 2026-01-16 17:32
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 17:32
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: feature1.marketware.com
Port: 443
URL: https://feature1.marketware.com

First seen 2026-01-11 14:52
Last seen 2026-01-16 14:43
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: feature3.marketware.com
Port: 443
URL: https://feature3.marketware.com

First seen 2026-01-11 15:56
Last seen 2026-01-16 14:42
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:42
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: auth.morepuzzles.com
Port: 443
URL: https://auth.morepuzzles.com

First seen 2026-01-12 16:26
Last seen 2026-01-16 14:17
Open for 3 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60d27f13d79992e669443012a4292d1b21f3f85082
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /v1/delete-user
GET /v1/register/confirm-email
GET /v1/status
GET /v1/status/online
GET /v1/users/{nameOrEmail}
POST /v1/auth
POST /v1/auth/signin-google
POST /v1/change-password
POST /v1/forgot-password
POST /v1/forgot-password/resend-confirm
POST /v1/register
POST /v1/reset-password
POST /v1/reset-password/password
```
  Found on 2026-01-16 14:17
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api.morepuzzles.com
Port: 443
URL: https://api.morepuzzles.com

First seen 2026-01-12 16:26
Last seen 2026-01-16 14:17
Open for 3 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b977c19708a20effb945497a5158ce7509c5363a

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /v1/image/{id}
DELETE /v1/privacy/delete
DELETE /v1/share/{key}
GET /v1/Crossword/custom/{key}/image
GET /v1/Crossword/daily
GET /v1/Crossword/daily/image
GET /v1/Crossword/daily/thumbnail
GET /v1/Crossword/topic/{topicId}
GET /v1/Crossword/topic/{topicId}/image
GET /v1/CrosswordDefinition
GET /v1/CrosswordDefinition/key/{key}
GET /v1/CrosswordDefinition/{id}
GET /v1/Puzzlestyle
GET /v1/Puzzlestyle/{id}
GET /v1/Topics
GET /v1/Topics/{id}/{count}
GET /v1/WordSearch
GET /v1/WordSearch/custom/{key}/image
GET /v1/WordSearch/daily
GET /v1/WordSearch/daily/image
GET /v1/WordSearch/daily/thumbnail
GET /v1/WordSearch/topic/{topicId}
GET /v1/WordSearch/topic/{topicId}/image
GET /v1/WordSearchDefinition
GET /v1/WordSearchDefinition/key/{key}
GET /v1/WordSearchDefinition/{id}
GET /v1/accounts
GET /v1/accounts/my-company
GET /v1/accounts/reference-list
GET /v1/accounts/{id}
GET /v1/image/{key}
GET /v1/minesweeper/daily
GET /v1/minesweeper/daily/image
GET /v1/minesweeper/daily/thumbnail
GET /v1/privacy
GET /v1/privacy/statistics
GET /v1/role/my-role
GET /v1/role/reference-list
GET /v1/share/getlatest
GET /v1/share/getsharedpuzzle
GET /v1/share/getsharedpuzzles
GET /v1/share/gettop
GET /v1/share/isauthor
GET /v1/statistics
GET /v1/status
GET /v1/status/online
GET /v1/sudoku/daily
GET /v1/sudoku/daily/image
GET /v1/sudoku/daily/thumbnail
GET /v1/usereventlog/public/{act}/{param}
GET /v1/usereventlog/{act}/{param}
GET /v1/userprogress
GET /v1/userprogress/dailies
GET /v1/userprogress/getallbysharedkey
GET /v1/users
GET /v1/users/has-account
GET /v1/users/my-role
GET /v1/users/my-user
GET /v1/users/my-user/login-date
GET /v1/users/reference-list
GET /v1/users/{id}
GET /v1/users/{id}/isemailunique
GET /v1/users/{id}/role
POST /v1/Crossword/custom/{key}
POST /v1/Crossword/custompublic
POST /v1/WordSearch/custom/{key}
POST /v1/WordSearch/custompublic
POST /v1/image
POST /v1/requestlogic/unsubscribe
POST /v1/share/create
POST /v1/share/publicplay
POST /v1/users/invite
PUT /v1/users/my-user/profile

Found on 2026-01-16 14:17

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaicanadaapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://hyundaicanadaapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:30
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035494ccf6a5eb19a2fa0b19a2fa0b19a2fa0b19a2fa0
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/SalesProcessBySalesPersonDisclaimer
POST /api/query/SalesProcessBySalesPerson/SalesProcessBySalesPerson
```
  Found on 2026-01-16 09:56
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-12-24 02:30
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: dealerapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://dealerapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:34
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549187a8db04eeebeb53097c60988a238a8c034df63

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/BusinessActivityCommand/DeleteByCode
DELETE /api/command/BusinessActivityCommand/DeleteById
DELETE /api/command/ContactCommand/DeleteById
DELETE /api/command/DealershipCommand/DeleteByCode
DELETE /api/command/DealershipCommand/DeleteById
DELETE /api/command/FranchiseCommand/DeleteByCode
DELETE /api/command/FranchiseCommand/DeleteById
DELETE /api/command/FranchiseCommand/RemoveSite
DELETE /api/command/HoursCommand/DeleteById
DELETE /api/command/SiteCommand/DeleteByCode
DELETE /api/command/SiteCommand/DeleteById
GET /api/query/BusinessActivityQuery/GetAll
GET /api/query/BusinessActivityQuery/GetByCode
GET /api/query/BusinessActivityQuery/GetByCodes
GET /api/query/BusinessActivityQuery/GetById
GET /api/query/BusinessActivityQuery/GetByIds
GET /api/query/ContactQuery/GetAll
GET /api/query/ContactQuery/GetByDealershipCode
GET /api/query/ContactQuery/GetByDealershipCodes
GET /api/query/ContactQuery/GetById
GET /api/query/ContactQuery/GetByIds
GET /api/query/DealershipQuery/GetAll
GET /api/query/DealershipQuery/GetAllActiveDealerships
GET /api/query/DealershipQuery/GetByCode
GET /api/query/DealershipQuery/GetByCodes
GET /api/query/DealershipQuery/GetById
GET /api/query/DealershipQuery/GetByIds
GET /api/query/FranchiseQuery/GetActiveFranchiseByCode
GET /api/query/FranchiseQuery/GetAll
GET /api/query/FranchiseQuery/GetAllActiveFranchise
GET /api/query/FranchiseQuery/GetByCode
GET /api/query/FranchiseQuery/GetByCodes
GET /api/query/FranchiseQuery/GetByFranchiseCodeAndMakeCode
GET /api/query/FranchiseQuery/GetById
GET /api/query/FranchiseQuery/GetByIds
GET /api/query/FranchiseQuery/GetByMasterKey
GET /api/query/FranchiseQuery/GetByMasterKeys
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseCodes
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseId
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseIds
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetContactInformationByFranchiseSiteBusinessActivityId
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCode
GET /api/query/FranchiseQuery/GetFranchisesByDealershipCodes
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKey
GET /api/query/FranchiseQuery/GetFranchisesByDealershipMasterKeys
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityCode
GET /api/query/FranchiseQuery/GetOpenHoursBySiteBusinessActivityId
GET /api/query/HoursQuery/GetAllByBusinessActivityCode
GET /api/query/HoursQuery/GetAllByFranchiseBusinessActivitySiteByCode
GET /api/query/HoursQuery/GetAllByFranchiseId
GET /api/query/HoursQuery/GetById
GET /api/query/HoursQuery/GetByIds
GET /api/query/SecurityRightsQuery/GetDealershipUiSecurityRights
GET /api/query/SiteQuery/GetAll
GET /api/query/SiteQuery/GetByCode
GET /api/query/SiteQuery/GetByCodes
GET /api/query/SiteQuery/GetById
GET /api/query/SiteQuery/GetByIds
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCode
GET /api/query/SiteQuery/GetPrimarySiteByDealershipCodes
GET /api/query/SiteQuery/GetPrimarySiteByDealershipId
GET /api/query/SiteQuery/GetPrimarySiteByDealershipIds
GET /api/query/SiteQuery/GetSiteByFranchiseCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodeAndMakeCode
GET /api/query/SiteQuery/GetSiteByFranchiseCodes
GET /api/query/SiteQuery/GetSiteByFranchiseId
GET /api/query/SiteQuery/GetSiteByFranchiseIds
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKey
GET /api/query/SiteQuery/GetSiteByFranchiseMasterKeys
POST /api/command/BusinessActivityCommand/Create
POST /api/command/BusinessActivityCommand/CreateIfNotExistByCode
POST /api/command/BusinessActivityCommand/CreateOrUpdateFromCsv
POST /api/command/ContactCommand/Create
POST /api/command/DealershipCommand/Create
POST /api/command/DealershipCommand/CreateIfNotExistByCode
POST /api/command/DealershipCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/AddSite
POST /api/command/FranchiseCommand/Create
POST /api/command/FranchiseCommand/CreateIfNotExistByCode
POST /api/command/FranchiseCommand/CreateOrUpdateFromCsv
POST /api/command/FranchiseCommand/ImportFranchiseSiteCsv
POST /api/command/HoursCommand/Create
POST /api/command/HoursCommand/CreateOrUpdateFromCsv
POST /api/command/SiteCommand/Create
POST /api/command/SiteCommand/CreateIfNotExistByCode
POST /api/command/SiteCommand/CreateOrUpdateFromCsv
POST /api/query/DealershipQuery/GetByLastDataSyncDate
POST /api/query/FranchiseQuery/GetByLastDataSyncDate
POST /api/query/HoursQuery/GetBusinessHoursByTimestampRanges
POST /api/query/HoursQuery/GetCurrentAndFutureBusinessHoursRange
POST /api/query/SiteQuery/GetByLastDataSyncDate
PUT /api/command/BusinessActivityCommand/CreateOrUpdateByCode
PUT /api/command/BusinessActivityCommand/Update
PUT /api/command/ContactCommand/Update
PUT /api/command/DealershipCommand/CreateOrUpdateByCode
PUT /api/command/DealershipCommand/Update
PUT /api/command/FranchiseCommand/CreateOrUpdateByCode
PUT /api/command/FranchiseCommand/CreateOrUpdateFranchiseContactInformation
PUT /api/command/FranchiseCommand/Update
PUT /api/command/HoursCommand/Update
PUT /api/command/SiteCommand/CreateOrUpdateByCode
PUT /api/command/SiteCommand/Update

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api.hondaprogram.com
Port: 443
URL: https://api.hondaprogram.com

First seen 2025-12-24 02:33
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b222635dc29935dfc57e4b36821e4b36821
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://styleapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:32
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi-staging.acuraprogram.com
Port: 443
URL: https://reportingapi-staging.acuraprogram.com

First seen 2025-12-24 02:41
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: clientorganizationapi.dev.autodatadigitaldealer.com
Port: 443
URL: https://clientorganizationapi.dev.autodatadigitaldealer.com

First seen 2025-12-24 02:26
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497424ba182a7cdac1ed015a5d9215be791689a0a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/OrganizationNodeCommand/DeleteByCode
DELETE /api/command/OrganizationNodeCommand/DeleteById
DELETE /api/command/OrganizationSchemeCommand/DeleteByCode
DELETE /api/command/OrganizationSchemeCommand/DeleteById
GET /api/query/OrganizationNodeQuery/GetAll
GET /api/query/OrganizationNodeQuery/GetByCode
GET /api/query/OrganizationNodeQuery/GetByCodes
GET /api/query/OrganizationNodeQuery/GetById
GET /api/query/OrganizationNodeQuery/GetByIds
GET /api/query/OrganizationNodeQuery/GetBySchemeId
GET /api/query/OrganizationNodeQuery/GetBySchemeIds
GET /api/query/OrganizationNodeQuery/GetCurrentUserFranchises
GET /api/query/OrganizationNodeQuery/GetExpandedPermissionsByUserId
GET /api/query/OrganizationNodeQuery/GetExpandedPermissionsByUserIds
GET /api/query/OrganizationNodeQuery/GetFranchisesByOrganizationNodeIds
GET /api/query/OrganizationSchemeQuery/GetAll
GET /api/query/OrganizationSchemeQuery/GetByCode
GET /api/query/OrganizationSchemeQuery/GetByCodes
GET /api/query/OrganizationSchemeQuery/GetById
GET /api/query/OrganizationSchemeQuery/GetByIds
GET /api/query/RootHierarchyQuery/GetAllRootHierarchies
GET /api/query/RootHierarchyQuery/GetByParentId
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeCode
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeCodes
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeId
GET /api/query/RootHierarchyQuery/GetRootHierarchiesBySchemeIds
GET /api/query/UserHierarchyQuery/GetAllUserHierarchies
GET /api/query/UserHierarchyQuery/GetByParentId
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeCode
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeCodes
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeId
GET /api/query/UserHierarchyQuery/GetUserHierarchiesBySchemeIds
POST /api/command/OrganizationNodeCommand/Create
POST /api/command/OrganizationNodeCommand/CreateFranchiseFromCsvAsync
POST /api/command/OrganizationNodeCommand/CreateIfNotExistByCodeAsync
POST /api/command/OrganizationNodeCommand/CreateOrUpdateByCode
POST /api/command/OrganizationNodeCommand/CreateOrUpdateByCodes
POST /api/command/OrganizationNodeHierarchyCommand/Create
POST /api/command/OrganizationNodeHierarchyCommand/CreateFromCsv
POST /api/command/OrganizationSchemeCommand/Create
POST /api/command/OrganizationSchemeCommand/CreateFromCsv
POST /api/command/OrganizationSchemeCommand/CreateIfNotExistByCode
POST /api/command/OrganizationSchemeCommand/CreateIfNotExistByCodes
POST /api/command/OrganizationSchemeCommand/CreateOrUpdateByCodeAsync
POST /api/command/OrganizationSchemeCommand/CreateOrUpdateByCodesAsync
POST /api/query/OrganizationNodeFranchiseQuery/GetByLastDataSyncDate
POST /api/query/OrganizationNodeQuery/GetByLastDataSyncDate
POST /api/query/OrganizationSchemeQuery/GetByLastDataSyncDate
PUT /api/command/OrganizationNodeCommand/AddFranchise
PUT /api/command/OrganizationNodeCommand/AddFranchisesByCode
PUT /api/command/OrganizationNodeCommand/AddFranchisesByCodes
PUT /api/command/OrganizationNodeCommand/AddPermission
PUT /api/command/OrganizationNodeCommand/AddPermissions
PUT /api/command/OrganizationNodeCommand/RemoveAllPermissionsByUserId
PUT /api/command/OrganizationNodeCommand/RemoveAllPermissionsByUserIds
PUT /api/command/OrganizationNodeCommand/RemoveFranchise
PUT /api/command/OrganizationNodeCommand/RemoveFranchiseById
PUT /api/command/OrganizationNodeCommand/RemovePermission
PUT /api/command/OrganizationNodeCommand/RemovePermissionById
PUT /api/command/OrganizationNodeCommand/Update
PUT /api/command/OrganizationNodeHierarchyCommand/Move
PUT /api/command/OrganizationSchemeCommand/Update

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api-staging.acuraprogram.com
Port: 443
URL: https://api-staging.acuraprogram.com

First seen 2025-12-24 02:44
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549059fa5ebeb32e4380bbf3f0b292307353a5102c7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalAdvertisingDisclaimer
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-16 09:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: api.acuraprogram.com
Port: 443
URL: https://api.acuraprogram.com

First seen 2025-12-24 02:51
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549059fa5ebeb32e4380bbf3f0b292307353a5102c7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalAdvertisingDisclaimer
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi-staging.hyundaicaprogram.com
Port: 443
URL: https://menuapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:48
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaicanadaapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hyundaicanadaapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:48
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035494ccf6a5eb19a2fa0b19a2fa0b19a2fa0b19a2fa0
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/SalesProcessBySalesPersonDisclaimer
POST /api/query/SalesProcessBySalesPerson/SalesProcessBySalesPerson
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi.acuraprogram.com
Port: 443
URL: https://userapi.acuraprogram.com

First seen 2025-12-24 02:37
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-16 09:56

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-09 13:13

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: menuapi.hondaprogram.com
Port: 443
URL: https://menuapi.hondaprogram.com

First seen 2025-12-24 02:50
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549524959ec6239a54876e9ea0d1607c6e7bf2794af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/MenuCategoryCommand/DeleteByCode
DELETE /api/command/MenuCategoryCommand/DeleteByCodes
DELETE /api/command/MenuCategoryCommand/DeleteById
DELETE /api/command/MenuCategoryCommand/DeleteByIds
DELETE /api/command/MenuHierarchyCommand/RemoveMenuItemAsync
DELETE /api/command/MenuItemCommand/DeleteByCode
DELETE /api/command/MenuItemCommand/DeleteByCodes
DELETE /api/command/MenuItemCommand/DeleteById
DELETE /api/command/MenuItemCommand/DeleteByIds
DELETE /api/command/MenuItemCommand/DeleteByMasterKey
DELETE /api/command/MenuItemCommand/DeleteByMasterKeys
DELETE /api/command/MenuSchemeCommand/DeleteByCode
DELETE /api/command/MenuSchemeCommand/DeleteByCodes
DELETE /api/command/MenuSchemeCommand/DeleteById
DELETE /api/command/MenuSchemeCommand/DeleteByIds
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKey
DELETE /api/command/MenuSchemeCommand/DeleteByMasterKeys
GET /api/query/MenuCategoryQuery/GetAll
GET /api/query/MenuCategoryQuery/GetByCode
GET /api/query/MenuCategoryQuery/GetByCodes
GET /api/query/MenuCategoryQuery/GetById
GET /api/query/MenuCategoryQuery/GetByIds
GET /api/query/MenuCategoryQuery/GetByMasterKey
GET /api/query/MenuCategoryQuery/GetByMasterKeys
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetApplicationModuleMenuBySchemeIds
GET /api/query/MenuHierarchyQuery/GetByParentId
GET /api/query/MenuHierarchyQuery/GetBySchemeCode
GET /api/query/MenuHierarchyQuery/GetBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetBySchemeId
GET /api/query/MenuHierarchyQuery/GetBySchemeIds
GET /api/query/MenuHierarchyQuery/GetMenuByApplicationModuleCode
GET /api/query/MenuHierarchyQuery/GetUserMenu
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCode
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeCodes
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeId
GET /api/query/MenuHierarchyQuery/GetUserMenuBySchemeIds
GET /api/query/MenuItemQuery/GetAll
GET /api/query/MenuItemQuery/GetAllByIncludeInactiveMenuItems
GET /api/query/MenuItemQuery/GetByCode
GET /api/query/MenuItemQuery/GetByCodes
GET /api/query/MenuItemQuery/GetById
GET /api/query/MenuItemQuery/GetByIds
GET /api/query/MenuItemQuery/GetByMasterKey
GET /api/query/MenuItemQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetAll
GET /api/query/MenuSchemeQuery/GetByCode
GET /api/query/MenuSchemeQuery/GetByCodes
GET /api/query/MenuSchemeQuery/GetById
GET /api/query/MenuSchemeQuery/GetByIds
GET /api/query/MenuSchemeQuery/GetByMasterKey
GET /api/query/MenuSchemeQuery/GetByMasterKeys
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCode
GET /api/query/MenuSchemeQuery/GetByMenuSchemeCodes
POST /api/command/MenuCategoryCommand/Create
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCode
POST /api/command/MenuCategoryCommand/CreateIfNotExistByCodes
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCode
POST /api/command/MenuCategoryCommand/CreateOrUpdateByCodes
POST /api/command/MenuCategoryCommand/Creates
POST /api/command/MenuHierarchyCommand/AddMenuItemAsync
POST /api/command/MenuHierarchyCommand/Create
POST /api/command/MenuHierarchyCommand/ImportCsv
POST /api/command/MenuHierarchyCommand/MoveMenuItemAsync
POST /api/command/MenuItemCommand/Create
POST /api/command/MenuItemCommand/CreateIfNotExistByCode
POST /api/command/MenuItemCommand/CreateIfNotExistByCodes
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuItemCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuItemCommand/CreateOrUpdateByCode
POST /api/command/MenuItemCommand/CreateOrUpdateByCodes
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuItemCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuItemCommand/Creates
POST /api/command/MenuSchemeCommand/Create
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKey
POST /api/command/MenuSchemeCommand/CreateIfNotExistByMasterKeys
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKey
POST /api/command/MenuSchemeCommand/CreateOrUpdateByMasterKeys
POST /api/command/MenuSchemeCommand/Creates
POST /api/command/MenuSchemeCommand/ImportCsv
PUT /api/command/MenuCategoryCommand/Update
PUT /api/command/MenuCategoryCommand/Updates
PUT /api/command/MenuItemCommand/Update
PUT /api/command/MenuItemCommand/Updates
PUT /api/command/MenuSchemeCommand/Update
PUT /api/command/MenuSchemeCommand/Updates

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hondausa-reportingdataapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hondausa-reportingdataapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:41
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 09:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hondausaapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hondausaapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:47
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a36a8b222635dc29935dfc57e4b36821e4b36821
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer
GET /api/query/DsoQuery/IsEnrolled
POST /api/query/Enrollment/EnrollmentByZoneAndDistrictDetails
POST /api/query/Enrollment/EnrollmentDetails
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi-staging.hondaprogram.com
Port: 443
URL: https://userapi-staging.hondaprogram.com

First seen 2025-12-24 02:38
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-16 09:56

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-09 13:13

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-26 08:16

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi-staging.hyundaicaprogram.com
Port: 443
URL: https://userapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:50
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-16 09:56

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-09 13:13

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2025-12-30 13:04

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: hyundaicanada-reportingdataapi.staging.autodatadigitaldealer.com
Port: 443
URL: https://hyundaicanada-reportingdataapi.staging.autodatadigitaldealer.com

First seen 2025-12-24 02:59
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 09:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: reportingapi-staging.hyundaicaprogram.com
Port: 443
URL: https://reportingapi-staging.hyundaicaprogram.com

First seen 2025-12-24 02:49
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 09:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: styleapi.autodatadigitaldealer.com
Port: 443
URL: https://styleapi.autodatadigitaldealer.com

First seen 2025-12-24 02:43
Last seen 2026-01-16 09:56
Open for 23 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f4da51c16377f017ab79b314130b162ce60552a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleStyleCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByCode
DELETE /api/command/ThemeCommand/DeleteByCodes
DELETE /api/command/ThemeCommand/DeleteById
DELETE /api/command/ThemeCommand/DeleteByIds
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKey
DELETE /api/command/ThemeCommand/DeleteByTenantMasterKeys
GET /api/query/ApplicationModuleStyleQuery/GetAll
GET /api/query/ApplicationModuleStyleQuery/GetById
GET /api/query/ApplicationModuleStyleQuery/GetByIds
GET /api/query/CssStyleQuery/RenderCss
GET /api/query/ThemeQuery/GetAll
GET /api/query/ThemeQuery/GetByCode
GET /api/query/ThemeQuery/GetByCodes
GET /api/query/ThemeQuery/GetById
GET /api/query/ThemeQuery/GetByIds
GET /api/query/ThemeQuery/GetByTenantMasterKey
GET /api/query/ThemeQuery/GetByTenantMasterKeys
POST /api/command/ApplicationModuleStyleCommand/Create
POST /api/command/ThemeCommand/Create
POST /api/command/ThemeCommand/CreateIfNotExistByCode
POST /api/command/ThemeCommand/CreateIfNotExistByCodes
POST /api/command/ThemeCommand/CreateIfNotExistByTenantMasterKey
POST /api/command/ThemeCommand/CreateOrUpdateByCode
POST /api/command/ThemeCommand/CreateOrUpdateByCodes
PUT /api/command/ApplicationModuleStyleCommand/Update
PUT /api/command/ThemeCommand/Update

Found on 2026-01-16 09:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 40.121.32.232
Domain: userapi.hyundaiusasmartdigitalanalytics.com
Port: 443
URL: https://userapi.hyundaiusasmartdigitalanalytics.com

First seen 2025-12-10 02:43
Last seen 2026-01-16 08:13
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af47d07122b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderQuery/ResolveVanityUri
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-16 08:13

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929b65d93383ef7651aa72c06e9831af458889e3e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/command/ApplicationModuleCommand/DeleteByCode
DELETE /api/command/ApplicationModuleCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/DeleteById
DELETE /api/command/ApplicationUserCommand/RemoveSecurityRole
DELETE /api/command/ApplicationUserCommand/RemoveSystemRight
DELETE /api/command/CertificateCommand/DeleteById
DELETE /api/command/CertificateCommand/DeleteBySerialNumber
DELETE /api/command/CertificateCommand/DeleteByThumbprint
DELETE /api/command/CompanyCommand/DeleteByCode
DELETE /api/command/CompanyCommand/DeleteById
DELETE /api/command/LoginProviderCommand/DeleteByCode
DELETE /api/command/LoginProviderCommand/DeleteById
DELETE /api/command/LoginProviderTypeCommand/DeleteByCode
DELETE /api/command/LoginProviderTypeCommand/DeleteById
DELETE /api/command/SecurityClientCommand/DeleteSecurityClient
DELETE /api/command/SecurityClientCommand/RevokeSecret
DELETE /api/command/SecurityClientCommand/RevokeSecrets
DELETE /api/command/SecurityRightCommand/DeleteByCode
DELETE /api/command/SecurityRightCommand/DeleteById
DELETE /api/command/SecurityRoleCommand/DeleteById
DELETE /api/command/SecurityRoleTemplateCommand/DeleteById
DELETE /api/command/TenantCommand/DeleteByCode
DELETE /api/command/TenantCommand/DeleteById
GET /api/query/ApplicationModuleQuery/GetAll
GET /api/query/ApplicationModuleQuery/GetByCode
GET /api/query/ApplicationModuleQuery/GetByCodes
GET /api/query/ApplicationModuleQuery/GetById
GET /api/query/ApplicationModuleQuery/GetByIds
GET /api/query/ApplicationUserQuery/ExportCsv
GET /api/query/ApplicationUserQuery/GetActiveStatus
GET /api/query/ApplicationUserQuery/GetAll
GET /api/query/ApplicationUserQuery/GetAvailableTenant
GET /api/query/ApplicationUserQuery/GetAvailableTenants
GET /api/query/ApplicationUserQuery/GetByCompanyId
GET /api/query/ApplicationUserQuery/GetByCompanyIds
GET /api/query/ApplicationUserQuery/GetById
GET /api/query/ApplicationUserQuery/GetByIds
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserName
GET /api/query/ApplicationUserQuery/GetByLoginProviderCodeAndUserNames
GET /api/query/ApplicationUserQuery/GetCurrentUserAvailableTenants
GET /api/query/ApplicationUserQuery/GetCurrentUserProfileInformation
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRightsByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserId
GET /api/query/ApplicationUserQuery/GetSecurityRoleByTenantUserIds
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserId
GET /api/query/ApplicationUserQuery/GetSystemRightsByTenantUserIds
GET /api/query/CertificateQuery/GetActiveBase64EncodingCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCode
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderCodes
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderId
GET /api/query/CertificateQuery/GetActiveCertificateByLoginProviderIds
GET /api/query/CertificateQuery/GetAll
GET /api/query/CertificateQuery/GetById
GET /api/query/CertificateQuery/GetByIds
GET /api/query/CertificateQuery/GetByLoginProviderCode
GET /api/query/CertificateQuery/GetByLoginProviderCodes
GET /api/query/CertificateQuery/GetByLoginProviderId
GET /api/query/CertificateQuery/GetByLoginProviderIds
GET /api/query/CertificateQuery/GetBySerialNumber
GET /api/query/CertificateQuery/GetBySerialNumbers
GET /api/query/CompanyQuery/GetAll
GET /api/query/CompanyQuery/GetByCode
GET /api/query/CompanyQuery/GetByCodes
GET /api/query/CompanyQuery/GetById
GET /api/query/CompanyQuery/GetByIds
GET /api/query/LoginProviderQuery/GetAll
GET /api/query/LoginProviderQuery/GetByCode
GET /api/query/LoginProviderQuery/GetByCodes
GET /api/query/LoginProviderQuery/GetByCompanyCode
GET /api/query/LoginProviderQuery/GetByCompanyCodes
GET /api/query/LoginProviderQuery/GetByCompanyId
GET /api/query/LoginProviderQuery/GetByCompanyIds
GET /api/query/LoginProviderQuery/GetById
GET /api/query/LoginProviderQuery/GetByIds
GET /api/query/LoginProviderTypeQuery/GetAll
GET /api/query/LoginProviderTypeQuery/GetByCode
GET /api/query/LoginProviderTypeQuery/GetByCodes
GET /api/query/LoginProviderTypeQuery/GetById
GET /api/query/LoginProviderTypeQuery/GetByIds
GET /api/query/SecurityClientQuery/GetByApplicationModuleCode
GET /api/query/SecurityClientQuery/GetByApplicationModuleCodes
GET /api/query/SecurityClientQuery/GetByApplicationModuleId
GET /api/query/SecurityClientQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetAll
GET /api/query/SecurityRightQuery/GetByApplicationModuleCode
GET /api/query/SecurityRightQuery/GetByApplicationModuleCodes
GET /api/query/SecurityRightQuery/GetByApplicationModuleId
GET /api/query/SecurityRightQuery/GetByApplicationModuleIds
GET /api/query/SecurityRightQuery/GetByCode
GET /api/query/SecurityRightQuery/GetByCodes
GET /api/query/SecurityRightQuery/GetByCompanyCode
GET /api/query/SecurityRightQuery/GetByCompanyCodes
GET /api/query/SecurityRightQuery/GetByCompanyId
GET /api/query/SecurityRightQuery/GetByCompanyIds
GET /api/query/SecurityRightQuery/GetById
GET /api/query/SecurityRightQuery/GetByIds
GET /api/query/SecurityRightQuery/GetUserProfileUIRights
GET /api/query/SecurityRightQuery/GetUserRightsByApplicationModuleCode
GET /api/query/SecurityRoleQuery/GetAll
GET /api/query/SecurityRoleQuery/GetByCode
GET /api/query/SecurityRoleQuery/GetByCodes
GET /api/query/SecurityRoleQuery/GetByCompanyCode
GET /api/query/SecurityRoleQuery/GetByCompanyCodes
GET /api/query/SecurityRoleQuery/GetByCompanyId
GET /api/query/SecurityRoleQuery/GetByCompanyIds
GET /api/query/SecurityRoleQuery/GetById
GET /api/query/SecurityRoleQuery/GetByIds
GET /api/query/SecurityRoleTemplateQuery/GetAll
GET /api/query/SecurityRoleTemplateQuery/GetByCode
GET /api/query/SecurityRoleTemplateQuery/GetByCodes
GET /api/query/SecurityRoleTemplateQuery/GetById
GET /api/query/SecurityRoleTemplateQuery/GetByIds
GET /api/query/TenantQuery/GetAll
GET /api/query/TenantQuery/GetByCode
GET /api/query/TenantQuery/GetByCodes
GET /api/query/TenantQuery/GetById
GET /api/query/TenantQuery/GetByIds
GET /api/query/TenantQuery/GetByMasterKey
GET /api/query/TenantQuery/GetByMasterKeys
POST /api/command/ApplicationModuleCommand/Create
POST /api/command/ApplicationModuleCommand/CreateIfNotExistByCode
POST /api/command/ApplicationModuleCommand/CreateOrUpdateByCode
POST /api/command/ApplicationModuleCommand/CreateSecretIfNotExist
POST /api/command/ApplicationUserCommand/AddSecurityRole
POST /api/command/ApplicationUserCommand/AddSecurityRoleForAnyCompany
POST /api/command/ApplicationUserCommand/AddSystemRight
POST /api/command/ApplicationUserCommand/ChangeCurrentTenant
POST /api/command/ApplicationUserCommand/ChangePassword
POST /api/command/ApplicationUserCommand/Create
POST /api/command/ApplicationUserCommand/CreateOrUpdateForAnyCompany
POST /api/command/ApplicationUserCommand/ImportCsv
POST /api/command/ApplicationUserCommand/ResetPassword
POST /api/command/CertificateCommand/CreateIFormFile
POST /api/command/CertificateCommand/CreateIfNotExistBySerialNumber
POST /api/command/CertificateCommand/CreateOrUpdateBySerialNumber
POST /api/command/CertificateCommand/CreatesIfNotExistBySerialNumber
POST /api/command/CompanyCommand/Create
POST /api/command/CompanyCommand/CreateIfNotExistByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCode
POST /api/command/CompanyCommand/CreateOrUpdateByCodes
POST /api/command/CompanyCommand/Creates
POST /api/command/LoginProviderCommand/Create
POST /api/command/LoginProviderCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderCommand/CreateOrUpdateByCode
POST /api/command/LoginProviderTypeCommand/Create
POST /api/command/LoginProviderTypeCommand/CreateIfNotExistByCode
POST /api/command/LoginProviderTypeCommand/CreateOrUpdateByCode
POST /api/command/SecurityClientCommand/CreateSecretIfNotExist
POST /api/command/SecurityClientCommand/GenerateSecret
POST /api/command/SecurityClientCommand/GenerateSecrets
POST /api/command/SecurityRightCommand/Create
POST /api/command/SecurityRightCommand/CreateIfNotExistByCode
POST /api/command/SecurityRightCommand/CreateOrUpdate
POST /api/command/SecurityRoleCommand/AddSecurityRightByCodeAsync
POST /api/command/SecurityRoleCommand/AddSecurityRightByIdAsync
POST /api/command/SecurityRoleCommand/Create
POST /api/command/SecurityRoleCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleCommand/CreateOrUpdateByCode
POST /api/command/SecurityRoleCommand/RemoveSecurityRightAsync
POST /api/command/SecurityRoleCommand/RemoveSecurityRightByCodeAsync
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCode
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightByCodes
POST /api/command/SecurityRoleTemplateCommand/AddSecurityRightById
POST /api/command/SecurityRoleTemplateCommand/Create
POST /api/command/SecurityRoleTemplateCommand/CreateIfNotExistByCode
POST /api/command/SecurityRoleTemplateCommand/RemoveSecurityRight
POST /api/command/TenantCommand/Create
POST /api/command/TenantCommand/CreateIfNotExistByCode
POST /api/command/TenantCommand/CreateOrUpdateByCode
POST /api/command/TenantCommand/CreateOrUpdateByProvidedMasterKey
PUT /api/command/ApplicationModuleCommand/Update
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserId
PUT /api/command/ApplicationUserCommand/RemoveAllRolesByUserIds
PUT /api/command/ApplicationUserCommand/Update
PUT /api/command/ApplicationUserCommand/UpdateUserProfileInformation
PUT /api/command/CompanyCommand/Update
PUT /api/command/LoginProviderCommand/Update
PUT /api/command/LoginProviderTypeCommand/Update
PUT /api/command/SecurityRightCommand/Update
PUT /api/command/SecurityRoleCommand/Update
PUT /api/command/SecurityRoleTemplateCommand/CreateOrUpdateByCode
PUT /api/command/SecurityRoleTemplateCommand/Update
PUT /api/command/TenantCommand/Update

Found on 2026-01-09 11:32

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: rpl.rescue.org
Port: 443
URL: https://rpl.rescue.org

First seen 2022-07-29 19:14
Last seen 2025-07-14 10:19
Open for 1080 days

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65222d63e9f2

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://github.com/theirc/rescue-patternlab-deploy
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2025-07-14 10:19

273 Bytes

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522e2e507f2

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/theirc/rescue-patternlab-deploy
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2024-03-08 07:14

255 Bytes

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65225ef58660

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/theirc/rescue-patternlab-deploy.git
	fetch = +refs/heads/*:refs/remotes/origin/*

Found on 2022-07-29 19:14

217 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 40.121.32.232
Domain: tasks.spiegelweb.com
Port: 443
URL: https://tasks.spiegelweb.com

First seen 2025-04-08 17:45
Last seen 2025-04-28 07:55
Open for 19 days

Severity: medium
Fingerprint: 5f32cf5d6962f09c114fbe07114fbe07e90bc7860b877f82eef9fda6442372c0

Found 47 files trough .DS_Store spidering:

/apps
/assets
/assets/css
/assets/data
/assets/img
/assets/js
/assets/video
/authenticate.php
/config.php
/documentation
/header.php
/helper-pages
/index.php
/modules
/navbar-horizontal.php
/navbar-vertical.php
/security.php
/session_write.php
/sign-in.php
/sign-out.php
/template
/template/apps
/template/assets
/template/changelog.html
/template/coming-soon.html
/template/dashboard
/template/demo
/template/documentation
/template/index.html
/template/modules
/template/pages
/template/pages/authentication
/template/pages/authentication/simple
/template/pages/errors
/template/pages/faq
/template/pages/landing
/template/pages/members.html
/template/pages/notifications.html
/template/pages/pricing
/template/pages/starter.html
/template/pages/timeline.html
/template/showcase.html
/template/upcoming.html
/template/vendors
/template/widgets.html
/vendors
/web.config

Found on 2025-04-28 07:55

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: www.institutorodrigomendes.org.br
Port: 443
URL: https://www.institutorodrigomendes.org.br

First seen 2022-08-15 19:48
Last seen 2024-09-30 08:23
Open for 776 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-09-30 08:23
  
  380 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: institutorodrigomendes.org.br
Port: 80
URL: http://institutorodrigomendes.org.br

First seen 2022-08-15 19:48
Last seen 2024-09-28 22:40
Open for 775 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-09-28 22:40
  
  380 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: institutorodrigomendes.org.br
Port: 443
URL: https://institutorodrigomendes.org.br

First seen 2022-08-15 19:48
Last seen 2024-09-28 19:15
Open for 774 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-09-28 19:15
  
  380 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 40.121.32.232
Domain: www.institutorodrigomendes.org.br
Port: 80
URL: http://www.institutorodrigomendes.org.br

First seen 2022-08-15 19:48
Last seen 2024-09-28 17:06
Open for 774 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-09-28 17:06
  
  380 Bytes
Create report

Open service 40.121.32.232:443 · geographyapi.hyundaicaprogram.com

2026-02-15 21:27

HTTP/1.1 302 Found
Content-Length: 0
Connection: close
Date: Sun, 15 Feb 2026 21:27:40 GMT
Server: Kestrel
Location: /swagger

Found 54 minutes ago by HttpPlugin