LeakIX - Host 52.61.34.168

Host 52.61.34.168

United States

Amazon Data Services Ireland Ltd

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.61.34.168
Domain: tanfdata.acf.hhs.gov
Port: 443
URL: https://tanfdata.acf.hhs.gov

First seen 2025-12-04 21:21
Last seen 2026-02-02 21:21
Open for 59 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff435a26a4c644a417c2a12ceeda4176bdfad4e9815d

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /plg_auth_check/
GET /v1/auth_check
GET /v1/change-request-logs/
GET /v1/change-request-logs/{id}/
GET /v1/change-requests/
GET /v1/change-requests/{id}/
GET /v1/data_files/
GET /v1/data_files/years
GET /v1/data_files/years/{stt}
GET /v1/data_files/{id}/
GET /v1/data_files/{id}/download/
GET /v1/data_files/{id}/download_error_report/
GET /v1/feedback/
GET /v1/feedback/{id}/
GET /v1/login/
GET /v1/logout
GET /v1/oidc/ams
GET /v1/reports/
GET /v1/reports/report-sources/
GET /v1/reports/report-sources/{id}/
GET /v1/reports/{id}/
GET /v1/reports/{id}/download/
GET /v1/roles/
GET /v1/security/get-token
GET /v1/stts/
GET /v1/stts/alpha
GET /v1/stts/by_region
GET /v1/users/
GET /v1/users/profile/
GET /v1/users/request_access/
GET /v1/users/{id}/
PATCH /v1/users/update_profile/
POST /v1/logs/
POST /v1/security/event-token

Found on 2026-02-02 21:21

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff435a26a4c644a417c2462c12f012246220c812a5d5

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /plg_auth_check/
GET /v1/auth_check
GET /v1/data_files/
GET /v1/data_files/years
GET /v1/data_files/years/{stt}
GET /v1/data_files/{id}/
GET /v1/data_files/{id}/download/
GET /v1/data_files/{id}/download_error_report/
GET /v1/feedback/
GET /v1/feedback/{id}/
GET /v1/login/
GET /v1/logout
GET /v1/oidc/ams
GET /v1/roles/
GET /v1/security/get-token
GET /v1/stts/
GET /v1/stts/alpha
GET /v1/stts/by_region
GET /v1/users/
GET /v1/users/request_access/
GET /v1/users/{id}/
POST /v1/logs/

Found on 2025-12-04 21:21

Create report

Open service 52.61.34.168:443 · banks.data.fdic.gov

2026-01-24 22:21

HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Jan 2026 22:21:07 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 66
Connection: close
Access-Control-Allow-Origin: *
Location: https://api.fdic.gov/banks/docs/
Strict-Transport-Security: max-age=31536000
Vary: Accept
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 40115e50-938c-434d-57ba-9e68fdc6b0c3
X-Frame-Options: DENY


Moved Permanently. Redirecting to https://api.fdic.gov/banks/docs/

Found 2026-01-24 by HttpPlugin

Create report

Open service 52.61.34.168:80 · banks.data.fdic.gov

2026-01-24 22:21

HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Jan 2026 22:21:06 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 166
Connection: close
Location: https://banks.data.fdic.gov/
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>openresty</center>
</body>
</html>

Found 2026-01-24 by HttpPlugin

Create report

banks.data.fdic.gov

Fingerprint:

cde964875e2ed52037793679a5e25302ef8c037a1920c9a79f085b66d4c0ca0a

CN:

banks.data.fdic.gov

Key:

RSA-2048

Issuer:

R13

Not before:

2026-01-24 21:21

Not after:

2026-04-24 21:21

Domain summary

tanfdata.acf.hhs.gov 2 banks.data.fdic.gov 1

2 recorded