LeakIX - Host 99.83.185.157

Host 99.83.185.157

United States

AMAZON-02

Ruby/2.7.1/2020-03-31

Software information

Cowboy

tcp/443

Heroku

tcp/443 tcp/80

heroku-router

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.voorstel-fietsenmintjensb2b.be
Port: 80
URL: http://www.voorstel-fietsenmintjensb2b.be

First seen 2025-11-13 00:54
Last seen 2026-01-12 04:15
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-12 04:15
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-dev.deton.no
Port: 443
URL: https://api-dev.deton.no

First seen 2025-11-13 00:03
Last seen 2026-01-12 03:33
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5472907ed46d8c0c9de259a1fc6d228e7b309370a

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/attachments/{attachmentId}
DELETE /api/blast-plans/{planId}/change-worker/roles/{role}
DELETE /api/bmps/{bmpId}/change-blast-manager
DELETE /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project
DELETE /api/companies/{companyId}/credentials/{integrationType}
DELETE /api/projects/contacts/{contactId}
DELETE /api/projects/{projectId}/hierarchy/{nodeId}
DELETE /api/projects/{projectId}/users/{userId}
DELETE /shipment/{id}
GET /api/all/blast-plans/{planId}
GET /api/all/bmps/{bmpId}
GET /api/all/bmps/{bmpId}/blast-plans
GET /api/all/projects
GET /api/blast-holes/{holeId}
GET /api/blast-plan-statuses
GET /api/blast-plan/explosives/{explosiveId}
GET /api/blast-plans/{planId}
GET /api/blast-plans/{planId}/attachments/{type}
GET /api/blast-plans/{planId}/blast-set
GET /api/blast-plans/{planId}/employees/{role}
GET /api/blast-plans/{planId}/explosive-warehouses
GET /api/blast-plans/{planId}/ignition-configuration
GET /api/blast-plans/{planId}/map-markers
GET /api/blast-plans/{planId}/projects/contacts
GET /api/blast-plans/{planId}/residents-notification-message
GET /api/blast-plans/{planId}/rows-overview
GET /api/blast-plans/{planId}/sms-config
GET /api/blast-plans/{planId}/undetonated-charges
GET /api/blast-plans/{planId}/vibration-measurements
GET /api/blast-rows-types
GET /api/blast-rows/{rowId}
GET /api/blast-rows/{rowId}/holes
GET /api/blast-sets/{setId}
GET /api/blast-sets/{setId}/blast-sequence
GET /api/blast-sets/{setId}/ignition-configuration
GET /api/blast-sets/{setId}/ignition-configuration-reference/{type}
GET /api/blast-sets/{setId}/ignition-plan
GET /api/blast-sets/{setId}/plan-preview
GET /api/blast-sets/{setId}/real-tunnel-dimensions
GET /api/blast-sets/{setId}/report
GET /api/blast-sets/{setId}/row/{rowType}
GET /api/blast-sets/{setId}/rows
GET /api/blast-sets/{setId}/rows-overview
GET /api/blast-sets/{setId}/rows-sequence
GET /api/blast-sets/{setId}/rows/{rowType}
GET /api/bmp-sensors/{sensorId}
GET /api/bmp/explosives/{explosiveId}
GET /api/bmps/{bmpId}
GET /api/bmps/{bmpId}/available-integrations
GET /api/bmps/{bmpId}/blast-plan-markers
GET /api/bmps/{bmpId}/blast-plan-statuses
GET /api/bmps/{bmpId}/blast-plans
GET /api/bmps/{bmpId}/company
GET /api/bmps/{bmpId}/employees/{role}
GET /api/bmps/{bmpId}/groups/{group}/risks
GET /api/bmps/{bmpId}/map-markers
GET /api/bmps/{bmpId}/notification/contacts
GET /api/bmps/{bmpId}/notification/contacts/count
GET /api/bmps/{bmpId}/notification/contacts/custom
GET /api/bmps/{bmpId}/notification/group/{key}/categories
GET /api/bmps/{bmpId}/post-plan-markers
GET /api/bmps/{bmpId}/road-lines-map
GET /api/bmps/{bmpId}/road-lines-navigation
GET /api/bmps/{bmpId}/sensors
GET /api/bmps/{bmpId}/statistics
GET /api/bmps/{bmpId}/status
GET /api/bmps/{bmpId}/vibration-integrations
GET /api/bmps/{bmpId}/vibration-integrations/{integrationType}/projects
GET /api/charges/holes/{holeId}
GET /api/companies
GET /api/companies/{companyId}
GET /api/companies/{companyId}/contacts
GET /api/companies/{companyId}/employees
GET /api/companies/{companyId}/explosive-warehouses
GET /api/companies/{companyId}/projects
GET /api/companies/{companyId}/shipments
GET /api/companies/{companyId}/warehouses-stocks-transfers
GET /api/economy-report/projects
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/roles
GET /api/explosive-warehouses/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}
GET /api/explosive-warehouses/{warehouseId}/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}/stocks
GET /api/explosives/blast-plans/{planId}
GET /api/explosives/blast-plans/{planId}/grouped
GET /api/explosives/bmp/blast-plans/{planId}
GET /api/explosives/bmps/{bmpId}
GET /api/explosives/bmps/{bmpId}/grouped
GET /api/explosives/catalog/{supplier}
GET /api/explosives/suppliers
GET /api/filters
GET /api/holes-charges/sets/{setId}/rows/{rowType}
GET /api/holes-charges/{holeChargeId}
GET /api/invitations
GET /api/invitations-count
GET /api/map-markers/{markerId}
GET /api/notification/contact/{id}
GET /api/party/notification/{id}
GET /api/projects
GET /api/projects/{projectId}
GET /api/projects/{projectId}/blast-plan-markers
GET /api/projects/{projectId}/blast-plans
GET /api/projects/{projectId}/bmp-employees/{role}
GET /api/projects/{projectId}/bmp-owners
GET /api/projects/{projectId}/bmp-statuses
GET /api/projects/{projectId}/bmps
GET /api/projects/{projectId}/bmps/named-list
GET /api/projects/{projectId}/companies/{companyId}/users
GET /api/projects/{projectId}/contacts
GET /api/projects/{projectId}/flat-hierarchy
GET /api/projects/{projectId}/hierarchy
GET /api/projects/{projectId}/hierarchy/users
GET /api/projects/{projectId}/statistics
GET /api/projects/{projectId}/users
GET /api/projects/{projectsId}/blast-plan-statuses
GET /api/road-lines/{roadLineId}
GET /api/rows/{rowType}/charge-prototype
GET /api/security/blast-plans/{planId}
GET /api/security/bmps/{bmpId}
GET /api/security/companies/{companyId}
GET /api/security/companies/{companyId}/projects
GET /api/security/projects/{projectId}
GET /api/stocks/{stockId}
GET /api/transfers-stocks/{transferStockId}
GET /api/undetonated-charge/{chargeId}
GET /api/user
GET /api/user-companies
GET /api/user-employee-companies
GET /api/user/config
GET /api/user/notifications
GET /api/user/notifications/count
GET /api/users
GET /api/users/{userId}
GET /api/users/{userId}/config
GET /api/v2/security/projects/{projectId}
GET /api/warehouses-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}/attachments
GET /api/warehouses-stocks-transfers/{transferId}
GET /api/warehouses-stocks-transfers/{transferId}/stocks
GET /api/warehouses/{warehouseId}/inventories
GET /api/warehouses/{warehouseId}/room-inventories
GET /api/worker-change-requests
GET /public/api/invitations/hash/{hash}
GET /public/api/mapbox/configuration
GET /public/api/otc/{code}
GET /public/api/risks/groups
GET /public/api/risks/{bmpId}
GET /public/api/roles
GET /public/api/units/{unitType}
GET /public/push/phone/{phone}
POST /api/blast-plans/{planId}/actual-blast-time-removal
POST /api/blast-plans/{planId}/cancellation
POST /api/blast-plans/{planId}/change-worker/{employeeId}/roles/{role}
POST /api/blast-plans/{planId}/share-report-file
POST /api/blast-plans/{planId}/undetonated-charge
POST /api/blast-rows/{rowId}/holes-dimensions
POST /api/blast-sets-statistics
POST /api/blast-sets/blast-plans/{planId}
POST /api/blast-sets/{setId}/coordinates
POST /api/blast-sets/{setId}/holes-coordinates
POST /api/blast-sets/{setId}/ignition-plan-attachment
POST /api/bmps/{bmpId}/change-blast-manager/{employeeId}
POST /api/bmps/{bmpId}/default-risks
POST /api/bmps/{bmpId}/notification/contact
POST /api/bmps/{bmpId}/notification/group/{key}/category
POST /api/bmps/{bmpId}/road-lines
POST /api/bmps/{bmpId}/road-lines/invitation
POST /api/bmps/{bmpId}/share-report-file
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/refresh
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/{integrationProjectId}
POST /api/bmps/{fromBmpId}/notification/contacts/to/{toBmpId}
POST /api/companies/{companyId}/credentials
POST /api/companies/{companyId}/projects/{projectId}/economy-report/prices
POST /api/companies/{companyId}/projects/{projectId}/invitations
POST /api/companies/{orgNo}
POST /api/employees/{employeeId}/sms/resend
POST /api/explosive-warehouses/transfer/all/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/transfer/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/{warehouseId}/closure
POST /api/explosive-warehouses/{warehouseId}/share-report
POST /api/explosive-warehouses/{warehouseId}/{articleId}
POST /api/explosives/blast-plans/{planId}/bmp-explosive-materials
POST /api/explosives/blast-plans/{planId}/warehouse-explosive-materials
POST /api/explosives/catalog/{supplier}/extended
POST /api/explosives/catalog/{supplier}/simple
POST /api/mitigations/{mitigationId}
POST /api/notifications/{notificationId}/attachments
POST /api/project-sets-maps
POST /api/risks/{riskId}
POST /api/shipments/{shipmentId}/processing
POST /api/shipments/{shipmentId}/warehouses/{warehouseId}
POST /api/user/data-sharing
POST /api/user/firebase-cloud-messaging-token
POST /api/user/notifications/{notificationId}
POST /api/user/request-removal
POST /api/users/new-version-notification
POST /api/warehouses-inventories/{inventoryId}/share-report
POST /api/warehouses-stocks-transfers/{transferId}/share-document
POST /api/warehouses-stocks-transfers/{transfer}
POST /api/warehouses/{warehouseId}/room-inventories/{inventoryType}
POST /api/worker-change-requests/{requestId}/invitation-response
POST /public/api/invitations/{invitationId}/accept
POST /public/api/invitations/{invitationId}/accept-for-new
POST /public/api/invitations/{invitationId}/decline
POST /public/api/phone/{phone}/otc
POST /public/api/tripletex/companies/{orgNo}
POST /public/api/users
POST /public/uploadcare/webhook
POST /shipment/upload
PUT /api/bmps/{bmpId}/status/{status}
PUT /api/bmps/{bmpId}/warehouse/{withWarehouse}
PUT /api/employees/{employeeId}/status
PUT /api/holes-charges/holes
PUT /api/holes-charges/holes/{holeId}
PUT /api/holes-charges/rows/{rowId}
PUT /api/project-sensors/{sensorId}
PUT /api/projects/{projectId}/hierarchy/rearrange
PUT /api/projects/{projectId}/status/{status}
PUT /api/warehouses-room-inventories/points/{pointId}
PUT /public/api/otc

Found on 2026-01-12 03:33

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2026-01-12 03:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.223.53.203
Domain: api-dev.deton.no
Port: 80
URL: http://api-dev.deton.no

First seen 2025-11-13 00:03
Last seen 2026-01-12 03:33
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5472907ed46d8c0c9de259a1fc6d228e7b309370a

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/attachments/{attachmentId}
DELETE /api/blast-plans/{planId}/change-worker/roles/{role}
DELETE /api/bmps/{bmpId}/change-blast-manager
DELETE /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project
DELETE /api/companies/{companyId}/credentials/{integrationType}
DELETE /api/projects/contacts/{contactId}
DELETE /api/projects/{projectId}/hierarchy/{nodeId}
DELETE /api/projects/{projectId}/users/{userId}
DELETE /shipment/{id}
GET /api/all/blast-plans/{planId}
GET /api/all/bmps/{bmpId}
GET /api/all/bmps/{bmpId}/blast-plans
GET /api/all/projects
GET /api/blast-holes/{holeId}
GET /api/blast-plan-statuses
GET /api/blast-plan/explosives/{explosiveId}
GET /api/blast-plans/{planId}
GET /api/blast-plans/{planId}/attachments/{type}
GET /api/blast-plans/{planId}/blast-set
GET /api/blast-plans/{planId}/employees/{role}
GET /api/blast-plans/{planId}/explosive-warehouses
GET /api/blast-plans/{planId}/ignition-configuration
GET /api/blast-plans/{planId}/map-markers
GET /api/blast-plans/{planId}/projects/contacts
GET /api/blast-plans/{planId}/residents-notification-message
GET /api/blast-plans/{planId}/rows-overview
GET /api/blast-plans/{planId}/sms-config
GET /api/blast-plans/{planId}/undetonated-charges
GET /api/blast-plans/{planId}/vibration-measurements
GET /api/blast-rows-types
GET /api/blast-rows/{rowId}
GET /api/blast-rows/{rowId}/holes
GET /api/blast-sets/{setId}
GET /api/blast-sets/{setId}/blast-sequence
GET /api/blast-sets/{setId}/ignition-configuration
GET /api/blast-sets/{setId}/ignition-configuration-reference/{type}
GET /api/blast-sets/{setId}/ignition-plan
GET /api/blast-sets/{setId}/plan-preview
GET /api/blast-sets/{setId}/real-tunnel-dimensions
GET /api/blast-sets/{setId}/report
GET /api/blast-sets/{setId}/row/{rowType}
GET /api/blast-sets/{setId}/rows
GET /api/blast-sets/{setId}/rows-overview
GET /api/blast-sets/{setId}/rows-sequence
GET /api/blast-sets/{setId}/rows/{rowType}
GET /api/bmp-sensors/{sensorId}
GET /api/bmp/explosives/{explosiveId}
GET /api/bmps/{bmpId}
GET /api/bmps/{bmpId}/available-integrations
GET /api/bmps/{bmpId}/blast-plan-markers
GET /api/bmps/{bmpId}/blast-plan-statuses
GET /api/bmps/{bmpId}/blast-plans
GET /api/bmps/{bmpId}/company
GET /api/bmps/{bmpId}/employees/{role}
GET /api/bmps/{bmpId}/groups/{group}/risks
GET /api/bmps/{bmpId}/map-markers
GET /api/bmps/{bmpId}/notification/contacts
GET /api/bmps/{bmpId}/notification/contacts/count
GET /api/bmps/{bmpId}/notification/contacts/custom
GET /api/bmps/{bmpId}/notification/group/{key}/categories
GET /api/bmps/{bmpId}/post-plan-markers
GET /api/bmps/{bmpId}/road-lines-map
GET /api/bmps/{bmpId}/road-lines-navigation
GET /api/bmps/{bmpId}/sensors
GET /api/bmps/{bmpId}/statistics
GET /api/bmps/{bmpId}/status
GET /api/bmps/{bmpId}/vibration-integrations
GET /api/bmps/{bmpId}/vibration-integrations/{integrationType}/projects
GET /api/charges/holes/{holeId}
GET /api/companies
GET /api/companies/{companyId}
GET /api/companies/{companyId}/contacts
GET /api/companies/{companyId}/employees
GET /api/companies/{companyId}/explosive-warehouses
GET /api/companies/{companyId}/projects
GET /api/companies/{companyId}/shipments
GET /api/companies/{companyId}/warehouses-stocks-transfers
GET /api/economy-report/projects
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/roles
GET /api/explosive-warehouses/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}
GET /api/explosive-warehouses/{warehouseId}/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}/stocks
GET /api/explosives/blast-plans/{planId}
GET /api/explosives/blast-plans/{planId}/grouped
GET /api/explosives/bmp/blast-plans/{planId}
GET /api/explosives/bmps/{bmpId}
GET /api/explosives/bmps/{bmpId}/grouped
GET /api/explosives/catalog/{supplier}
GET /api/explosives/suppliers
GET /api/filters
GET /api/holes-charges/sets/{setId}/rows/{rowType}
GET /api/holes-charges/{holeChargeId}
GET /api/invitations
GET /api/invitations-count
GET /api/map-markers/{markerId}
GET /api/notification/contact/{id}
GET /api/party/notification/{id}
GET /api/projects
GET /api/projects/{projectId}
GET /api/projects/{projectId}/blast-plan-markers
GET /api/projects/{projectId}/blast-plans
GET /api/projects/{projectId}/bmp-employees/{role}
GET /api/projects/{projectId}/bmp-owners
GET /api/projects/{projectId}/bmp-statuses
GET /api/projects/{projectId}/bmps
GET /api/projects/{projectId}/bmps/named-list
GET /api/projects/{projectId}/companies/{companyId}/users
GET /api/projects/{projectId}/contacts
GET /api/projects/{projectId}/flat-hierarchy
GET /api/projects/{projectId}/hierarchy
GET /api/projects/{projectId}/hierarchy/users
GET /api/projects/{projectId}/statistics
GET /api/projects/{projectId}/users
GET /api/projects/{projectsId}/blast-plan-statuses
GET /api/road-lines/{roadLineId}
GET /api/rows/{rowType}/charge-prototype
GET /api/security/blast-plans/{planId}
GET /api/security/bmps/{bmpId}
GET /api/security/companies/{companyId}
GET /api/security/companies/{companyId}/projects
GET /api/security/projects/{projectId}
GET /api/stocks/{stockId}
GET /api/transfers-stocks/{transferStockId}
GET /api/undetonated-charge/{chargeId}
GET /api/user
GET /api/user-companies
GET /api/user-employee-companies
GET /api/user/config
GET /api/user/notifications
GET /api/user/notifications/count
GET /api/users
GET /api/users/{userId}
GET /api/users/{userId}/config
GET /api/v2/security/projects/{projectId}
GET /api/warehouses-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}/attachments
GET /api/warehouses-stocks-transfers/{transferId}
GET /api/warehouses-stocks-transfers/{transferId}/stocks
GET /api/warehouses/{warehouseId}/inventories
GET /api/warehouses/{warehouseId}/room-inventories
GET /api/worker-change-requests
GET /public/api/invitations/hash/{hash}
GET /public/api/mapbox/configuration
GET /public/api/otc/{code}
GET /public/api/risks/groups
GET /public/api/risks/{bmpId}
GET /public/api/roles
GET /public/api/units/{unitType}
GET /public/push/phone/{phone}
POST /api/blast-plans/{planId}/actual-blast-time-removal
POST /api/blast-plans/{planId}/cancellation
POST /api/blast-plans/{planId}/change-worker/{employeeId}/roles/{role}
POST /api/blast-plans/{planId}/share-report-file
POST /api/blast-plans/{planId}/undetonated-charge
POST /api/blast-rows/{rowId}/holes-dimensions
POST /api/blast-sets-statistics
POST /api/blast-sets/blast-plans/{planId}
POST /api/blast-sets/{setId}/coordinates
POST /api/blast-sets/{setId}/holes-coordinates
POST /api/blast-sets/{setId}/ignition-plan-attachment
POST /api/bmps/{bmpId}/change-blast-manager/{employeeId}
POST /api/bmps/{bmpId}/default-risks
POST /api/bmps/{bmpId}/notification/contact
POST /api/bmps/{bmpId}/notification/group/{key}/category
POST /api/bmps/{bmpId}/road-lines
POST /api/bmps/{bmpId}/road-lines/invitation
POST /api/bmps/{bmpId}/share-report-file
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/refresh
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/{integrationProjectId}
POST /api/bmps/{fromBmpId}/notification/contacts/to/{toBmpId}
POST /api/companies/{companyId}/credentials
POST /api/companies/{companyId}/projects/{projectId}/economy-report/prices
POST /api/companies/{companyId}/projects/{projectId}/invitations
POST /api/companies/{orgNo}
POST /api/employees/{employeeId}/sms/resend
POST /api/explosive-warehouses/transfer/all/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/transfer/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/{warehouseId}/closure
POST /api/explosive-warehouses/{warehouseId}/share-report
POST /api/explosive-warehouses/{warehouseId}/{articleId}
POST /api/explosives/blast-plans/{planId}/bmp-explosive-materials
POST /api/explosives/blast-plans/{planId}/warehouse-explosive-materials
POST /api/explosives/catalog/{supplier}/extended
POST /api/explosives/catalog/{supplier}/simple
POST /api/mitigations/{mitigationId}
POST /api/notifications/{notificationId}/attachments
POST /api/project-sets-maps
POST /api/risks/{riskId}
POST /api/shipments/{shipmentId}/processing
POST /api/shipments/{shipmentId}/warehouses/{warehouseId}
POST /api/user/data-sharing
POST /api/user/firebase-cloud-messaging-token
POST /api/user/notifications/{notificationId}
POST /api/user/request-removal
POST /api/users/new-version-notification
POST /api/warehouses-inventories/{inventoryId}/share-report
POST /api/warehouses-stocks-transfers/{transferId}/share-document
POST /api/warehouses-stocks-transfers/{transfer}
POST /api/warehouses/{warehouseId}/room-inventories/{inventoryType}
POST /api/worker-change-requests/{requestId}/invitation-response
POST /public/api/invitations/{invitationId}/accept
POST /public/api/invitations/{invitationId}/accept-for-new
POST /public/api/invitations/{invitationId}/decline
POST /public/api/phone/{phone}/otc
POST /public/api/tripletex/companies/{orgNo}
POST /public/api/users
POST /public/uploadcare/webhook
POST /shipment/upload
PUT /api/bmps/{bmpId}/status/{status}
PUT /api/bmps/{bmpId}/warehouse/{withWarehouse}
PUT /api/employees/{employeeId}/status
PUT /api/holes-charges/holes
PUT /api/holes-charges/holes/{holeId}
PUT /api/holes-charges/rows/{rowId}
PUT /api/project-sensors/{sensorId}
PUT /api/projects/{projectId}/hierarchy/rearrange
PUT /api/projects/{projectId}/status/{status}
PUT /api/warehouses-room-inventories/points/{pointId}
PUT /public/api/otc

Found on 2026-01-12 03:33

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2025-12-11 08:59

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: shipping.chainzsolutions.com
Port: 80
URL: http://shipping.chainzsolutions.com

First seen 2025-11-12 03:33
Last seen 2026-01-12 02:15
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-12 02:15
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: alexion-wilson.krunch.online
Port: 443
URL: https://alexion-wilson.krunch.online

First seen 2025-11-12 02:03
Last seen 2026-01-12 00:55
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff438e167678c2c87169305a2cea6e2a0a60403ac029

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /activity/
GET /doctor/
GET /doctor/activities_doctor_network/{id}
GET /doctor/best_doctors
GET /doctor/best_journals
GET /doctor/collaboration_repartition
GET /doctor/comparison
GET /doctor/doctor_activities/{rpps}
GET /doctor/doctor_activities_by_type/{rpps}
GET /doctor/doctor_activities_collaboration/{rpps}
GET /doctor/doctor_activities_network/{rpps}
GET /doctor/doctor_avantages/{rpps}
GET /doctor/doctor_conventions/{rpps}
GET /doctor/doctor_conventions_collaborations/{rpps}
GET /doctor/doctor_localization
GET /doctor/doctor_organisations/{rpps}
GET /doctor/doctor_publications/{rpps}
GET /doctor/doctor_publications_by_type/{rpps}
GET /doctor/doctor_publications_collaboration/{rpps}
GET /doctor/doctor_publications_network/{rpps}
GET /doctor/doctor_themes_network/{rpps}
GET /doctor/doctor_transparence/{rpps}
GET /doctor/doctors_kols
GET /doctor/kols_repartition
GET /doctor/main_list
GET /doctor/organisations_doctor/{id}
GET /doctor/publications_doctor/{id}
GET /doctor/themes_doctor_network/{id}
GET /doctor/transparence_collaborations/{id_company}
GET /doctor/transparence_doctor_network/{rpps}
GET /doctor/transparence_network/{id_company}
GET /doctor/transparence_synthese/{id_company}
GET /doctor/{rpps}
GET /hospital/
GET /organisation/
GET /publication/
GET /theme/
GET /transparence/best_conventions
GET /transparence/main_transparence
GET /user/

Found on 2026-01-12 00:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: server.demo.viabeez.com
Port: 443
URL: https://server.demo.viabeez.com

First seen 2025-11-03 01:18
Last seen 2026-01-11 02:53
Open for 69 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-11 02:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: uat-backend.twojpsycholog.pl
Port: 443
URL: https://uat-backend.twojpsycholog.pl

First seen 2025-11-11 02:37
Last seen 2026-01-11 01:28
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-11 01:28
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: voorstel-fietsenmintjensb2b.be
Port: 443
URL: https://voorstel-fietsenmintjensb2b.be

First seen 2025-11-13 02:43
Last seen 2026-01-10 01:19
Open for 57 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-10 01:19
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.kevinsdoor.de
Port: 443
URL: https://www.kevinsdoor.de

First seen 2025-10-21 01:10
Last seen 2026-01-10 01:18
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb45d0515b00597d0ea8c354b1a7454b4df18186956
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /artwork/
GET /artwork/positioned
GET /artwork/{artwork_id}
GET /image/s3_request
GET /user/{username}
```
  Found on 2026-01-10 01:18
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: heroku.slickracing.com.ua
Port: 443
URL: https://heroku.slickracing.com.ua

First seen 2025-10-19 23:16
Last seen 2026-01-10 01:02
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b2c7d9618c529994af9fea41a6cbee2a84024cc3e

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/v1/admin/cars
GET /api/v1/admin/circuits
GET /api/v1/admin/circuits/{id}
GET /api/v1/admin/circuits/{id}/configurations
GET /api/v1/admin/drivers
GET /api/v1/admin/drivers/sl-points
GET /api/v1/admin/drivers/{id}
GET /api/v1/admin/races
GET /api/v1/admin/races/{id}
GET /api/v1/admin/races/{id}/convert
GET /api/v1/admin/races/{id}/results
GET /api/v1/admin/regulations
GET /api/v1/admin/seasons
GET /api/v1/admin/seasons/{id}
GET /api/v1/admin/seasons/{id}/drivers
GET /api/v1/admin/seasons/{id}/recalculate
GET /api/v1/admin/simulators
GET /api/v1/admin/teams
GET /api/v1/admin/teams/{id}
GET /api/v1/drivers
GET /api/v1/drivers/{id}
GET /api/v1/drivers/{id}/recent-events
GET /api/v1/drivers/{id}/stats
GET /api/v1/races/{id}
GET /api/v1/regulations/active
GET /api/v1/regulations/{id}
GET /api/v1/seasons
GET /api/v1/seasons/last
GET /api/v1/seasons/last/schedule
GET /api/v1/seasons/last/standings
GET /api/v1/seasons/{id}
GET /api/v1/seasons/{id}/schedule
GET /api/v1/seasons/{id}/standings
GET /api/v1/seo-urls/drivers
GET /api/v1/seo-urls/seasons
GET /api/v1/teams
GET /api/v1/teams/{id}
GET /api/v1/users/roles
POST /api/v1/admin/drivers/refresh-stats
POST /api/v1/admin/races/{id}/add-results
POST /api/v1/admin/races/{id}/elo-enable
POST /api/v1/admin/seasons/{seasonId}/drivers
POST /api/v1/auth
POST /api/v1/auth/signup
POST /api/v1/users
PUT /api/v1/admin/seasons/{seasonId}/drivers/{driverId}
PUT /api/v1/users/change-password

Found on 2026-01-10 01:02

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b2c7d9618c529994af9fea41a6cbee2a8f72a1f03

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/v1/admin/cars
GET /api/v1/admin/circuits
GET /api/v1/admin/circuits/{id}
GET /api/v1/admin/circuits/{id}/configurations
GET /api/v1/admin/drivers
GET /api/v1/admin/drivers/sl-points
GET /api/v1/admin/drivers/{id}
GET /api/v1/admin/races
GET /api/v1/admin/races/{id}
GET /api/v1/admin/races/{id}/convert
GET /api/v1/admin/races/{id}/results
GET /api/v1/admin/regulations
GET /api/v1/admin/seasons
GET /api/v1/admin/seasons/{id}
GET /api/v1/admin/seasons/{id}/drivers
GET /api/v1/admin/seasons/{id}/recalculate
GET /api/v1/admin/simulators
GET /api/v1/admin/teams
GET /api/v1/admin/teams/{id}
GET /api/v1/drivers
GET /api/v1/drivers/{id}
GET /api/v1/drivers/{id}/recent-events
GET /api/v1/drivers/{id}/stats
GET /api/v1/races/{id}
GET /api/v1/regulations/active
GET /api/v1/regulations/{id}
GET /api/v1/seasons
GET /api/v1/seasons/last
GET /api/v1/seasons/last/standings
GET /api/v1/seasons/{id}
GET /api/v1/seasons/{id}/standings
GET /api/v1/seo-urls/drivers
GET /api/v1/seo-urls/seasons
GET /api/v1/teams
GET /api/v1/teams/{id}
GET /api/v1/users/roles
POST /api/v1/admin/drivers/refresh-stats
POST /api/v1/admin/races/{id}/add-results
POST /api/v1/admin/races/{id}/elo-enable
POST /api/v1/admin/seasons/{seasonId}/drivers
POST /api/v1/auth
POST /api/v1/auth/signup
POST /api/v1/users
PUT /api/v1/admin/seasons/{seasonId}/drivers/{driverId}
PUT /api/v1/users/change-password

Found on 2025-12-12 13:52

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b2c7d9618c529994af9fea41a6cbee2a84c0fd026

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /api/v1/admin/cars
GET /api/v1/admin/circuits
GET /api/v1/admin/circuits/{id}
GET /api/v1/admin/circuits/{id}/configurations
GET /api/v1/admin/drivers
GET /api/v1/admin/drivers/sl-points
GET /api/v1/admin/drivers/{id}
GET /api/v1/admin/races
GET /api/v1/admin/races/{id}
GET /api/v1/admin/races/{id}/convert
GET /api/v1/admin/races/{id}/results
GET /api/v1/admin/reglaments
GET /api/v1/admin/seasons
GET /api/v1/admin/seasons/{id}
GET /api/v1/admin/seasons/{id}/drivers
GET /api/v1/admin/seasons/{id}/recalculate
GET /api/v1/admin/simulators
GET /api/v1/admin/teams
GET /api/v1/admin/teams/{id}
GET /api/v1/drivers
GET /api/v1/drivers/{id}
GET /api/v1/drivers/{id}/recent-events
GET /api/v1/drivers/{id}/stats
GET /api/v1/races/{id}
GET /api/v1/reglaments/active
GET /api/v1/reglaments/{id}
GET /api/v1/seasons
GET /api/v1/seasons/last
GET /api/v1/seasons/last/standings
GET /api/v1/seasons/{id}
GET /api/v1/seasons/{id}/standings
GET /api/v1/seo-urls/drivers
GET /api/v1/seo-urls/seasons
GET /api/v1/teams
GET /api/v1/teams/{id}
GET /api/v1/users/roles
POST /api/v1/admin/drivers/refresh-stats
POST /api/v1/admin/races/{id}/add-results
POST /api/v1/admin/races/{id}/elo-enable
POST /api/v1/admin/seasons/{seasonId}/drivers
POST /api/v1/auth
POST /api/v1/auth/signup
POST /api/v1/users
PUT /api/v1/admin/seasons/{seasonId}/drivers/{driverId}
PUT /api/v1/users/change-password

Found on 2025-12-01 12:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.1001audios.be
Port: 443
URL: https://www.1001audios.be

First seen 2025-11-16 02:35
Last seen 2026-01-10 00:37
Open for 54 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e045802b218f2374ed61d0d631d4f0f10032ce94

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/tracked-calls
GET /my-account/api/my-offer/get-current-text
POST /admin/admin-login
POST /admin/api/admin-login
POST /admin/api/delete-notification
POST /admin/delete-notifications
POST /api/ask-for-orl-rdv/{orlId}
POST /api/ask-for-rdv-global
POST /api/ask-for-rdv/{audioProId}
POST /api/clicked-on-rdv-link/{audioProId}
POST /api/phone-number/{audioProId}
POST /api/stat
POST /api/stats
POST /my-account/api/accept-owner
POST /my-account/api/add-owner
POST /my-account/api/audiopro
POST /my-account/api/chu
POST /my-account/api/copy-callcenter/{audioProId}
POST /my-account/api/copy-fields/{audioProId}
POST /my-account/api/copy-non-premium-fields/{audioProId}
POST /my-account/api/copy-pricing-document/{audioProId}
POST /my-account/api/copy-pricing/{audioProId}
POST /my-account/api/create-audiopro
POST /my-account/api/create-chu
POST /my-account/api/create-orl
POST /my-account/api/decline-owner
POST /my-account/api/my-offer/remove
POST /my-account/api/my-offer/set-current-coupon
POST /my-account/api/my-offer/set-current-text
POST /my-account/api/my-offer/update
POST /my-account/api/my-visibility/remove
POST /my-account/api/my-visibility/update
POST /my-account/api/orl
POST /my-account/api/set-texts/{audioProId}
POST /my-account/update-google-reviews
POST /my-account/update-google-reviews-visibility
PUT /my-account/api/update-audiopro
PUT /my-account/api/update-chu
PUT /my-account/api/update-orl

Found on 2026-01-10 00:37

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.deton.no
Port: 80
URL: http://api.deton.no

First seen 2025-12-06 00:17
Last seen 2026-01-10 00:26
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5472907ed46d8c0c9de259a1fc6d228e7b309370a

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/attachments/{attachmentId}
DELETE /api/blast-plans/{planId}/change-worker/roles/{role}
DELETE /api/bmps/{bmpId}/change-blast-manager
DELETE /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project
DELETE /api/companies/{companyId}/credentials/{integrationType}
DELETE /api/projects/contacts/{contactId}
DELETE /api/projects/{projectId}/hierarchy/{nodeId}
DELETE /api/projects/{projectId}/users/{userId}
DELETE /shipment/{id}
GET /api/all/blast-plans/{planId}
GET /api/all/bmps/{bmpId}
GET /api/all/bmps/{bmpId}/blast-plans
GET /api/all/projects
GET /api/blast-holes/{holeId}
GET /api/blast-plan-statuses
GET /api/blast-plan/explosives/{explosiveId}
GET /api/blast-plans/{planId}
GET /api/blast-plans/{planId}/attachments/{type}
GET /api/blast-plans/{planId}/blast-set
GET /api/blast-plans/{planId}/employees/{role}
GET /api/blast-plans/{planId}/explosive-warehouses
GET /api/blast-plans/{planId}/ignition-configuration
GET /api/blast-plans/{planId}/map-markers
GET /api/blast-plans/{planId}/projects/contacts
GET /api/blast-plans/{planId}/residents-notification-message
GET /api/blast-plans/{planId}/rows-overview
GET /api/blast-plans/{planId}/sms-config
GET /api/blast-plans/{planId}/undetonated-charges
GET /api/blast-plans/{planId}/vibration-measurements
GET /api/blast-rows-types
GET /api/blast-rows/{rowId}
GET /api/blast-rows/{rowId}/holes
GET /api/blast-sets/{setId}
GET /api/blast-sets/{setId}/blast-sequence
GET /api/blast-sets/{setId}/ignition-configuration
GET /api/blast-sets/{setId}/ignition-configuration-reference/{type}
GET /api/blast-sets/{setId}/ignition-plan
GET /api/blast-sets/{setId}/plan-preview
GET /api/blast-sets/{setId}/real-tunnel-dimensions
GET /api/blast-sets/{setId}/report
GET /api/blast-sets/{setId}/row/{rowType}
GET /api/blast-sets/{setId}/rows
GET /api/blast-sets/{setId}/rows-overview
GET /api/blast-sets/{setId}/rows-sequence
GET /api/blast-sets/{setId}/rows/{rowType}
GET /api/bmp-sensors/{sensorId}
GET /api/bmp/explosives/{explosiveId}
GET /api/bmps/{bmpId}
GET /api/bmps/{bmpId}/available-integrations
GET /api/bmps/{bmpId}/blast-plan-markers
GET /api/bmps/{bmpId}/blast-plan-statuses
GET /api/bmps/{bmpId}/blast-plans
GET /api/bmps/{bmpId}/company
GET /api/bmps/{bmpId}/employees/{role}
GET /api/bmps/{bmpId}/groups/{group}/risks
GET /api/bmps/{bmpId}/map-markers
GET /api/bmps/{bmpId}/notification/contacts
GET /api/bmps/{bmpId}/notification/contacts/count
GET /api/bmps/{bmpId}/notification/contacts/custom
GET /api/bmps/{bmpId}/notification/group/{key}/categories
GET /api/bmps/{bmpId}/post-plan-markers
GET /api/bmps/{bmpId}/road-lines-map
GET /api/bmps/{bmpId}/road-lines-navigation
GET /api/bmps/{bmpId}/sensors
GET /api/bmps/{bmpId}/statistics
GET /api/bmps/{bmpId}/status
GET /api/bmps/{bmpId}/vibration-integrations
GET /api/bmps/{bmpId}/vibration-integrations/{integrationType}/projects
GET /api/charges/holes/{holeId}
GET /api/companies
GET /api/companies/{companyId}
GET /api/companies/{companyId}/contacts
GET /api/companies/{companyId}/employees
GET /api/companies/{companyId}/explosive-warehouses
GET /api/companies/{companyId}/projects
GET /api/companies/{companyId}/shipments
GET /api/companies/{companyId}/warehouses-stocks-transfers
GET /api/economy-report/projects
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/roles
GET /api/explosive-warehouses/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}
GET /api/explosive-warehouses/{warehouseId}/blast-plans/{planId}
GET /api/explosive-warehouses/{warehouseId}/stocks
GET /api/explosives/blast-plans/{planId}
GET /api/explosives/blast-plans/{planId}/grouped
GET /api/explosives/bmp/blast-plans/{planId}
GET /api/explosives/bmps/{bmpId}
GET /api/explosives/bmps/{bmpId}/grouped
GET /api/explosives/catalog/{supplier}
GET /api/explosives/suppliers
GET /api/filters
GET /api/holes-charges/sets/{setId}/rows/{rowType}
GET /api/holes-charges/{holeChargeId}
GET /api/invitations
GET /api/invitations-count
GET /api/map-markers/{markerId}
GET /api/notification/contact/{id}
GET /api/party/notification/{id}
GET /api/projects
GET /api/projects/{projectId}
GET /api/projects/{projectId}/blast-plan-markers
GET /api/projects/{projectId}/blast-plans
GET /api/projects/{projectId}/bmp-employees/{role}
GET /api/projects/{projectId}/bmp-owners
GET /api/projects/{projectId}/bmp-statuses
GET /api/projects/{projectId}/bmps
GET /api/projects/{projectId}/bmps/named-list
GET /api/projects/{projectId}/companies/{companyId}/users
GET /api/projects/{projectId}/contacts
GET /api/projects/{projectId}/flat-hierarchy
GET /api/projects/{projectId}/hierarchy
GET /api/projects/{projectId}/hierarchy/users
GET /api/projects/{projectId}/statistics
GET /api/projects/{projectId}/users
GET /api/projects/{projectsId}/blast-plan-statuses
GET /api/road-lines/{roadLineId}
GET /api/rows/{rowType}/charge-prototype
GET /api/security/blast-plans/{planId}
GET /api/security/bmps/{bmpId}
GET /api/security/companies/{companyId}
GET /api/security/companies/{companyId}/projects
GET /api/security/projects/{projectId}
GET /api/stocks/{stockId}
GET /api/transfers-stocks/{transferStockId}
GET /api/undetonated-charge/{chargeId}
GET /api/user
GET /api/user-companies
GET /api/user-employee-companies
GET /api/user/config
GET /api/user/notifications
GET /api/user/notifications/count
GET /api/users
GET /api/users/{userId}
GET /api/users/{userId}/config
GET /api/v2/security/projects/{projectId}
GET /api/warehouses-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}
GET /api/warehouses-room-inventories/{inventoryId}/attachments
GET /api/warehouses-stocks-transfers/{transferId}
GET /api/warehouses-stocks-transfers/{transferId}/stocks
GET /api/warehouses/{warehouseId}/inventories
GET /api/warehouses/{warehouseId}/room-inventories
GET /api/worker-change-requests
GET /public/api/invitations/hash/{hash}
GET /public/api/mapbox/configuration
GET /public/api/otc/{code}
GET /public/api/risks/groups
GET /public/api/risks/{bmpId}
GET /public/api/roles
GET /public/api/units/{unitType}
GET /public/push/phone/{phone}
POST /api/blast-plans/{planId}/actual-blast-time-removal
POST /api/blast-plans/{planId}/cancellation
POST /api/blast-plans/{planId}/change-worker/{employeeId}/roles/{role}
POST /api/blast-plans/{planId}/share-report-file
POST /api/blast-plans/{planId}/undetonated-charge
POST /api/blast-rows/{rowId}/holes-dimensions
POST /api/blast-sets-statistics
POST /api/blast-sets/blast-plans/{planId}
POST /api/blast-sets/{setId}/coordinates
POST /api/blast-sets/{setId}/holes-coordinates
POST /api/blast-sets/{setId}/ignition-plan-attachment
POST /api/bmps/{bmpId}/change-blast-manager/{employeeId}
POST /api/bmps/{bmpId}/default-risks
POST /api/bmps/{bmpId}/notification/contact
POST /api/bmps/{bmpId}/notification/group/{key}/category
POST /api/bmps/{bmpId}/road-lines
POST /api/bmps/{bmpId}/road-lines/invitation
POST /api/bmps/{bmpId}/share-report-file
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/refresh
POST /api/bmps/{bmpId}/vibration-integrations/{integrationType}/project/{integrationProjectId}
POST /api/bmps/{fromBmpId}/notification/contacts/to/{toBmpId}
POST /api/companies/{companyId}/credentials
POST /api/companies/{companyId}/projects/{projectId}/economy-report/prices
POST /api/companies/{companyId}/projects/{projectId}/invitations
POST /api/companies/{orgNo}
POST /api/employees/{employeeId}/sms/resend
POST /api/explosive-warehouses/transfer/all/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/transfer/from/{fromWarehouse}/to/{toWarehouse}
POST /api/explosive-warehouses/{warehouseId}/closure
POST /api/explosive-warehouses/{warehouseId}/share-report
POST /api/explosive-warehouses/{warehouseId}/{articleId}
POST /api/explosives/blast-plans/{planId}/bmp-explosive-materials
POST /api/explosives/blast-plans/{planId}/warehouse-explosive-materials
POST /api/explosives/catalog/{supplier}/extended
POST /api/explosives/catalog/{supplier}/simple
POST /api/mitigations/{mitigationId}
POST /api/notifications/{notificationId}/attachments
POST /api/project-sets-maps
POST /api/risks/{riskId}
POST /api/shipments/{shipmentId}/processing
POST /api/shipments/{shipmentId}/warehouses/{warehouseId}
POST /api/user/data-sharing
POST /api/user/firebase-cloud-messaging-token
POST /api/user/notifications/{notificationId}
POST /api/user/request-removal
POST /api/users/new-version-notification
POST /api/warehouses-inventories/{inventoryId}/share-report
POST /api/warehouses-stocks-transfers/{transferId}/share-document
POST /api/warehouses-stocks-transfers/{transfer}
POST /api/warehouses/{warehouseId}/room-inventories/{inventoryType}
POST /api/worker-change-requests/{requestId}/invitation-response
POST /public/api/invitations/{invitationId}/accept
POST /public/api/invitations/{invitationId}/accept-for-new
POST /public/api/invitations/{invitationId}/decline
POST /public/api/phone/{phone}/otc
POST /public/api/tripletex/companies/{orgNo}
POST /public/api/users
POST /public/uploadcare/webhook
POST /shipment/upload
PUT /api/bmps/{bmpId}/status/{status}
PUT /api/bmps/{bmpId}/warehouse/{withWarehouse}
PUT /api/employees/{employeeId}/status
PUT /api/holes-charges/holes
PUT /api/holes-charges/holes/{holeId}
PUT /api/holes-charges/rows/{rowId}
PUT /api/project-sensors/{sensorId}
PUT /api/projects/{projectId}/hierarchy/rearrange
PUT /api/projects/{projectId}/status/{status}
PUT /api/warehouses-room-inventories/points/{pointId}
PUT /public/api/otc

Found on 2026-01-10 00:26

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2025-12-23 03:04

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.starknet-db.com
Port: 443
URL: https://api.starknet-db.com

First seen 2025-12-09 00:31
Last seen 2026-01-10 00:11
Open for 31 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e5563eb92b778c5aa30de6f200c5ead5203e87ef70
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /bridge-metrics
GET /contracts
GET /contracts/{address}/on-chain-metrics
GET /contributions
GET /github-metrics/{organization}/{name}
GET /npm-downloads/{name}
GET /projects
GET /projects/{id}
GET /projects/{id}/social-metrics
GET /tweet-counts
```
  Found on 2026-01-10 00:11
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: prod-cmd-pem-new-issuer.kenetto.com
Port: 80
URL: http://prod-cmd-pem-new-issuer.kenetto.com

First seen 2025-12-12 01:16
Last seen 2026-01-09 23:19
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b971511079c47070e854a03255229fc5aa8ed4b00
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /rnu/{id}
GET /rnu2/{sns}
GET /v2/rnu/{id}
POST /auth/authenticate
POST /auth/token
POST /cmd/
POST /cmd/getCertificate
POST /cmd/otp
POST /mcdt
POST /mcdt/exam
POST /pem/
POST /pem/signed
POST /pem2/
POST /pem2/addSignature
POST /pem2/annull
POST /pem2/annullment
POST /pem2/prescribe
POST /pem3/
POST /pem3/addSignature
POST /pem3/annull
POST /pem3/annullment
POST /pem3/prescribe
POST /rnt/
```
  Found on 2026-01-09 23:19
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: app.tap-stamp.com
Port: 443
URL: https://app.tap-stamp.com

First seen 2025-11-07 01:27
Last seen 2026-01-09 23:15
Open for 63 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e58b561266599773804ecfac4dca34699caa9fa8d1

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/dashboard/delete
DELETE /api/profile/delete
GET /api/dashboard/card
GET /api/dashboard/clients
GET /api/dashboard/metrics
GET /api/dashboard/settings
GET /api/passes/generate/init/{jwtCardId}
GET /api/passes/generate/{posQrToken}
GET /api/pos/logo/{id}
GET /api/scan/{qrToken}
GET /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}
GET /v1/passes/{passTypeIdentifier}/{serialNumber}
POST /api/dashboard/activate
POST /api/dashboard/login
POST /api/dashboard/login/biometric
POST /api/dashboard/password/reset
POST /api/dashboard/register
POST /api/device/register
POST /api/login
POST /api/login/biometric
POST /api/login/oauth
POST /api/pos/logo/upload
POST /api/pos/register
POST /api/pos/staff/signup
POST /api/pos/stamps
POST /api/profile/forget
POST /api/register
POST /api/scan/redeem/{qrToken}
POST /v1/devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber}
POST /v1/log
PUT /api/dashboard/password/update
PUT /api/profile/password
PUT /api/profile/update

Found on 2026-01-09 23:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.backoffice.omegainnov.com
Port: 80
URL: http://api.backoffice.omegainnov.com

First seen 2025-11-15 03:00
Last seen 2026-01-09 21:48
Open for 55 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 21:48
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-staging.jelpster.io
Port: 443
URL: https://api-staging.jelpster.io

First seen 2025-11-03 01:28
Last seen 2026-01-09 20:40
Open for 67 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff43606f52d9857ee405e220c5cb3e52cd3c440c7b48

Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /company/tasks/{taskId}/worker
GET /company/alerts
GET /company/profile
GET /company/tasks
GET /company/tasks/no
GET /company/tasks/{taskId}
GET /company/workers
GET /health
GET /integration/tasks/{externalTaskId}/spareparts
GET /worker/profile
GET /worker/tasks
GET /worker/tasks/no
GET /worker/tasks/{taskId}
GET /worker/unavailability
PATCH /company/tasks/{taskId}/accept
PATCH /company/tasks/{taskId}/acknowledge
PATCH /company/tasks/{taskId}/reject
PATCH /company/tasks/{taskId}/worker/{workerId}
POST /company/authenticate
POST /integration/authenticate
POST /integration/task
POST /integration/tasks/{externalTaskId}/spareparts/{sparePartId}
POST /worker/authenticate
POST /worker/logout
POST /worker/tasks/{taskId}/workhours
POST /worker/tasksteps/{taskId}
PUT /worker/tasks/{taskId}/workhours/{workHourId}
PUT /worker/unavailability/
PUT /worker/unavailability/{unavailabilityId}

Found on 2026-01-09 20:40

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: testing.nestloop.org.uk
Port: 443
URL: https://testing.nestloop.org.uk

First seen 2025-11-15 03:00
Last seen 2026-01-09 20:02
Open for 55 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 20:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.mytwido.com
Port: 443
URL: https://api.mytwido.com

First seen 2025-11-05 00:51
Last seen 2026-01-09 19:34
Open for 65 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-09 19:34
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-staging.parsedoc.com
Port: 443
URL: https://api-staging.parsedoc.com

First seen 2025-12-06 00:58
Last seen 2026-01-09 19:27
Open for 34 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 19:27
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: app.max-wax.co.uk
Port: 80
URL: http://app.max-wax.co.uk

First seen 2025-11-27 00:28
Last seen 2026-01-09 19:19
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 19:19
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: app.staging.kolimmo.com
Port: 443
URL: https://app.staging.kolimmo.com

First seen 2025-10-15 03:30
Last seen 2026-01-09 18:44
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 18:44
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.cabinet-digital.com
Port: 80
URL: http://www.cabinet-digital.com

First seen 2025-10-28 00:20
Last seen 2026-01-09 18:18
Open for 73 days

Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf719be356028ad0ccce9b98dc118000418c0b815c4

Public Swagger UI/API detected at path: /swagger-ui.html - sample paths:
GET /api/v1/actorInformation/{id}
GET /api/v1/actors
GET /api/v1/actors/history/{id}
GET /api/v1/actors/secretary/{id}
GET /api/v1/actors/{id}
GET /api/v1/certificateModels
GET /api/v1/certificateModels/{id}
GET /api/v1/doctors/{doctorId}/patientDetails/countries
GET /api/v1/doctors/{doctorId}/patientDetails/patients/{patientId}
GET /api/v1/doctors/{doctorId}/patientDetails/{id}
GET /api/v1/doctors/{doctorId}/patients
GET /api/v1/doctors/{doctorId}/patients/quickSearch
GET /api/v1/doctors/{doctorId}/patients/quickSearchWithDetails
GET /api/v1/doctors/{doctorId}/patients/search
GET /api/v1/doctors/{doctorId}/patients/{id}
GET /api/v1/doctors/{doctorId}/patients/{id}/countDocuments
GET /api/v1/drugs
GET /api/v1/drugs/search
GET /api/v1/drugs/{id}
GET /api/v1/ordonnances/passage/{passageId}
GET /api/v1/ordonnances/{ordonnanceId}
GET /api/v1/passageCertificates/passage/{passageId}
GET /api/v1/passageCertificates/{id}
GET /api/v1/passageDocument/passage/{passageId}
GET /api/v1/passageDocument/patient/{patientId}
GET /api/v1/passageDocument/{id}
GET /api/v1/passageDocument/{id}/download
GET /api/v1/passageFiles/demandeScanEchoExamBio/{demandeId}
GET /api/v1/passageFiles/demandeScanEchoExamBio/{demandeId}/download
GET /api/v1/passageFiles/{id}
GET /api/v1/passageFiles/{id}/download
GET /api/v1/passageReport/passage/{passageId}
GET /api/v1/passageScanEchoExamBios/passage/{passageId}
GET /api/v1/passageScanEchoExamBios/{id}
GET /api/v1/patients/{patientId}/passages
GET /api/v1/patients/{patientId}/passages/{id}
GET /api/v1/patients/{patientId}/patientAntecedents
GET /api/v1/patients/{patientId}/patientAntecedents/{id}
GET /api/v1/patients/{patientId}/patientAtcdNeonatales
GET /api/v1/patients/{patientId}/patientAtcdNeonatales/{id}
GET /api/v1/patients/{patientId}/patientContacts
GET /api/v1/patients/{patientId}/patientContacts/{id}
GET /api/v1/patients/{patientId}/patientGrowths
GET /api/v1/patients/{patientId}/patientGrowths/passage/{passageId}
GET /api/v1/patients/{patientId}/patientGrowths/{id}
GET /api/v1/patients/{patientId}/patientVaccination
GET /api/v1/patients/{patientId}/patientVaccination/{id}
GET /api/v1/pdfs/certificate/{certificateId}
GET /api/v1/pdfs/ordonnance/{ordonnanceId}/doctor/{doctorId}/patients/{patientId}
GET /api/v1/pdfs/report/passage/{passageId}
GET /api/v1/pdfs/scanEchoExamBio/{scanEchoExamBioId}
GET /api/v1/rdvs/doctor/{doctorId}
GET /api/v1/rdvs/doctor/{doctorId}/count
GET /api/v1/rdvs/doctor/{doctorId}/patient/{patientId}
GET /api/v1/rdvs/doctor/{doctorId}/patient/{patientId}/countFuture
GET /api/v1/rdvs/patient/{patientId}
GET /api/v1/rdvs/{id}
GET /api/v1/reporting/doctor/{doctorId}/patientsByAgeSex
GET /api/v1/reporting/doctor/{doctorId}/rdvByMonth
GET /api/v1/reporting/doctor/{doctorId}/rdvYears
GET /api/v1/salleAttente/doctor/{doctorId}/countPresents
GET /api/v1/salleAttente/doctor/{doctorId}/encours
GET /api/v1/salleAttente/doctor/{doctorId}/presents
GET /api/v1/salleAttente/doctor/{doctorId}/terminees
POST /api/v1/actors/history
POST /api/v1/reporting/doctor/{doctorId}/patientsByAge
POST /api/v1/salleAttente/doctor/{doctorId}/patient/{patientId}
PUT /api/v1/actorInformation/{id}/changeLanguage/{language}
PUT /api/v1/actorInformation/{id}/changeTheme/{theme}
PUT /api/v1/actors/{id}/enable
PUT /api/v1/ordonnances/{id}
PUT /api/v1/passageReport/{id}
PUT /api/v1/rdvs/{id}/patient/{patientId}
PUT /api/v1/salleAttente/doctor/{doctorId}/updateListOrder
PUT /api/v1/salleAttente/{id}

Found on 2026-01-09 18:18

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: log03-a.hukseflux.com
Port: 443
URL: https://log03-a.hukseflux.com

First seen 2025-12-09 00:13
Last seen 2026-01-09 18:16
Open for 31 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b154c1d579a523a5fc6ac4637e4190c33ca2a171f
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
POST /api/calibration-record
POST /api/calibration-record/data-logger
POST /api/measurement-record
POST /api/measurement-record/data-logger
POST /api/measurement-record/search
POST /api/product/characteristics/retrieve
POST /api/product/characteristics/store
POST /api/product/release
POST /api/product/rnd
POST /api/product/serial-number
POST /api/product/service
POST /api/sensor/characteristics/retrieve
POST /api/sensor/characteristics/store
POST /api/sensor/release
POST /api/sensor/serial-number
```
  Found on 2026-01-09 18:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: app.max-wax.co.uk
Port: 443
URL: https://app.max-wax.co.uk

First seen 2025-11-27 00:28
Last seen 2026-01-09 17:46
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 17:46
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: gateway.neslotech.co.za
Port: 443
URL: https://gateway.neslotech.co.za

First seen 2025-10-25 00:08
Last seen 2026-01-09 17:42
Open for 76 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b2b5ec57f5ebcd0a4cf4806d530eac4e52bc7a45c

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /gateway/v1/kudos/nominations/{nominationId}/messages
DELETE /gateway/v1/scheduling/clients/{clientId}/projects/{projectId}
DELETE /gateway/v1/scheduling/projects/{projectId}/tasks/{taskId}
GET /actuator
GET /actuator/health
GET /actuator/health/**
GET /error
GET /gateway/v1/auth/verify
GET /gateway/v1/directory
GET /gateway/v1/directory/{userId}
GET /gateway/v1/kudos/categories
GET /gateway/v1/kudos/categories/nomination-frequency
GET /gateway/v1/kudos/nominations
GET /gateway/v1/kudos/nominations/{nominationId}/comments
GET /gateway/v1/kudos/nominations/{nominationId}/comments/{commentId}/replies
GET /gateway/v1/points/leaders
GET /gateway/v1/scheduling/allocations
GET /gateway/v1/scheduling/clients
GET /gateway/v1/scheduling/clients/{clientId}
GET /gateway/v1/scheduling/leave-categories
GET /gateway/v1/scheduling/leave-categories/{leaveCategoryId}
GET /gateway/v1/scheduling/permissions
GET /gateway/v1/scheduling/projects
GET /gateway/v1/scheduling/projects/metadata
GET /gateway/v1/scheduling/projects/{projectId}
GET /gateway/v1/scheduling/projects/{projectId}/tasks
GET /gateway/v1/scheduling/projects/{projectId}/team-members
GET /gateway/v1/scheduling/timesheets
GET /gateway/v1/scheduling/timesheets/{timesheetId}
GET /gateway/v1/scheduling/users/{userId}/permissions
GET /gateway/v1/scheduling/users/{userId}/timesheets
GET /gateway/v1/users
GET /gateway/v1/users/{recipientId}/points
GET /gateway/v1/users/{userId}
GET /gateway/v1/users/{userId}/activate
GET /gateway/v1/users/{userId}/basic-profile
GET /gateway/v1/users/{userId}/kudos/categories/most-frequent
GET /gateway/v1/users/{userId}/kudos/nominations
GET /gateway/v1/users/{userId}/kudos/remaining-points
GET /gateway/v1/users/{userId}/notifications
PATCH /gateway/v1/kudos/categories/{categoryId}/activate
PATCH /gateway/v1/kudos/categories/{categoryId}/deactivate
PATCH /gateway/v1/users/{userId}/notifications/mark-all-read
PATCH /gateway/v1/users/{userId}/notifications/{notificationId}/read/invert
PATCH /gateway/v1/users/{userId}/profile-image
PATCH /gateway/v1/users/{userId}/role
POST /gateway/v1/kudos/nominations/{nominationId}/reports
POST /gateway/v1/notifications
POST /gateway/v1/scheduling/leave-allocations
POST /gateway/v1/scheduling/task-allocations
POST /gateway/v1/scheduling/timesheets/download
POST /gateway/v1/scheduling/users/{userId}/leave-allocations
POST /gateway/v1/scheduling/users/{userId}/task-allocations
POST /gateway/v1/users/{userId}/addresses
POST /gateway/v1/users/{userId}/bank-details
POST /gateway/v1/users/{userId}/emergency-details
POST /gateway/v1/users/{userId}/employee-details
POST /gateway/v1/users/{userId}/socials
PUT /gateway/v1/kudos/categories/{categoryId}
PUT /gateway/v1/kudos/nominations/{nominationId}/comments/{commentId}
PUT /gateway/v1/kudos/nominations/{nominationId}/likes/{likerId}/toggle
PUT /gateway/v1/scheduling/clients/{clientId}/reinstate
PUT /gateway/v1/scheduling/leave-categories/{leaveCategoryId}/reinstate
PUT /gateway/v1/scheduling/projects/{projectId}/reinstate
PUT /gateway/v1/scheduling/timesheets/{timesheetId}/approve
PUT /gateway/v1/scheduling/users/{userId}/leave-allocations/{leaveAllocationId}
PUT /gateway/v1/scheduling/users/{userId}/task-allocations/{taskAllocationId}
PUT /gateway/v1/users/{userId}/addresses/{addressId}
PUT /gateway/v1/users/{userId}/bank-details/{bankDetailId}
PUT /gateway/v1/users/{userId}/emergency-details/{emergencyDetailId}

Found on 2026-01-09 17:42

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: userapi.neslotech.co.za
Port: 443
URL: https://userapi.neslotech.co.za

First seen 2025-10-25 00:18
Last seen 2026-01-09 17:07
Open for 76 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b98651d5b19cca270eb6bf91a517e5999a2b70b10

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /actuator
GET /actuator/health
GET /actuator/health/**
GET /api/v1/auth/auth/profile
GET /api/v1/auth/profile
GET /api/v1/directory
GET /api/v1/directory/{userId}
GET /api/v1/users
GET /api/v1/users/{userId}
GET /api/v1/users/{userId}/activate
GET /api/v1/users/{userId}/basic-profile
GET /error
PATCH /api/v1/users/users/{userId}
POST /api/v1/users/{userId}/addresses
POST /api/v1/users/{userId}/bank-details
POST /api/v1/users/{userId}/emergency-details
POST /api/v1/users/{userId}/employee-details
POST /api/v1/users/{userId}/role
POST /api/v1/users/{userId}/socials
PUT /api/v1/users/{userId}/addresses/{addressId}
PUT /api/v1/users/{userId}/bank-details/{bankDetailId}
PUT /api/v1/users/{userId}/emergency-details/{emergencyDetailId}
PUT /api/v1/users/{userId}/profile-image

Found on 2026-01-09 17:07

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: doc-m-ci.comalatech.app
Port: 80
URL: http://doc-m-ci.comalatech.app

First seen 2025-11-13 03:13
Last seen 2026-01-09 16:41
Open for 57 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 16:41
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.remotest.pro
Port: 443
URL: https://api.remotest.pro

First seen 2025-11-25 00:05
Last seen 2026-01-09 16:25
Open for 45 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e55fcba56f174bf48b174bf48b174bf48b174bf48b
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/measurements/ssn/{ssn}/report
POST /api/measurements/ssn/initiate
```
  Found on 2026-01-09 16:25
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.production.app.elchrono.com
Port: 80
URL: http://api.production.app.elchrono.com

First seen 2025-10-19 01:49
Last seen 2026-01-09 16:00
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 16:00
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: mel.50eight.com
Port: 80
URL: http://mel.50eight.com

First seen 2025-10-14 15:54
Last seen 2026-01-09 15:24
Open for 86 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb4892196a5c5443dd3daedeb7e880cc3e4a382543c

Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /accounts/confirm-password/{uuid}/{token}/
GET /api/v1/activities/
GET /api/v1/activities/impacts/count
GET /api/v1/activities/metrics/
GET /api/v1/activities/{id}/
GET /api/v1/activity-baselines/
GET /api/v1/activity-documents/
GET /api/v1/activity-documents/{id}/
GET /api/v1/activity-observations/
GET /api/v1/activity-observations/{id}/
GET /api/v1/activity-performance/
GET /api/v1/activity-targets/
GET /api/v1/activity/{activity_id}/baselines
GET /api/v1/activity/{activity_id}/documents
GET /api/v1/activity/{activity_id}/observations
GET /api/v1/activity/{activity_id}/performances
GET /api/v1/activity/{activity_id}/targets
GET /api/v1/prismic/content
GET /api/v1/projects/
GET /api/v1/projects/{id}/
GET /api/v1/projects/{project_id}/activities/
GET /api/v1/users/count/
POST /api/v1/accounts/comfirm-password-code
POST /api/v1/accounts/image-consent
POST /api/v1/accounts/register
POST /api/v1/accounts/reset-password
POST /api/v1/accounts/reset-password-request
POST /api/v1/accounts/seen-screens
POST /api/v1/activity-documents/upload/{id}/
POST /api/v1/activity-observations/upload/{id}/
POST /api/v1/prismic/webhook
POST /api/v1/projects/upload/{id}/
POST /api/v1/token/
POST /api/v1/token/refresh/
PUT /api/v1/activity-baselines/{id}/
PUT /api/v1/activity-performance/{id}/
PUT /api/v1/activity-targets/{id}/

Found on 2026-01-09 15:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.skyjo.tomiste.com
Port: 443
URL: https://api.skyjo.tomiste.com

First seen 2025-11-01 06:59
Last seen 2026-01-09 14:54
Open for 69 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e52cad916cd99cb1404ecfa61b43d4ba117f3d9f9f
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1.0/skyjo/games/open
GET /api/v1.0/skyjo/games/{id}
GET /api/v1.0/skyjo/games/{id}/lobby/sse
GET /api/v1.0/skyjo/games/{id}/sse
GET /api/v1.0/skyjo/statistics
POST /api/v1.0/skyjo/games
POST /api/v1.0/skyjo/games/{id}/card
POST /api/v1.0/skyjo/games/{id}/deal
POST /api/v1.0/skyjo/games/{id}/deck
POST /api/v1.0/skyjo/games/{id}/discard
POST /api/v1.0/skyjo/games/{id}/discard-pile
POST /api/v1.0/skyjo/games/{id}/players
```
  Found on 2026-01-09 14:54
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: portail.client.aviquali.com
Port: 443
URL: https://portail.client.aviquali.com

First seen 2025-10-25 04:26
Last seen 2026-01-09 14:42
Open for 76 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 14:42
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: opplevelser-api.vilmer.no
Port: 443
URL: https://opplevelser-api.vilmer.no

First seen 2025-10-14 13:47
Last seen 2026-01-09 14:31
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 14:31
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.famma.shop
Port: 443
URL: https://api.famma.shop

First seen 2025-12-02 12:24
Last seen 2026-01-09 11:57
Open for 37 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 11:57
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.results.gsf.ge
Port: 443
URL: https://api.results.gsf.ge

First seen 2025-12-04 00:05
Last seen 2026-01-09 11:10
Open for 36 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb47ebae38582aa892e722b65b6ead942864037ee2f
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /age-group/
GET /age-group/{id}/
GET /competition-day/
GET /competition-day/{id}/
GET /competitor/
GET /competitor/{id}/
GET /discipline/
GET /discipline/{id}/
GET /gender/
GET /gender/{id}/
GET /registration/
GET /registration/{id}/
GET /results/
GET /results/{id}/
GET /school/
GET /school/{id}/
GET /search-results/
GET /season-winners/
GET /season/
GET /season/{id}/
GET /stage/
GET /stage/{id}/
POST /api-token-auth/
POST /batch_sync_results/
POST /download_excel/
POST /download_pdf/
POST /download_results_pdf/
POST /logout/
POST /randomizer/
POST /sync-registrations/
```
  Found on 2026-01-09 11:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: staging-api.motion.org.uk
Port: 80
URL: http://staging-api.motion.org.uk

First seen 2025-11-23 02:11
Last seen 2026-01-09 10:56
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 10:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.dev.clublamer.es
Port: 443
URL: https://api.dev.clublamer.es

First seen 2025-11-07 00:26
Last seen 2026-01-09 10:50
Open for 63 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 10:50
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: bakgrunnssjekk-sandbox.semac.no
Port: 443
URL: https://bakgrunnssjekk-sandbox.semac.no

First seen 2025-11-24 04:16
Last seen 2026-01-09 10:02
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb46b2be8806407db90cc128ed37e411d61a2ad2de0
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /v1/cases/{id}
GET /v1/departments
GET /v1/employers
GET /v1/institutions
GET /v1/invoice_recipients
GET /v1/invoice_references
GET /v1/levels
GET /v1/questionnaires
GET /v1/sources
POST /v1/cases
POST /v1/cases/{id}/documents
```
  Found on 2026-01-09 10:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: backend.lagerloewe.com
Port: 80
URL: http://backend.lagerloewe.com

First seen 2025-10-18 17:22
Last seen 2026-01-09 09:00
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43ed297c28e37132a1d5da627c048ce23fa5313efd
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /customer/discountPlans
GET /customer/facilities
GET /customer/facilities/{facility_id}/sizecategories
GET /customer/insuranceSteps
GET /customer/payments/validate
GET /customer/picklistvalues
GET /customer/products
GET /customer/reservations/{token}
GET /customer/units
POST /customer/checkout
POST /customer/customer/initial
POST /customer/discountPlans/code
POST /customer/payments/pay
POST /customer/reservations
POST /customer/unitLock
POST /customer/unitLock/unlock
PUT /customer/customer
```
  Found on 2026-01-09 09:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-dev.omegainnov.com
Port: 80
URL: http://api-dev.omegainnov.com

First seen 2025-12-05 00:18
Last seen 2026-01-09 08:36
Open for 35 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 08:36
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.bibleandbookministry.app
Port: 443
URL: https://api.bibleandbookministry.app

First seen 2025-11-20 00:52
Last seen 2026-01-09 07:56
Open for 50 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b4d4b76174a935184d3b0d682e43751fde9ac33d5

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/v1/admin/remove-book/{productId}
DELETE /api/v1/cart/clear
DELETE /api/v1/cart/remove-item
GET /api/v1/admin/books/get-available
GET /api/v1/admin/books/highest-selling
GET /api/v1/admin/books/low-stock
GET /api/v1/admin/count-users
GET /api/v1/admin/get-books
GET /api/v1/admin/get-user/{userId}
GET /api/v1/admin/get-users
GET /api/v1/admin/orders/customer/{customerId}
GET /api/v1/admin/orders/get-total
GET /api/v1/admin/orders/total-sales
GET /api/v1/books/all-books
GET /api/v1/books/get-book/{bookId}
GET /api/v1/books/get-category/{category}
GET /api/v1/cart/get-items
GET /api/v1/order/callback
GET /api/v1/order/customer/get-order
GET /api/v1/order/get-order/{orderId}
GET /api/v1/reviews/book/{bookId}
GET /api/v1/roles
GET /api/v1/roles/code/{roleCode}
GET /api/v1/roles/{roleId}
GET /api/v1/test/admin-only
GET /api/v1/test/auth-info
GET /api/v1/test/customer-only
GET /api/v1/test/shared
GET /api/v1/user/book-catalog
GET /api/v1/user/get-book/{bookId}
PATCH /api/v1/admin/update-details
PATCH /api/v1/admin/update-media
PATCH /api/v1/roles/{roleId}/activate
PATCH /api/v1/roles/{roleId}/deactivate
POST /api/v1/admin/add-book
POST /api/v1/admin/category/create-defaults
POST /api/v1/admin/category/new
POST /api/v1/admin/register
POST /api/v1/auth/login
POST /api/v1/auth/request-validation
POST /api/v1/auth/signup
POST /api/v1/auth/validate-email
POST /api/v1/cart/add
POST /api/v1/order/buy-now
POST /api/v1/order/checkout
POST /api/v1/reviews
POST /api/v1/roles/create
POST /api/v1/user/cart/add
POST /api/v1/webhook
PUT /api/v1/admin/update
PUT /api/v1/order/update-status

Found on 2026-01-09 07:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: auth.alisdijital.com
Port: 443
URL: https://auth.alisdijital.com

First seen 2025-10-18 00:27
Last seen 2026-01-09 07:47
Open for 83 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 07:47
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: admin.leadsie.com
Port: 443
URL: https://admin.leadsie.com

First seen 2025-12-08 00:30
Last seen 2026-01-09 07:24
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 07:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: opplevelser-api.vilmer.no
Port: 80
URL: http://opplevelser-api.vilmer.no

First seen 2025-10-14 13:47
Last seen 2026-01-09 07:24
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 07:24
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.elchrono.com
Port: 80
URL: http://api.elchrono.com

First seen 2025-10-26 00:26
Last seen 2026-01-09 07:20
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 07:20
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.o2e.sa
Port: 443
URL: https://www.o2e.sa

First seen 2025-11-21 02:39
Last seen 2026-01-09 07:01
Open for 49 days

Severity: info
Fingerprint: 5733ddf49ff49cd110a331ecb3069b91a7defb6a429d57bd48c622f39d1a37c7

Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
DELETE /api/account/{email}
DELETE /api/admin/users/{id}
DELETE /api/bookmarks/offer/{id}
DELETE /api/family-user/{email}
GET /api/account
GET /api/admin/admin-users
GET /api/admin/advertising
GET /api/admin/advertising/{id}
GET /api/admin/catering-requests
GET /api/admin/catering-requests/{id}
GET /api/admin/company/{companyId}/users
GET /api/admin/company/{companyId}/users/filter
GET /api/admin/dashboard
GET /api/admin/dashboard/redeemers
GET /api/admin/gifts
GET /api/admin/report
GET /api/admin/report/businesses
GET /api/admin/report/consumed-offer-per-business
GET /api/admin/report/most-visited-business
GET /api/admin/report/offers
GET /api/admin/report/pdf
GET /api/admin/report/redeemers
GET /api/admin/report/top-users
GET /api/admin/report/users
GET /api/admin/report/xlsx
GET /api/admin/users
GET /api/admin/users/list
GET /api/admin/users/{login}
GET /api/authenticate
GET /api/authorities
GET /api/bookmarks
GET /api/bookmarks/{id}
GET /api/business-categories
GET /api/business-categories-page
GET /api/business-categories/{id}
GET /api/businesses
GET /api/businesses/summary
GET /api/businesses/{id}
GET /api/businesses/{id}/visited
GET /api/companies
GET /api/companies/list
GET /api/companies/{id}
GET /api/company-admins
GET /api/company-admins/{id}
GET /api/company-types
GET /api/company-types/{id}
GET /api/config/whatsapp
GET /api/contact-us
GET /api/contact-us/{id}
GET /api/contacts
GET /api/contacts/{id}
GET /api/enabled/businesses
GET /api/generate-qr
GET /api/gifts
GET /api/gifts/count
GET /api/gifts/{id}
GET /api/join-us
GET /api/join-us/{id}
GET /api/locations
GET /api/locations/{id}
GET /api/mobile/advertising
GET /api/notifications
GET /api/notifications/{id}
GET /api/offer-logs/company/{companyId}
GET /api/offers
GET /api/offers/available-priority
GET /api/offers/exclusive
GET /api/offers/with-priority
GET /api/offers/{id}
GET /api/scan-qr
GET /api/storges/{uuid}
GET /api/users
GET /api/v2/offers
PATCH /api/admin/user/{id}
POST /api/account/change-password
POST /api/account/family/reset-password/finish
POST /api/account/resend-otp
POST /api/account/reset-password/check
POST /api/account/reset-password/finish
POST /api/account/reset-password/init
POST /api/activate
POST /api/businesses/bulk
POST /api/family-user
POST /api/migrate/files
POST /api/offer
POST /api/offer-logs
POST /api/offers/{id}/priority
POST /api/register
POST /api/support

Found on 2026-01-09 07:01

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: planification.lps.nc
Port: 443
URL: https://planification.lps.nc

First seen 2025-11-14 02:33
Last seen 2026-01-09 06:47
Open for 56 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 06:47
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: pdf.publidata.dev
Port: 80
URL: http://pdf.publidata.dev

First seen 2025-10-20 00:57
Last seen 2026-01-09 06:16
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 06:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.friendsta.tech
Port: 443
URL: https://www.friendsta.tech

First seen 2025-10-21 00:10
Last seen 2026-01-09 06:14
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 06:14
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-dev.yondr.es
Port: 443
URL: https://api-dev.yondr.es

First seen 2025-12-09 01:02
Last seen 2026-01-09 05:28
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b42f53d0da0cbdc06edc8db34fa632b41d3841d6c

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/v1/profiles/{profileId}/blocks/{username}
DELETE /api/v1/profiles/{profileId}/followers/{username}
DELETE /api/v1/profiles/{profileId}/followings/{username}
GET /api/v0/**
GET /api/v1/admin/exercises
GET /api/v1/admin/exercises/{id}
GET /api/v1/calendar/search
GET /api/v1/community/exercises/suggested
GET /api/v1/community/exercises/trending
GET /api/v1/community/posts
GET /api/v1/community/posts/{id}
GET /api/v1/community/posts/{id}/comments
GET /api/v1/community/posts/{id}/comments/{commentId}
GET /api/v1/community/posts/{id}/comments/{commentId}/likes
GET /api/v1/community/posts/{id}/likes
GET /api/v1/community/training-plans/suggested
GET /api/v1/community/training-plans/trending
GET /api/v1/community/workouts/suggested
GET /api/v1/community/workouts/trending
GET /api/v1/exercises
GET /api/v1/exercises/{id}
GET /api/v1/exercises/{id}/sets
GET /api/v1/profiles
GET /api/v1/profiles/{profileId}
GET /api/v1/profiles/{profileId}/blocks
GET /api/v1/profiles/{profileId}/followers
GET /api/v1/profiles/{profileId}/followings
GET /api/v1/profiles/{profileId}/trainings
GET /api/v1/records/
GET /api/v1/records/{id}
GET /api/v1/search/workouts
GET /api/v1/support/questions/{id}
GET /api/v1/support/tutorials
GET /api/v1/tags
GET /api/v1/track/exercises/{id}
GET /api/v1/training-plans
GET /api/v1/training-plans/{id}
GET /api/v1/training-plans/{id}/days
GET /api/v1/training-plans/{id}/workouts/{workoutId}/series/{serieId}
GET /api/v1/users/configuration/notifications
GET /api/v1/users/me
GET /api/v1/users/notifications
GET /api/v1/users/notifications/unread
GET /api/v1/workouts
GET /api/v1/workouts/{id}
GET /api/v1/workouts/{id}/series
GET /api/v1/workouts/{id}/series/{serieId}
POST /api/v1/exercises/{id}/clone
POST /api/v1/exercises/{id}/like
POST /api/v1/exercises/{id}/publish
POST /api/v1/exercises/{id}/send
POST /api/v1/exercises/{id}/star
POST /api/v1/support/questions
POST /api/v1/support/reports
POST /api/v1/support/share-links
POST /api/v1/training-plans/{id}/clone
POST /api/v1/training-plans/{id}/publish
POST /api/v1/training-plans/{id}/schedule
POST /api/v1/training-plans/{id}/send
POST /api/v1/training-plans/{id}/star
POST /api/v1/training-plans/{id}/unschedule
POST /api/v1/training-plans/{id}/workouts/{workoutId}/series/{serieId}/exercises/{exerciseId}/replace/{newExerciseId}
POST /api/v1/users
POST /api/v1/users/activation-confirmation
POST /api/v1/users/change-email
POST /api/v1/users/change-email-confirmation
POST /api/v1/users/change-password
POST /api/v1/users/check
POST /api/v1/users/devices
POST /api/v1/users/login
POST /api/v1/users/notifications/read
POST /api/v1/users/refresh
POST /api/v1/users/reset-password-confirmation
POST /api/v1/users/reset-password-request
POST /api/v1/workouts/{id}/clone
POST /api/v1/workouts/{id}/complete
POST /api/v1/workouts/{id}/like
POST /api/v1/workouts/{id}/publish
POST /api/v1/workouts/{id}/schedule
POST /api/v1/workouts/{id}/send
POST /api/v1/workouts/{id}/series/{serieId}/exercises/{exerciseId}/replace/{newExerciseId}
POST /api/v1/workouts/{id}/star
POST /api/v1/workouts/{id}/unschedule
PUT /api/v1/training-plans/{id}/workouts/{workoutId}
PUT /api/v1/training-plans/{id}/workouts/{workoutId}/exercises/{exerciseId}/sets
PUT /api/v1/training-plans/{id}/workouts/{workoutId}/series
PUT /api/v1/training-plans/{id}/workouts/{workoutId}/series/{serieId}/exercises/{exerciseId}
PUT /api/v1/workouts/{id}/exercises/{exerciseId}/sets
PUT /api/v1/workouts/{id}/series/{serieId}/exercises/{exerciseId}

Found on 2026-01-09 05:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev.api.wallets.hotlens.com
Port: 443
URL: https://dev.api.wallets.hotlens.com

First seen 2025-11-14 00:33
Last seen 2026-01-09 05:20
Open for 56 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a1b940095ae9f6f7faf6065493033ae0ab142d70

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/PlayerWallets/backoffice/players-deposits
GET /api/PlayerWallets/backoffice/players-token-wallet-transactions
GET /api/PlayerWallets/backoffice/players-token-wallets
GET /api/PlayerWallets/backoffice/players-wallet-transactions
GET /api/PlayerWallets/backoffice/players-wallets
GET /api/PlayerWallets/backoffice/players-withdrawals
GET /api/PlayerWallets/backoffice/transfer-fivebet-coins
GET /api/PlayerWallets/transfer-fivebet-coins
GET /api/PlayerWallets/withdrawals
GET /api/Wallets
GET /api/Wallets/backoffice/bonus-wallets
GET /api/Wallets/backoffice/players-currency-statistics
GET /api/Wallets/backoffice/players-statistics
GET /api/Wallets/bonus-wallets
GET /api/Wallets/deposits
GET /api/Wallets/deposits-statistics
GET /api/Wallets/wallet
GET /api/Wallets/withdrawals-statistics
GET /api/WalletsStatistics/backoffice/deposits-statistics
GET /api/WalletsStatistics/backoffice/wallets-statistics
GET /api/WalletsStatistics/backoffice/withdrawals-statistics
GET /api/WalletsStatistics/withdrawals-statistics
HEAD /api/PlayerWallets/health-check
HEAD /api/Vaultody/health-check
HEAD /api/Wallets/health-check
HEAD /api/WalletsStatistics/health-check
POST /api/Vaultody/confirmed-deposit-callback
POST /api/Vaultody/confirmed-token-deposit-callback
POST /api/Vaultody/confirmed-withdrawal-callback
POST /api/Wallets/backoffice/fix-player-token-wallet
POST /api/Wallets/fee
POST /api/Wallets/withdrawal
POST /api/Wallets/withdrawal-token
PUT /api/PlayerWallets/backoffice/block-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/block-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-withdrawal
PUT /api/Wallets/backoffice/adjust-bonus-wallet-balance
PUT /api/Wallets/backoffice/adjust-token-wallet-balance
PUT /api/Wallets/backoffice/adjust-wallet-balance
PUT /api/Wallets/backoffice/confirm-withdrawal
PUT /api/Wallets/backoffice/decline-withdrawal
PUT /api/Wallets/switch-wallet/{currency}

Found on 2026-01-09 05:20

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a1b940095ae9f6f7faf6065493033ae0ba31ea72

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/PlayerWallets/backoffice/players-deposits
GET /api/PlayerWallets/backoffice/players-token-wallet-transactions
GET /api/PlayerWallets/backoffice/players-token-wallets
GET /api/PlayerWallets/backoffice/players-wallet-transactions
GET /api/PlayerWallets/backoffice/players-wallets
GET /api/PlayerWallets/backoffice/players-withdrawals
GET /api/PlayerWallets/backoffice/transfer-fivebet-coins
GET /api/PlayerWallets/transfer-fivebet-coins
GET /api/PlayerWallets/withdrawals
GET /api/Wallets
GET /api/Wallets/backoffice/bonus-wallets
GET /api/Wallets/backoffice/players-currency-statistics
GET /api/Wallets/backoffice/players-statistics
GET /api/Wallets/bonus-wallets
GET /api/Wallets/deposits
GET /api/Wallets/deposits-statistics
GET /api/Wallets/wallet
GET /api/Wallets/withdrawals-statistics
GET /api/WalletsStatistics/backoffice/deposits-statistics
GET /api/WalletsStatistics/backoffice/wallets-statistics
GET /api/WalletsStatistics/backoffice/withdrawals-statistics
GET /api/WalletsStatistics/withdrawals-statistics
HEAD /api/PlayerWallets/health-check
HEAD /api/Vaultody/health-check
HEAD /api/Wallets/health-check
HEAD /api/WalletsStatistics/health-check
POST /api/Vaultody/confirmed-deposit-callback
POST /api/Vaultody/confirmed-token-deposit-callback
POST /api/Vaultody/confirmed-token-withdrawal-callback
POST /api/Vaultody/confirmed-withdrawal-callback
POST /api/Wallets/backoffice/fix-player-token-wallet
POST /api/Wallets/fee
POST /api/Wallets/withdrawal
POST /api/Wallets/withdrawal-token
PUT /api/PlayerWallets/backoffice/block-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/block-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-withdrawal
PUT /api/Wallets/backoffice/adjust-bonus-wallet-balance
PUT /api/Wallets/backoffice/adjust-token-wallet-balance
PUT /api/Wallets/backoffice/adjust-wallet-balance
PUT /api/Wallets/backoffice/confirm-withdrawal
PUT /api/Wallets/backoffice/decline-withdrawal
PUT /api/Wallets/switch-wallet/{currency}

Found on 2025-12-11 09:11

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a1b940096675db9a1a0712c7c851a9fe24a0a0aa

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/PlayerWallets/backoffice/players-deposits
GET /api/PlayerWallets/backoffice/players-token-wallets
GET /api/PlayerWallets/backoffice/players-wallets
GET /api/PlayerWallets/backoffice/players-withdrawals
GET /api/PlayerWallets/backoffice/transfer-fivebet-coins
GET /api/PlayerWallets/transfer-fivebet-coins
GET /api/PlayerWallets/withdrawals
GET /api/Wallets
GET /api/Wallets/backoffice/bonus-wallets
GET /api/Wallets/backoffice/players-currency-statistics
GET /api/Wallets/backoffice/players-statistics
GET /api/Wallets/bonus-wallets
GET /api/Wallets/deposits
GET /api/Wallets/deposits-statistics
GET /api/Wallets/wallet
GET /api/Wallets/withdrawals-statistics
GET /api/WalletsStatistics/backoffice/deposits-statistics
GET /api/WalletsStatistics/backoffice/wallets-statistics
GET /api/WalletsStatistics/backoffice/withdrawals-statistics
GET /api/WalletsStatistics/withdrawals-statistics
HEAD /api/PlayerWallets/health-check
HEAD /api/Vaultody/health-check
HEAD /api/Wallets/health-check
HEAD /api/WalletsStatistics/health-check
POST /api/Wallets/backoffice/fix-player-token-wallet
POST /api/Wallets/fee
POST /api/Wallets/withdrawal
POST /api/Wallets/withdrawal-token
PUT /api/PlayerWallets/backoffice/block-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/block-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/block-player-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-bonus-wallet
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-token-wallet-withdrawal
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-deposit
PUT /api/PlayerWallets/backoffice/unblock-player-wallet-withdrawal
PUT /api/Wallets/backoffice/adjust-bonus-wallet-balance
PUT /api/Wallets/backoffice/adjust-token-wallet-balance
PUT /api/Wallets/backoffice/adjust-wallet-balance
PUT /api/Wallets/backoffice/confirm-withdrawal
PUT /api/Wallets/backoffice/decline-withdrawal
PUT /api/Wallets/switch-wallet/{currency}

Found on 2025-12-01 11:43

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: app.edpay.no
Port: 443
URL: https://app.edpay.no

First seen 2025-11-29 00:35
Last seen 2026-01-09 05:10
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b26756a6626756a6626756a6626756a6626756a66
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /events/{eventType}
```
  Found on 2026-01-09 05:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.haziram.com
Port: 80
URL: http://api.haziram.com

First seen 2025-10-31 11:14
Last seen 2026-01-09 04:59
Open for 69 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 04:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.dev.maccosmeticsvip.es
Port: 443
URL: https://api.dev.maccosmeticsvip.es

First seen 2025-10-15 00:36
Last seen 2026-01-09 04:51
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 04:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: lowpulse.run
Port: 443
URL: https://lowpulse.run

First seen 2025-11-14 03:23
Last seen 2026-01-09 04:39
Open for 56 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5624fa3b1eb0f93fed6ec12ec24d3726868a32c60

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /bestefforts/pb/{effortId}
DELETE /garmin/disconnect
DELETE /template/{id}
DELETE /user/{id}/deactivate
DELETE /vdot/{id}
GET /activities
GET /activities/statistics/{id}
GET /activities/{id}
GET /api/training/current-month
GET /bestefforts/pb/{userId}
GET /garmin/activities/{id}
GET /garmin/config
GET /garmin/health-data/{id}
GET /garmin/redirect
GET /note
GET /note/{id}
GET /payment/{id}
GET /plan
GET /plan/{id}
GET /race/all
GET /race/distances/{raceId}/{userId}
GET /race/user/{userId}
GET /race/{id}
GET /strava/user/{id}
GET /template
GET /template/all
GET /template/tempo
GET /user
GET /user/all
GET /user/allDeleted
GET /user/allInactive
GET /user/coaches
GET /user/no_training
GET /user/{id}
GET /user/{id}/planCompletion
GET /user/{id}/vdot
GET /user/{id}/zones
PATCH /user/{id}/activate
POST /bestefforts/pb
POST /bestefforts/pb/count/{userId}
POST /bestefforts/{id}
POST /garmin/webhook
POST /payment
POST /payment/addMonth/{id}
POST /plan/{id}/garmin-training
POST /race
POST /race/addToRace
POST /strava/sync/training/{id}
POST /strava/sync/trainings/{id}
POST /strava/sync/{id}
POST /strava/syncDate/{id}
POST /user/onboard
POST /user/{id}/price
POST /vdot/count
POST /vdot/setActive/{id}

Found on 2026-01-09 04:39

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.o2e.sa
Port: 80
URL: http://www.o2e.sa

First seen 2025-11-21 02:39
Last seen 2026-01-09 04:32
Open for 49 days

Severity: info
Fingerprint: 5733ddf49ff49cd110a331ecb3069b91a7defb6a429d57bd48c622f39d1a37c7

Public Swagger UI/API detected at path: /v2/api-docs - sample paths:
DELETE /api/account/{email}
DELETE /api/admin/users/{id}
DELETE /api/bookmarks/offer/{id}
DELETE /api/family-user/{email}
GET /api/account
GET /api/admin/admin-users
GET /api/admin/advertising
GET /api/admin/advertising/{id}
GET /api/admin/catering-requests
GET /api/admin/catering-requests/{id}
GET /api/admin/company/{companyId}/users
GET /api/admin/company/{companyId}/users/filter
GET /api/admin/dashboard
GET /api/admin/dashboard/redeemers
GET /api/admin/gifts
GET /api/admin/report
GET /api/admin/report/businesses
GET /api/admin/report/consumed-offer-per-business
GET /api/admin/report/most-visited-business
GET /api/admin/report/offers
GET /api/admin/report/pdf
GET /api/admin/report/redeemers
GET /api/admin/report/top-users
GET /api/admin/report/users
GET /api/admin/report/xlsx
GET /api/admin/users
GET /api/admin/users/list
GET /api/admin/users/{login}
GET /api/authenticate
GET /api/authorities
GET /api/bookmarks
GET /api/bookmarks/{id}
GET /api/business-categories
GET /api/business-categories-page
GET /api/business-categories/{id}
GET /api/businesses
GET /api/businesses/summary
GET /api/businesses/{id}
GET /api/businesses/{id}/visited
GET /api/companies
GET /api/companies/list
GET /api/companies/{id}
GET /api/company-admins
GET /api/company-admins/{id}
GET /api/company-types
GET /api/company-types/{id}
GET /api/config/whatsapp
GET /api/contact-us
GET /api/contact-us/{id}
GET /api/contacts
GET /api/contacts/{id}
GET /api/enabled/businesses
GET /api/generate-qr
GET /api/gifts
GET /api/gifts/count
GET /api/gifts/{id}
GET /api/join-us
GET /api/join-us/{id}
GET /api/locations
GET /api/locations/{id}
GET /api/mobile/advertising
GET /api/notifications
GET /api/notifications/{id}
GET /api/offer-logs/company/{companyId}
GET /api/offers
GET /api/offers/available-priority
GET /api/offers/exclusive
GET /api/offers/with-priority
GET /api/offers/{id}
GET /api/scan-qr
GET /api/storges/{uuid}
GET /api/users
GET /api/v2/offers
PATCH /api/admin/user/{id}
POST /api/account/change-password
POST /api/account/family/reset-password/finish
POST /api/account/resend-otp
POST /api/account/reset-password/check
POST /api/account/reset-password/finish
POST /api/account/reset-password/init
POST /api/activate
POST /api/businesses/bulk
POST /api/family-user
POST /api/migrate/files
POST /api/offer
POST /api/offer-logs
POST /api/offers/{id}/priority
POST /api/register
POST /api/support

Found on 2026-01-09 04:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: userapi.neslotech.co.za
Port: 80
URL: http://userapi.neslotech.co.za

First seen 2025-10-25 00:18
Last seen 2026-01-09 04:18
Open for 76 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b98651d5b19cca270eb6bf91a517e5999a2b70b10

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /actuator
GET /actuator/health
GET /actuator/health/**
GET /api/v1/auth/auth/profile
GET /api/v1/auth/profile
GET /api/v1/directory
GET /api/v1/directory/{userId}
GET /api/v1/users
GET /api/v1/users/{userId}
GET /api/v1/users/{userId}/activate
GET /api/v1/users/{userId}/basic-profile
GET /error
PATCH /api/v1/users/users/{userId}
POST /api/v1/users/{userId}/addresses
POST /api/v1/users/{userId}/bank-details
POST /api/v1/users/{userId}/emergency-details
POST /api/v1/users/{userId}/employee-details
POST /api/v1/users/{userId}/role
POST /api/v1/users/{userId}/socials
PUT /api/v1/users/{userId}/addresses/{addressId}
PUT /api/v1/users/{userId}/bank-details/{bankDetailId}
PUT /api/v1/users/{userId}/emergency-details/{emergencyDetailId}
PUT /api/v1/users/{userId}/profile-image

Found on 2026-01-09 04:18

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.legisio.com
Port: 443
URL: https://api.legisio.com

First seen 2025-11-23 00:41
Last seen 2026-01-09 03:55
Open for 47 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b316633d74429b0e9d30c2cd05e71aa5128d9e09c

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /documents/{id}/files/{fileId}
DELETE /folders/{id}/directories/{directoryId}/files/{fileId}
DELETE /folders/{id}/intervenors/{intervenorId}
GET /admin/clients/{id}/logo
GET /calls
GET /dashboard/calendar
GET /dashboard/counters
GET /documents
GET /documents/{id}/files
GET /events
GET /events/calendar
GET /folders
GET /folders/codes
GET /folders/{id}
GET /folders/{id}/directories
GET /folders/{id}/directories/{directoryId}/files
GET /folders/{id}/documents
GET /folders/{id}/events
GET /folders/{id}/historic
GET /folders/{id}/intervenors
GET /folders/{id}/invoices
GET /folders/{id}/tasks
GET /invoices
GET /invoices/{id}
GET /invoices/{id}/download
GET /jurisdictions
GET /letters
GET /tasks
GET /templates
GET /users
GET /users/{id}
GET /wopi/files/{name}
GET /wopi/files/{name}/contents
PATCH /calls/{id}/markAsPinned/{isPinned}
PATCH /documents/{id}/files/
PATCH /events/{id}/calendar
PATCH /events/{id}/markAsPinned/{isPinned}
PATCH /folders/{id}/directories/{directoryId}/files/
PATCH /invoices/{id}/markAsPaid
PATCH /letters/{id}/markAsExecuted/{isPinned}
PATCH /tasks/{id}/markAsExecuted/{isPinned}
POST /admin/clients
PUT /admin/clients/{id}
PUT /calls/{id}
PUT /documents/{id}
PUT /events/{id}
PUT /folders/{id}/archive
PUT /folders/{id}/directories/{directoryId}
PUT /letters/{id}
PUT /tasks/{id}

Found on 2026-01-09 03:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev-app.whomie.com
Port: 80
URL: http://dev-app.whomie.com

First seen 2025-10-19 00:09
Last seen 2026-01-09 03:24
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8cfe9986fd4d0bd11f3eb74b88bdaca4c03b8874

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /apple/flags
GET /apple/flags/with-version
GET /apple/redirect
GET /apple/url
GET /auth/check-password-reset-code
GET /auth/email-check/{email}
GET /chatrooms
GET /chatrooms/exists/{userId1}/{userId2}
GET /force-update/flags/with-version
GET /linkedin/callback
GET /linkedin/redirect
GET /linkedin/url
GET /profile/app-language
GET /profile/single
GET /room-pool
GET /room-pool/single
GET /room-pool/{roomPostId}
GET /user-pool
GET /user-pool/{userId}
POST /apple/callback
POST /apple/complete-registration/{tempToken}
POST /apple/signin/{tempToken}
POST /auth/forgot-password
POST /auth/image-upload
POST /auth/password-reset
POST /auth/resend/verification-email
POST /auth/signin
POST /auth/signup
POST /auth/verify
POST /chatrooms/block-user
POST /contact-us
POST /google/complete-registration/{tempToken}
POST /google/initial-registration
POST /google/signin/{tempToken}
POST /linkedin/complete-registration/{tempToken}
POST /linkedin/initial-registration
POST /linkedin/signin/{tempToken}
POST /notification/send
POST /profile/image-upload
POST /profile/logout
POST /profile/update-last-login-date
POST /profile/update-push-token
POST /report
POST /room-pool/image-upload
PUT /profile

Found on 2026-01-09 03:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.el-chrono.com
Port: 80
URL: http://api.el-chrono.com

First seen 2025-10-26 00:16
Last seen 2026-01-09 03:24
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 03:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api-bokslink.boks.app
Port: 443
URL: https://api-bokslink.boks.app

First seen 2025-10-17 00:01
Last seen 2026-01-09 03:23
Open for 84 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495dcf96021d090d403dc8079fd32fc6e13295f002

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/click-and-collect/pre-bookings/{preBookingId}
DELETE /api/sites/{siteId}/configurations/{key}
GET /api/boks
GET /api/boks/single
GET /api/boks/{boksId}
GET /api/boks/{boksId}/keyboard-code
GET /api/click-and-collect/locate
GET /api/click-and-collect/pre-bookings
GET /api/parcel-deliveries
GET /api/parcel-deliveries/canceled
GET /api/parcel-deliveries/retrieved
GET /api/pcbs/single
GET /api/sites/group-names
GET /api/sites/{siteId}
GET /api/user-boks-associations
GET /api/users
GET /api/users/{userId}
POST /api/boks/disassemble
POST /api/click-and-collect/carrier-loadings/{operationId}/drop
POST /api/meta-sites
POST /api/parcel-deliveries/click-and-collect/carrier-loading-operations
POST /api/parcel-deliveries/retrieve
POST /api/parcel-deliveries/{parcelDeliveryId}/cancel
POST /api/parcel-deliveries/{parcelDeliveryId}/deliver
POST /api/parcel-deliveries/{parcelDeliveryId}/drop
POST /api/parcel-deliveries/{parcelDeliveryId}/retrieve
POST /api/remote-ble-deliveries
POST /api/sites
POST /api/sites/{siteId}/configurations
POST /api/sites/{siteId}/manager-invitations
POST /api/support-tickets
POST /api/support-tickets/{supportTicketId}/maintenance-actions
POST /api/support-tickets/{supportTicketId}/return-actions
POST /api/support-tickets/{supportTicketId}/shipping-actions
POST /your-configured-webhook-path-on-your-server-for-cell-loading
POST /your-configured-webhook-path-on-your-server-for-cell-retrieved
PUT /api/parcel-deliveries/{parcelDeliveryId}
PUT /api/user-boks-associations/{userBoksAssociationId}

Found on 2026-01-09 03:23

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: forms.aceenglishmalta.com
Port: 443
URL: https://forms.aceenglishmalta.com

First seen 2025-12-12 00:48
Last seen 2026-01-09 02:48
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 02:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: backoffice.caphandicap.fr
Port: 443
URL: https://backoffice.caphandicap.fr

First seen 2025-11-23 01:11
Last seen 2026-01-09 02:39
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497ec0dcfaa5c91e9dbf5cc23f5ec0b4829fb24677
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /v1/users/{userId}
GET /v1/certificates
GET /v1/certificates/{academy}
GET /v1/certificates/{academy}/{department}
GET /v1/certificates/{certificateTemplateId}/generate
GET /v1/metadata
GET /v1/metadata/{academyId}
GET /v1/metadata/{academyId}/{departmentId}
GET /v1/projects
GET /v1/projects/{projectId}
GET /v1/referential
GET /v1/referential/{academyId}
GET /v1/users
GET /v1/users/current
POST /v1/login
POST /v1/mail
POST /v1/projects/{projectId}/file/{metadataCode}
```
  Found on 2026-01-09 02:39
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.altlas-app.com
Port: 80
URL: http://api.altlas-app.com

First seen 2025-11-16 00:34
Last seen 2026-01-09 01:35
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 01:35
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev-app.whomie.com
Port: 443
URL: https://dev-app.whomie.com

First seen 2025-10-19 00:09
Last seen 2026-01-09 01:20
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8cfe9986fd4d0bd11f3eb74b88bdaca4c03b8874

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /apple/flags
GET /apple/flags/with-version
GET /apple/redirect
GET /apple/url
GET /auth/check-password-reset-code
GET /auth/email-check/{email}
GET /chatrooms
GET /chatrooms/exists/{userId1}/{userId2}
GET /force-update/flags/with-version
GET /linkedin/callback
GET /linkedin/redirect
GET /linkedin/url
GET /profile/app-language
GET /profile/single
GET /room-pool
GET /room-pool/single
GET /room-pool/{roomPostId}
GET /user-pool
GET /user-pool/{userId}
POST /apple/callback
POST /apple/complete-registration/{tempToken}
POST /apple/signin/{tempToken}
POST /auth/forgot-password
POST /auth/image-upload
POST /auth/password-reset
POST /auth/resend/verification-email
POST /auth/signin
POST /auth/signup
POST /auth/verify
POST /chatrooms/block-user
POST /contact-us
POST /google/complete-registration/{tempToken}
POST /google/initial-registration
POST /google/signin/{tempToken}
POST /linkedin/complete-registration/{tempToken}
POST /linkedin/initial-registration
POST /linkedin/signin/{tempToken}
POST /notification/send
POST /profile/image-upload
POST /profile/logout
POST /profile/update-last-login-date
POST /profile/update-push-token
POST /report
POST /room-pool/image-upload
PUT /profile

Found on 2026-01-09 01:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: portail.client.wesharetrust.com
Port: 80
URL: http://portail.client.wesharetrust.com

First seen 2025-11-26 00:11
Last seen 2026-01-09 00:59
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 00:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: cgm.mylar.me
Port: 443
URL: https://cgm.mylar.me

First seen 2025-10-18 18:23
Last seen 2026-01-08 23:14
Open for 82 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43a0a0e27f0caf932a9a8a33844143bc8a7d7a85ff
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /devicestatus/{spec}
DELETE /treatments/{spec}
GET /devicestatus/
GET /echo/{storage}/{spec}
GET /entries
GET /entries/{spec}
GET /profile
GET /slice/{storage}/{field}/{type}/{prefix}/{regex}
GET /status
GET /times/echo/{prefix}/{regex}
GET /times/{prefix}/{regex}
GET /treatments
```
  Found on 2026-01-08 23:14
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: proto.sportio.sk
Port: 443
URL: https://proto.sportio.sk

First seen 2025-11-20 00:42
Last seen 2026-01-08 22:16
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-08 22:16
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: cgm.miles.diy
Port: 443
URL: https://cgm.miles.diy

First seen 2025-10-25 00:16
Last seen 2026-01-08 22:15
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43a0a0e27f0caf932a9a8a33844143bc8a7d7a85ff
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /devicestatus/{spec}
DELETE /treatments/{spec}
GET /devicestatus/
GET /echo/{storage}/{spec}
GET /entries
GET /entries/{spec}
GET /profile
GET /slice/{storage}/{field}/{type}/{prefix}/{regex}
GET /status
GET /times/echo/{prefix}/{regex}
GET /times/{prefix}/{regex}
GET /treatments
```
  Found on 2026-01-08 22:15
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: express-web-dev.cydeneapi.com
Port: 80
URL: http://express-web-dev.cydeneapi.com

First seen 2025-11-16 00:24
Last seen 2026-01-08 22:02
Open for 53 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354985a0f8ad4323bfe81f6e6a28dbaf0606b80b22e3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /auth/forgot-password/{email}
GET /auth/profile
GET /auth/register/resend/{email}
GET /billswewe/categories
GET /billswewe/category/{category}/providers
GET /billswewe/data/bundles/{service_type}
GET /billswewe/direct/fee/{category}
GET /billswewe/power/purchase/receipt/{reference}
GET /billswewe/tv/cable/plans/addons/{service_type}/{product_code}
GET /billswewe/tv/cable/plans/{service_type}
GET /billswewe/tv/streaming/plans/{service_type}
GET /billswewe/tv/validate/{service_type}/{card_number}
GET /general/statistics
GET /payment/gateways
GET /payment/history
GET /payment/validate/{reference}
GET /user/account/tiers
GET /user/account/upgrade/status
GET /user/referrals/{skip}/{limit}
GET /wallet
GET /wallet/banks/lists
GET /wallet/transactions
GET /wallet/transactions/{reference}
POST /auth/change-password
POST /auth/login
POST /auth/pre-login
POST /auth/pre-register
POST /auth/register
POST /auth/reset-password
POST /auth/validate-otp
POST /auth/validate-register
POST /billswewe/airtime/purchase/direct
POST /billswewe/airtime/purchase/wallet
POST /billswewe/data/purchase/direct
POST /billswewe/data/purchase/wallet
POST /billswewe/power/meter/validate
POST /billswewe/power/purchase/direct
POST /billswewe/power/purchase/wallet
POST /billswewe/tv/cable/change/wallet
POST /billswewe/tv/cable/renew/wallet
POST /billswewe/tv/renew/direct
POST /otp/email/send
POST /otp/sms/send
POST /payment/flutterwave/webhook
POST /user/account/upgrade
POST /user/validate-phone
POST /wallet/bank/account/generate
POST /wallet/bank/account/transfer
POST /wallet/bank/account/validate
PUT /wallet/change-pin
PUT /wallet/create-pin
PUT /wallet/reset-pin

Found on 2026-01-08 22:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354985a0f8ad4323bfe81f6e6a28456e46ae2ae7faeb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /auth/forgot-password/{email}
GET /auth/profile
GET /auth/register/resend/{email}
GET /bills/categories
GET /bills/category/{category}/providers
GET /bills/data/bundles/{service_type}
GET /bills/direct/fee/{category}
GET /bills/power/purchase/receipt/{reference}
GET /bills/tv/cable/plans/addons/{service_type}/{product_code}
GET /bills/tv/cable/plans/{service_type}
GET /bills/tv/streaming/plans/{service_type}
GET /bills/tv/validate/{service_type}/{card_number}
GET /general/statistics
GET /payment/gateways
GET /payment/history
GET /payment/validate/{reference}
GET /user/account/tiers
GET /user/account/upgrade/status
GET /user/referrals/{skip}/{limit}
GET /wallet
GET /wallet/banks/lists
GET /wallet/transactions
GET /wallet/transactions/{reference}
POST /auth/change-password
POST /auth/login
POST /auth/pre-login
POST /auth/pre-register
POST /auth/register
POST /auth/reset-password
POST /auth/validate-otp
POST /auth/validate-register
POST /bills/airtime/purchase/direct
POST /bills/airtime/purchase/wallet
POST /bills/data/purchase/direct
POST /bills/data/purchase/wallet
POST /bills/power/meter/validate
POST /bills/power/purchase/direct
POST /bills/power/purchase/wallet
POST /bills/tv/cable/change/wallet
POST /bills/tv/cable/renew/wallet
POST /bills/tv/renew/direct
POST /otp/email/send
POST /otp/sms/send
POST /payment/flutterwave/webhook
POST /user/account/upgrade
POST /user/validate-phone
POST /wallet/bank/account/generate
POST /wallet/bank/account/transfer
POST /wallet/bank/account/validate
PUT /wallet/change-pin
PUT /wallet/create-pin
PUT /wallet/reset-pin

Found on 2025-11-16 00:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.enucuzvilla.com
Port: 80
URL: http://api.enucuzvilla.com

First seen 2025-11-05 00:01
Last seen 2026-01-08 20:32
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5014b6d7c77d410a664d2185f4c8e3816375a0eb3

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /currencies/{id}
DELETE /slider-images/{id}
DELETE /villas/{villaId}/details/bedroom/{id}
DELETE /villas/{villaId}/details/pool/{id}
DELETE /villas/{villaId}/details/special-details/{id}
GET /blog-categories
GET /blog-categories/filter-slugified-name/{slugifiedName}
GET /blog-categories/titles
GET /blog-categories/{id}
GET /blogs
GET /blogs/category/{categoryId}
GET /blogs/filter-slugified-title/{slugifiedTitle}
GET /blogs/titles
GET /blogs/{id}
GET /categories
GET /categories/filter-slugified-name/{slugifiedName}
GET /categories/name/{name}
GET /categories/titles
GET /categories/{id}
GET /cities
GET /cities/filter-slugified-name/{slugifiedName}
GET /cities/name/{name}
GET /cities/{id}
GET /contents
GET /contents/key/content/{key}
GET /contents/key/{key}
GET /contents/{id}
GET /coupons
GET /coupons/applyCoupon
GET /coupons/code/{code}
GET /coupons/{id}
GET /currencies
GET /features
GET /features/name/{name}
GET /features/{id}
GET /invoices
GET /messages
GET /messages/{id}
GET /offers
GET /offers/{villaPriceAdjustmentId}
GET /page-datas
GET /page-datas/all
GET /payments
GET /profile
GET /regions
GET /regions/filter-slugified-name/{slugifiedName}
GET /regions/find-villa-count
GET /regions/name/{name}
GET /regions/titles
GET /regions/{id}
GET /slider-images
GET /slider-images/{groupId}
GET /villas
GET /villas/date-restrictions
GET /villas/date-restrictions/{id}
GET /villas/filter
GET /villas/filter-slugified-name/{slugifiedName}
GET /villas/filter/{id}
GET /villas/images/{villaId}
GET /villas/images/{villaId}/{id}
GET /villas/more-populer-villas
GET /villas/reservations
GET /villas/reservations/search
GET /villas/reservations/{id}
GET /villas/short-term
GET /villas/short-term/count
GET /villas/titles
GET /villas/{id}
GET /villas/{id}/get-features
GET /villas/{villaId}/details
GET /villas/{villaId}/locations
GET /villas/{villaId}/prices
GET /villas/{villaId}/prices/adjustments
GET /villas/{villaId}/prices/adjustments/{id}
PATCH /coupons/changeStatus
PATCH /slider-images/update-slider-images-item-order
PATCH /villas/images/{villaId}/set-main
PATCH /villas/images/{villaId}/sort
PATCH /villas/images/{villaId}/update-villa-images-item-order
PATCH /villas/{id}/change-status
PATCH /villas/{id}/set-features
POST /contents/{key}
POST /login
POST /payments/enrollment/{bookingNumber}
PUT /avatar
PUT /changepassword
PUT /page-datas/{id}

Found on 2026-01-08 20:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: driverinfoapp.saubermacher.at
Port: 443
URL: https://driverinfoapp.saubermacher.at

First seen 2025-11-05 00:51
Last seen 2026-01-08 20:32
Open for 64 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-08 20:32
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.nhood-fillit-staging.com
Port: 443
URL: https://www.nhood-fillit-staging.com

First seen 2025-11-06 00:53
Last seen 2026-01-05 01:59
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa314dad5538f763d11fd3f9f076610301a2249f3e6

GraphQL introspection enabled at /graphql
Types: 44 (by kind: ENUM: 2, INPUT_OBJECT: 2, OBJECT: 34, SCALAR: 6)
Operations:
- Query: Query | fields: amenities, amenitiesByOrganisation, cartBookings, getUser, listing
- Mutation: Mutation | fields: createBooking, deleteBooking
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-05 01:59

71.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa314dad5538f763d11a67dd9160e730fc975580cf5

GraphQL introspection enabled at /graphql
Types: 44 (by kind: ENUM: 2, INPUT_OBJECT: 2, OBJECT: 34, SCALAR: 6)
Operations:
- Query: Query | fields: amenities, cartBookings, getUser, listing, listingGroup
- Mutation: Mutation | fields: createBooking, deleteBooking
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-30 16:36

67.8 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: geekbattle.online
Port: 443
URL: https://geekbattle.online

First seen 2025-10-20 01:54
Last seen 2026-01-05 00:51
Open for 76 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35f773b01ebe7868340a077bdee03c39ed61d8088
```
GraphQL introspection enabled at /graphql
Types: 59 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 48, SCALAR: 8)
Operations:
- Query: Query | fields: myProfile, myRegistration, registrationById, userProfileById, userProfiles
- Mutation: Mutation | fields: updateRegistrationAnswers
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-05 00:51
  
  74.9 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.mgm.energy
Port: 443
URL: https://api.mgm.energy

First seen 2025-11-05 01:12
Last seen 2026-01-05 00:20
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-05 00:20

123.0 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: server.kingfluencers.com
Port: 443
URL: https://server.kingfluencers.com

First seen 2025-11-05 01:02
Last seen 2026-01-05 00:10
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2026-01-05 00:10
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3cb355b9fe2a3dc2d68d2da415e4886c90e2cef2d
```
GraphQL introspection enabled at /graphql
Types: 318 (by kind: ENUM: 43, INPUT_OBJECT: 77, INTERFACE: 8, OBJECT: 178, SCALAR: 12)
Operations:
- Query: QueryViewer | fields: node, viewer
- Mutation: Mutations | fields: invitationSignUp, logIn, logOut, signUp, updateTermsOfServiceAccepted
Directives: include, skip (total: 2)
```
  Found on 2026-01-05 00:10
  
  525.8 kBytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 52.223.53.203
Domain: system.jordanxavierchildrenshomes.co.uk
Port: 443
URL: https://system.jordanxavierchildrenshomes.co.uk

First seen 2025-09-05 13:42
Last seen 2026-01-04 00:59
Open for 120 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c2eda814e2eda814e2cd21bea437d53d840ac318f582f37fb
```
Found 6 files trough .DS_Store spidering:

/assets
/js
/uploads
/uploads/tmp
/uploads/tmp/1609181085-54346-0008-8900
/uploads/tmp/1609181157-54346-0009-4621
```
  Found on 2026-01-04 00:59
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc0363d38c76b490d2f17a837de1f8f9e8
```
Found 4 files trough .DS_Store spidering:

/assets
/js
/uploads
/uploads/tmp
```
  Found on 2025-11-21 10:53
- Severity: low
  Fingerprint: 5f32cf5d6962f09c4239b3d84239b3d86bfb45c8612ad1a940c4fe9f53df2b34
```
Found 8 files trough .DS_Store spidering:

/assets
/assets/images
/assets/js
/js
/uploads
/uploads/tmp
/uploads/tmp/1609181085-54346-0008-8900
/uploads/tmp/1609181157-54346-0009-4621
```
  Found on 2025-09-07 09:22
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: dev.api.menu.bigmammagroup.com
Port: 80
URL: http://dev.api.menu.bigmammagroup.com

First seen 2025-11-05 00:32
Last seen 2026-01-04 00:49
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3e10f8824569683a81ef3ffe5e73132a3ebae3f0f
```
GraphQL introspection enabled at /graphql
Types: 138 (by kind: ENUM: 6, INPUT_OBJECT: 39, OBJECT: 79, SCALAR: 11, UNION: 3)
Operations:
- Query: Query | fields: getAllProductsByMenu, getAvailableCategories, i18NLocale, uploadFile, uploadFiles
- Mutation: Mutation | fields: createUploadFile, deleteUploadFile, hideProduct, updateProductAvailablity, updateUploadFile
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-04 00:49
  
  246.9 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.thecaravaninsurer.co.uk
Port: 443
URL: https://cms.thecaravaninsurer.co.uk

First seen 2025-11-05 00:01
Last seen 2026-01-04 00:19
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3455e9b1d125dcb7fcdf31a8294331d899f81ff5d
```
GraphQL introspection enabled at /graphql
Types: 496 (by kind: ENUM: 29, INPUT_OBJECT: 141, OBJECT: 298, SCALAR: 19, UNION: 9)
Operations:
- Query: Query | fields: article, articles, articlesConnection, author, authors
- Mutation: Mutation | fields: createArticle, createAuthor, deleteArticle, updateArticle, updateAuthor
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-04 00:19
  
  465.3 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging.cms.polkastarter.com
Port: 80
URL: http://staging.cms.polkastarter.com

First seen 2025-11-12 00:14
Last seen 2026-01-03 00:58
Open for 52 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3bec81c8916e3acab1bbea694d0d6a62a57e8a29c
```
GraphQL introspection enabled at /graphql
Types: 374 (by kind: ENUM: 26, INPUT_OBJECT: 114, OBJECT: 217, SCALAR: 13, UNION: 4)
Operations:
- Query: Query | fields: project, quest, uploadFile, uploadFiles, uploadFolder
- Mutation: Mutation | fields: createUploadFile, createUploadFolder, deleteUploadFile, updateUploadFile, updateUploadFolder
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-03 00:58
  
  434.7 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.mairieendirect.fr
Port: 80
URL: http://api.mairieendirect.fr

First seen 2025-11-12 03:13
Last seen 2026-01-03 00:52
Open for 51 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3535d1057b4153785d102e641165d568e8777b498
```
GraphQL introspection enabled at /graphql
Types: 560 (by kind: ENUM: 17, INPUT_OBJECT: 102, OBJECT: 429, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: article, articles, articlesConnection, categories, category
- Mutation: Mutation | fields: createArticle, createCategory, deleteArticle, updateArticle, updateCategory
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-03 00:52
  
  476.0 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 3.33.249.164
Domain: www.mtn8predictor.com
Port: 443
URL: https://www.mtn8predictor.com

First seen 2025-10-22 00:25
Last seen 2026-01-03 00:48
Open for 73 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a366bee69

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2026-01-03 00:48

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ae90b2eb1

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-27 06:56

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ab804debd

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-12-25 07:35

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a81150987

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true]
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-23 07:56

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a499c58eb

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam...
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-21 00:51

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a393500dd

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : env=Live slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w...

Found on 2025-12-21 00:51

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5affa1ff05

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-19 06:19

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a1342476d

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-16 21:07

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a42d261ab

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam...
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-12-13 13:35

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a2507ced9

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-12-01 15:52

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ae8d43a3d

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-11-26 22:19

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a900a0a2b

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam...
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-11-23 08:06

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5abc9d2807

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true]
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-11-14 18:15

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a6c582e79

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : env=Live slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w...

Found on 2025-11-12 21:33

25.6 kBytes 9 rows

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.thecarinsurer.co.uk
Port: 443
URL: https://cms.thecarinsurer.co.uk

First seen 2025-11-12 01:23
Last seen 2026-01-03 00:31
Open for 51 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3455e9b1d125dcb7fcdf31a8294331d899f81ff5d
```
GraphQL introspection enabled at /graphql
Types: 496 (by kind: ENUM: 29, INPUT_OBJECT: 141, OBJECT: 298, SCALAR: 19, UNION: 9)
Operations:
- Query: Query | fields: article, articles, articlesConnection, author, authors
- Mutation: Mutation | fields: createArticle, createAuthor, deleteArticle, updateArticle, updateAuthor
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-03 00:31
  
  465.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: strapi.almanac.energy
Port: 443
URL: https://strapi.almanac.energy

First seen 2025-11-14 01:23
Last seen 2026-01-03 00:28
Open for 49 days

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c2305c76a

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2026-01-03 00:28

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cafc0cbf2

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-27 07:19

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cae81dd54

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-25 07:44

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cc2d92220

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru...
businessInformation (args: optional/default) : getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1

Found on 2025-12-23 09:57

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cfdcad2ce

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru...
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-21 09:45

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cbafeed4c

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-19 11:06

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cac47ece6

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-17 00:38

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cfaab2aaa

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-12-13 19:28

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c52cd9400

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 14:41

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cde2fe894

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c850d13e8

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cebd25ac6

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru...
businessInformation (args: optional/default) : updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c531f932a

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z
contactUs (args: optional/default) : created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1
courseDirectory (args: optional/default) : updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cb42fcfd6

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-01 19:09

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770ce05c288e

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-11-29 00:34

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cf22be3d4

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1

Found on 2025-11-27 06:06

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cd9620a2a

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z
courseDirectory (args: optional/default) : published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-23 05:55

433.7 kBytes 46 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c6de5e006

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-20 18:04

433.7 kBytes

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cdcd64c30

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-16 07:12

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770ca89aca1e

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cb2090cb0

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cb8ebca9a

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c3ac6dac8

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: back.aishka.pro
Port: 443
URL: https://back.aishka.pro

First seen 2025-10-29 00:49
Last seen 2026-01-03 00:16
Open for 65 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a150b216521241c6a483be140a7a79b3d8712bc7

GraphQL introspection enabled at /graphql
Types: 120 (by kind: ENUM: 10, INPUT_OBJECT: 9, OBJECT: 91, SCALAR: 7, UNION: 3)
Operations:
- Query: Query | fields: getChatsWithUnreadMessages, getClientWithMessages, getClientsByConnectedMsgrId, getMessengerCleients, getMessengerClientFull
- Mutation: Mutation | fields: clientNameUpdate, clientPhoneUpdate, markClientMessagesAsRead, onClientDelete, setClientBlockedParams
- Subscription: Subscription | fields: chatMessagesUpdated, clientVariablesUpdated, clientsUpdated, sendUpdatedClientToFront, unreadClients
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-03 00:16

272.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3943efb8816860eacf9d0339234db10190d46a335

GraphQL introspection enabled at /graphql
Types: 118 (by kind: ENUM: 10, INPUT_OBJECT: 9, OBJECT: 89, SCALAR: 7, UNION: 3)
Operations:
- Query: Query | fields: getChatsWithUnreadMessages, getClientWithMessages, getClientsByConnectedMsgrId, getMessengerCleients, getMessengerClientFull
- Mutation: Mutation | fields: clientNameUpdate, clientPhoneUpdate, markClientMessagesAsRead, onClientDelete, setClientBlockedParams
- Subscription: Subscription | fields: chatMessagesUpdated, clientVariablesUpdated, clientsUpdated, sendUpdatedClientToFront, unreadClients
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-16 19:54

268.6 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: test-api.allgravy.com
Port: 80
URL: http://test-api.allgravy.com

First seen 2025-10-29 12:06
Last seen 2026-01-03 00:07
Open for 65 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2026-01-03 00:07

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3374cb7e7209dfed505e1695c5cf1998d831c5f29

GraphQL introspection enabled at /graphql
Types: 1386 (by kind: ENUM: 210, INPUT_OBJECT: 325, INTERFACE: 2, OBJECT: 826, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-01 08:56

1.8 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d43b76cb6ad84649ac25bcf0e5bc7031c0e20c0d

GraphQL introspection enabled at /graphql
Types: 1381 (by kind: ENUM: 210, INPUT_OBJECT: 320, INTERFACE: 2, OBJECT: 826, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-27 10:39

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c8d06c4f415464dd2244d954bf8abb6560f28c31

GraphQL introspection enabled at /graphql
Types: 1376 (by kind: ENUM: 209, INPUT_OBJECT: 320, INTERFACE: 2, OBJECT: 822, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-22 18:06

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3326f790d005dd22f30c5ee06737c505fda118dc7

GraphQL introspection enabled at /graphql
Types: 1375 (by kind: ENUM: 208, INPUT_OBJECT: 320, INTERFACE: 2, OBJECT: 822, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-20 20:21

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33cc0b536219405a6eed699014cdbd0eaa18dc876

GraphQL introspection enabled at /graphql
Types: 1367 (by kind: ENUM: 205, INPUT_OBJECT: 318, INTERFACE: 2, OBJECT: 819, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-16 09:19

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa362d3ecd286603622ddc4514d4c075f16c4e5adf2

GraphQL introspection enabled at /graphql
Types: 1366 (by kind: ENUM: 205, INPUT_OBJECT: 318, INTERFACE: 2, OBJECT: 818, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-06 11:35

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa30bdb9bd0b53ee3147bd5d5f7534f6bf0272cbc20

GraphQL introspection enabled at /graphql
Types: 1365 (by kind: ENUM: 204, INPUT_OBJECT: 318, INTERFACE: 2, OBJECT: 818, SCALAR: 9, UNION: 14)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-03 11:37

1.7 MBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa335f2197f56a2cb4d8d134c44349209d5744cfbe1

GraphQL introspection enabled at /graphql
Types: 1358 (by kind: ENUM: 203, INPUT_OBJECT: 317, INTERFACE: 2, OBJECT: 814, SCALAR: 9, UNION: 13)
Operations:
- Query: Query | fields: getAccountCourseById, getAllCoursesByUserId, getColleagueCoursesByUserId, getPaginatedAccountCourses, getSuggestedCourseByUserId
- Mutation: Mutation | fields: createCourse, deleteCourse, duplicateCourse, publishCourse, updateCourse
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-29 12:06

1.7 MBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.laboratoire-analyse.com
Port: 80
URL: http://www.laboratoire-analyse.com

First seen 2025-11-01 06:47
Last seen 2026-01-02 23:37
Open for 62 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa36b59a51ebcb9400eca788ed0ffd9600ac4996faa
```
GraphQL introspection enabled at /graphql
Types: 19 (by kind: ENUM: 2, OBJECT: 12, SCALAR: 5)
Operations:
- Query: Query | fields: laboratories, laboratoriesAround, laboratory
- Mutation: Mutation | fields: testField
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 23:37
  
  25.2 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.onlinetrainerpro.com
Port: 443
URL: https://www.onlinetrainerpro.com

First seen 2025-11-01 06:47
Last seen 2026-01-02 23:37
Open for 62 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa30ddeca26dece5556a2960b6c3ee68ac0d31e1098
```
GraphQL introspection enabled at /graphql
Types: 64 (by kind: ENUM: 8, INPUT_OBJECT: 9, OBJECT: 42, SCALAR: 5)
Operations:
- Query: Query | fields: currentOrganization, currentUser
- Mutation: Mutation | fields: addTag, connectRespondentsToAccessToken, createAccessToken, createDirectAccessToken, createOneOffPayment
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 23:37
  
  82.3 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.equitoolzcreate.com
Port: 443
URL: https://www.equitoolzcreate.com

First seen 2025-11-02 00:08
Last seen 2026-01-02 23:37
Open for 61 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa30ddeca26dece5556a2960b6c3ee68ac0d31e1098
```
GraphQL introspection enabled at /graphql
Types: 64 (by kind: ENUM: 8, INPUT_OBJECT: 9, OBJECT: 42, SCALAR: 5)
Operations:
- Query: Query | fields: currentOrganization, currentUser
- Mutation: Mutation | fields: addTag, connectRespondentsToAccessToken, createAccessToken, createDirectAccessToken, createOneOffPayment
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 23:37
  
  82.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: uat.api.falsch-parker.ch
Port: 80
URL: http://uat.api.falsch-parker.ch

First seen 2025-10-29 01:08
Last seen 2026-01-02 23:35
Open for 65 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa333c43962f41e5b32791b7acaede662e70da948d7

GraphQL introspection enabled at /graphql
Types: 123 (by kind: ENUM: 6, INPUT_OBJECT: 70, OBJECT: 40, SCALAR: 7)
Operations:
- Query: Query | fields: driverReports, report, reports, reportsOfUser, userReportsAll
- Mutation: Mutation | fields: cancelReport, createObjectionToTicket, createReport, deliverVehicle, downloadReportPDF
Directives: deprecated, include, skip (total: 3)

Found on 2026-01-02 23:35

166.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3b26636c0deb55104fa5f9fcc821945ad194583bd

GraphQL introspection enabled at /graphql
Types: 124 (by kind: ENUM: 6, INPUT_OBJECT: 70, OBJECT: 41, SCALAR: 7)
Operations:
- Query: Query | fields: driverReports, report, reports, reportsOfUser, userReportsAll
- Mutation: Mutation | fields: cancelReport, createObjectionToTicket, createReport, deliverVehicle, downloadReportPDF
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-30 09:27

168.2 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3daab4f76c6b8f6667c04f6eead50aa0389f1cdd3

GraphQL introspection enabled at /graphql
Types: 127 (by kind: ENUM: 6, INPUT_OBJECT: 72, OBJECT: 42, SCALAR: 7)
Operations:
- Query: Query | fields: driverReports, report, reports, reportsOfUser, userReportsAll
- Mutation: Mutation | fields: cancelReport, createObjectionToTicket, createReport, deliverVehicle, downloadReportPDF
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-16 21:34

171.0 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: pvs-be-staging.sintrasviluppo.it
Port: 80
URL: http://pvs-be-staging.sintrasviluppo.it

First seen 2025-11-26 00:41
Last seen 2026-01-02 22:35
Open for 37 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa38196f4bf69eef20deda3b491375f03a1c2908815
```
GraphQL introspection enabled at /graphql
Types: 245 (by kind: ENUM: 2, INPUT_OBJECT: 73, OBJECT: 160, SCALAR: 9, UNION: 1)
Operations:
- Query: Query | fields: i18NLocale, uploadFile, uploadFiles, uploadFolder, uploadFolders
- Mutation: Mutation | fields: createUploadFile, createUploadFolder, deleteUploadFile, updateUploadFile, updateUploadFolder
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 22:35
  
  311.9 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: backend.jumbogroenewegen.com
Port: 443
URL: https://backend.jumbogroenewegen.com

First seen 2025-11-19 00:42
Last seen 2026-01-02 22:23
Open for 44 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa326d51fdecd884d4ebeb9463efcc63c83e4f5a06f

GraphQL introspection enabled at /graphql
Types: 519 (by kind: ENUM: 11, INPUT_OBJECT: 154, OBJECT: 342, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: aangevraagdeOfferte, aangevraagdeOffertes, aangevraagdeOffertesConnection, basisgegeven, configuratorTrailer
- Mutation: Mutation | fields: createAangevraagdeOfferte, deleteAangevraagdeOfferte, deleteBasisgegeven, updateAangevraagdeOfferte, updateBasisgegeven
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 22:23

522.1 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: booking.santaeulaliaferry.com
Port: 80
URL: http://booking.santaeulaliaferry.com

First seen 2025-11-27 00:08
Last seen 2026-01-02 21:54
Open for 36 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3513ffa115622d9d3561512a6753252b9471eb82d

GraphQL introspection enabled at /graphql
Types: 889 (by kind: ENUM: 28, INPUT_OBJECT: 191, OBJECT: 658, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: bono, bonos, bonosConnection, booking, bookings
- Mutation: Mutation | fields: createBono, createBooking, deleteBono, updateBono, updateBooking
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 21:54

787.7 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31d35ef2def90098fc5a3d092657ceb556fa15061

GraphQL introspection enabled at /graphql
Types: 888 (by kind: ENUM: 28, INPUT_OBJECT: 191, OBJECT: 657, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: bono, bonos, bonosConnection, booking, bookings
- Mutation: Mutation | fields: createBono, createBooking, deleteBono, updateBono, updateBooking
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-12-24 21:15

786.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37206087a6d90412a24d69d6376d503428afbdff4

GraphQL introspection enabled at /graphql
Types: 865 (by kind: ENUM: 28, INPUT_OBJECT: 186, OBJECT: 639, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: bono, bonos, bonosConnection, booking, bookings
- Mutation: Mutation | fields: createBono, createBooking, deleteBono, updateBono, updateBooking
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-12-01 10:41

769.5 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api-showcase.mehtajewellery.com
Port: 443
URL: https://api-showcase.mehtajewellery.com

First seen 2025-10-20 00:56
Last seen 2026-01-02 21:32
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa38b6c4907186678b5e3f5256472ec160ea20d5dbe
```
GraphQL introspection enabled at /graphql
Types: 24 (by kind: ENUM: 2, INPUT_OBJECT: 4, OBJECT: 15, SCALAR: 3)
Operations:
- Query: Query | fields: client
- Mutation: Mutation | fields: clientEnquiry, designDisliked, designLiked, designViewed
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 21:32
  
  30.1 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.gaetanlanzani.com
Port: 443
URL: https://api.gaetanlanzani.com

First seen 2025-11-14 03:03
Last seen 2026-01-02 21:31
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa388002af28d053a02f3f3dc0ffaf4d2c9f5e24c9d
```
GraphQL introspection enabled at /graphql
Types: 230 (by kind: ENUM: 3, INPUT_OBJECT: 56, OBJECT: 159, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: about, categories, categoriesConnection, category, cgl
- Mutation: Mutation | fields: createCategory, deleteAbout, deleteCategory, updateAbout, updateCategory
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 21:31
  
  214.2 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.scopify.work
Port: 80
URL: http://api.scopify.work

First seen 2025-12-08 00:50
Last seen 2026-01-02 21:25
Open for 25 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3b0b2c9f8fd9a391c9107d3ad7fde50956a3dc511
```
GraphQL introspection enabled at /graphql
Types: 19 (by kind: ENUM: 3, OBJECT: 11, SCALAR: 5)
Operations:
- Query: Query | fields: group, session
- Mutation: Mutation | fields: createGroup, createSession, finishSession, submitScore
Directives: include, skip (total: 2)
```
  Found on 2026-01-02 21:25
  
  35.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: achat.biooog.com
Port: 443
URL: https://achat.biooog.com

First seen 2025-12-09 00:33
Last seen 2026-01-02 20:35
Open for 24 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3f7d57388c30036ac6e0c003cebadcb5004691240

GraphQL introspection enabled at /graphql
Types: 152 (by kind: ENUM: 2, INPUT_OBJECT: 27, INTERFACE: 7, OBJECT: 108, SCALAR: 8)
Operations:
- Query: Query | fields: album, comment, follow, followsGroup, myPhoto
- Mutation: Mutation | fields: createAccessRemoval, createAccessRestoration, createAlbum, createAlbumPhoto, createAlbumShareConfig
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 20:35

211.9 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cfg-api.meister1.com
Port: 443
URL: https://cfg-api.meister1.com

First seen 2025-11-12 00:54
Last seen 2026-01-02 20:35
Open for 51 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33541b8531fe2de114dc724d06dba1ce6c28a1342

GraphQL introspection enabled at /graphql
Types: 282 (by kind: ENUM: 29, INPUT_OBJECT: 101, INTERFACE: 4, OBJECT: 141, SCALAR: 7)
Operations:
- Query: Query | fields: account, orderableProducts, smtpConfigTemplates, viewer, workAccounts
- Mutation: Mutation | fields: account, accountAddressUpdate, accountRegister, openingHourUpdate, userUpdate
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 20:35

306.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa324cdecb9b7011ddb6ffde35650105b30f0a7d860

GraphQL introspection enabled at /graphql
Types: 276 (by kind: ENUM: 29, INPUT_OBJECT: 97, INTERFACE: 4, OBJECT: 139, SCALAR: 7)
Operations:
- Query: Query | fields: account, orderableProducts, smtpConfigTemplates, viewer, workAccounts
- Mutation: Mutation | fields: account, accountAddressUpdate, accountRegister, openingHourUpdate, userUpdate
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-09 00:47

298.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-11-20 21:29

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cfg-api.meister1.com
Port: 80
URL: http://cfg-api.meister1.com

First seen 2025-11-12 00:54
Last seen 2026-01-02 20:35
Open for 51 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33541b8531fe2de114dc724d06dba1ce6c28a1342

GraphQL introspection enabled at /graphql
Types: 282 (by kind: ENUM: 29, INPUT_OBJECT: 101, INTERFACE: 4, OBJECT: 141, SCALAR: 7)
Operations:
- Query: Query | fields: account, orderableProducts, smtpConfigTemplates, viewer, workAccounts
- Mutation: Mutation | fields: account, accountAddressUpdate, accountRegister, openingHourUpdate, userUpdate
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 20:35

306.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa324cdecb9b7011ddb6ffde35650105b30f0a7d860

GraphQL introspection enabled at /graphql
Types: 276 (by kind: ENUM: 29, INPUT_OBJECT: 97, INTERFACE: 4, OBJECT: 139, SCALAR: 7)
Operations:
- Query: Query | fields: account, orderableProducts, smtpConfigTemplates, viewer, workAccounts
- Mutation: Mutation | fields: account, accountAddressUpdate, accountRegister, openingHourUpdate, userUpdate
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-09 00:47

298.9 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging.api-portal.boomhub.app
Port: 443
URL: https://staging.api-portal.boomhub.app

First seen 2025-12-07 01:55
Last seen 2026-01-02 20:35
Open for 26 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d2d86a7890d4ee9c2911485f7c2aa304dbc0e224

GraphQL introspection enabled at /graphql
Types: 371 (by kind: ENUM: 2, INPUT_OBJECT: 12, INTERFACE: 1, OBJECT: 350, SCALAR: 6)
Operations:
- Query: Query | fields: academicMonthlyReports, activeContest, activePromotions, adminStats, appPromoCodes
- Mutation: Mutation | fields: activateSchoolMemberships, addBillingProfileToSchool, addBookTemplate, addBookTemplateCategory, addBookTemplateChapter
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 20:35

591.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3f7e51889c67c00ab39f2ca0215085c8748fac91f

GraphQL introspection enabled at /graphql
Types: 370 (by kind: ENUM: 2, INPUT_OBJECT: 12, INTERFACE: 1, OBJECT: 349, SCALAR: 6)
Operations:
- Query: Query | fields: academicMonthlyReports, activeContest, activePromotions, adminStats, appPromoCodes
- Mutation: Mutation | fields: activateSchoolMemberships, addBillingProfileToSchool, addBookTemplate, addBookTemplateCategory, addBookTemplateChapter
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-09 00:47

589.1 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging-auth.meister1.com
Port: 80
URL: http://staging-auth.meister1.com

First seen 2025-12-09 01:04
Last seen 2026-01-02 20:35
Open for 24 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbb5c62a5d

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2026-01-02T20:35:24.416Z name=authservice

Found on 2026-01-02 20:35

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb60f968dd

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-27T05:25:22.010Z

Found on 2025-12-27 05:25

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbd5776149

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-24T23:01:45.441Z

Found on 2025-12-24 23:01

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb098aaa46

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-23T02:36:27.079Z

Found on 2025-12-23 02:36

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb88199a94

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : buildTime=2025-12-21T08:17:13.590Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging

Found on 2025-12-21 08:17

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbba3c814b

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-19T05:56:16.788Z

Found on 2025-12-19 05:56

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb399eaf4e

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : buildTime=2025-12-16T22:16:21.590Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging

Found on 2025-12-16 22:16

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb98167c30

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-14T10:28:23.929Z

Found on 2025-12-14 10:28

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb70d1e155

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-13T04:24:27.081Z name=authservice

Found on 2025-12-13 04:24

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbfea2466e

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-09T01:04:26.472Z

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb66239810

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-09T01:04:26.276Z name=authservice

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb9adc283c

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : env=staging buildTime=2025-12-09T01:04:26.159Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb97f108f1

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-09T01:04:26.130Z name=authservice

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: bbhgeri.nyttig-info.dk
Port: 443
URL: https://bbhgeri.nyttig-info.dk

First seen 2025-05-01 09:02
Last seen 2026-01-02 19:45
Open for 246 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfc837288bff59bf90a4cd9c223b6d9c6c7
```
Found 4 files trough .DS_Store spidering:

/icons
/manifest.webmanifest
/offline.html
/vejledninger
```
  Found on 2026-01-02 19:45
- Severity: low
  Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0f021ea090ae41dfe7d05d4973d05d4973
```
Found 3 files trough .DS_Store spidering:

/icons
/manifest.webmanifest
/vejledninger
```
  Found on 2025-12-13 19:20
- Severity: low
  Fingerprint: 5f32cf5d6962f09c3c1fc5e93c1fc5e9775a8c4ec0656fb9a29642268d158f28
```
Found 5 files trough .DS_Store spidering:

/icons
/manifest.webmanifest
/offline.html
/vejledninger
/ViewerJS
```
  Found on 2025-05-20 05:03
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: collection.design-museum.de
Port: 80
URL: http://collection.design-museum.de

First seen 2025-11-14 02:33
Last seen 2026-01-02 19:39
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2026-01-02 19:39
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.kotterliving.nl
Port: 443
URL: https://cms.kotterliving.nl

First seen 2025-11-15 00:10
Last seen 2026-01-02 19:14
Open for 48 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-02 19:14
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.offthemap.ie
Port: 443
URL: https://www.offthemap.ie

First seen 2025-08-26 00:01
Last seen 2026-01-02 19:10
Open for 129 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9db7f4c636b7f4c636b7f4c636b7f4c636
```
Found 1 files trough .DS_Store spidering:

/images
```
  Found on 2026-01-02 19:10
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: science.remenyfarm.hu
Port: 80
URL: http://science.remenyfarm.hu

First seen 2025-11-21 01:49
Last seen 2026-01-02 19:04
Open for 42 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-02 19:04

190.9 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.tutorguard.com
Port: 443
URL: https://www.tutorguard.com

First seen 2025-10-16 02:19
Last seen 2026-01-02 18:34
Open for 78 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa30ddeca26dece5556a2960b6c3ee68ac0d31e1098
```
GraphQL introspection enabled at /graphql
Types: 64 (by kind: ENUM: 8, INPUT_OBJECT: 9, OBJECT: 42, SCALAR: 5)
Operations:
- Query: Query | fields: currentOrganization, currentUser
- Mutation: Mutation | fields: addTag, connectRespondentsToAccessToken, createAccessToken, createDirectAccessToken, createOneOffPayment
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 18:34
  
  82.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.minklassiker.app
Port: 80
URL: http://api.minklassiker.app

First seen 2025-10-23 00:52
Last seen 2026-01-02 18:17
Open for 71 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa32cd6ad9b725371d99626d936faecfc5d8ed84d0c

GraphQL introspection enabled at /graphql
Types: 231 (by kind: ENUM: 28, INPUT_OBJECT: 55, INTERFACE: 1, OBJECT: 110, SCALAR: 21, UNION: 16)
Operations:
- Query: Query | fields: lastWorkout, me, ping, timestamp, workoutCount
- Mutation: Mutation | fields: login, loginWithBankId, registerExpoPushToken, sendFeedback, startBankId
Directives: abstractEntity, column, embedded, entity, id, include, link, map, requiresAuth, union (total: 13)

Found on 2026-01-02 18:17

892.2 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.utux.fi
Port: 80
URL: http://www.utux.fi

First seen 2025-11-25 01:34
Last seen 2026-01-02 17:54
Open for 38 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
  Found on 2026-01-02 17:54
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6e6e2d575e8dbfa7740808bc513f21f200037d550
```
GraphQL introspection enabled at /api/graphql
Types: 2250 (by kind: ENUM: 34, INPUT_OBJECT: 225, OBJECT: 1978, SCALAR: 8, UNION: 5)
Operations:
- Query: Query | fields: User, Users, countUsers, docAccessUser, meUser
- Mutation: Mutation | fields: createUser, deleteUser, logoutUser, refreshTokenUser, updateUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2025-12-01 12:17
  
  1.4 MBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging.api.muzzo.io
Port: 80
URL: http://staging.api.muzzo.io

First seen 2025-10-18 22:34
Last seen 2026-01-02 17:47
Open for 75 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d60c5dfca78338407405274707158ee387dbdb0b

GraphQL introspection enabled at /graphql
Types: 303 (by kind: ENUM: 35, INPUT_OBJECT: 156, OBJECT: 105, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 17:47

315.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3419e932ec88991de0ca253e509d3aad51ee0ace1

GraphQL introspection enabled at /graphql
Types: 299 (by kind: ENUM: 35, INPUT_OBJECT: 153, OBJECT: 104, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-13 08:02

312.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa392ee3136c3b1d9a6a4fdb33dbe22e8bda0b24119

GraphQL introspection enabled at /graphql
Types: 298 (by kind: ENUM: 35, INPUT_OBJECT: 152, OBJECT: 104, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-06 05:06

311.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34af00bc2eeb346d26961bcb9d250e3192e4cb885

GraphQL introspection enabled at /graphql
Types: 295 (by kind: ENUM: 35, INPUT_OBJECT: 151, OBJECT: 102, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-30 16:30

307.5 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3079c1ed17305f213ac984f9230c450165029aef2

GraphQL introspection enabled at /graphql
Types: 293 (by kind: ENUM: 35, INPUT_OBJECT: 149, OBJECT: 102, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-22 17:37

305.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31b37293adfbd0b6a3a1b45616727df31134c6b0d

GraphQL introspection enabled at /graphql
Types: 294 (by kind: ENUM: 35, INPUT_OBJECT: 150, OBJECT: 102, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-12 05:30

307.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36cbec09a0898cb0ad3ade801d2909511b267f72d

GraphQL introspection enabled at /graphql
Types: 291 (by kind: ENUM: 35, INPUT_OBJECT: 150, OBJECT: 99, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-29 01:31

305.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa35729d533596b8d314e318ad827b39728f9923648

GraphQL introspection enabled at /graphql
Types: 289 (by kind: ENUM: 35, INPUT_OBJECT: 150, OBJECT: 97, SCALAR: 6, UNION: 1)
Operations:
- Query: Query | fields: academicBackgrounds, activitySectors, anonymizedProfile, chatChannel, checkIfSearchFirmNameIsAvailable
- Mutation: Mutation | fields: abandonRecruitmentTask, acceptInvitation, acceptJobApplicationForFirstInterview, acceptRecruitmentTaskRecommendation, addOptOutJobOfferFromMatching
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-26 14:55

302.9 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.strada.nu
Port: 443
URL: https://api.strada.nu

First seen 2025-11-19 00:01
Last seen 2026-01-02 17:41
Open for 44 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa331f0e287af7a813542c04a54539d7c9dd627a449

GraphQL introspection enabled at /graphql
Types: 76 (by kind: ENUM: 9, INPUT_OBJECT: 7, INTERFACE: 1, OBJECT: 51, SCALAR: 8)
Operations:
- Query: RootQueryType | fields: activityLogs, companies, company, damage, damages
- Mutation: RootMutationType | fields: createCompany, createDamage, createFeedback, createFeedbackMeasure, createFeedbackPicture
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 17:41

93.6 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.asbroek.nl
Port: 443
URL: https://www.asbroek.nl

First seen 2025-12-12 01:18
Last seen 2026-01-02 16:51
Open for 21 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-02 16:51
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: wiki.krasserstoff.com
Port: 443
URL: https://wiki.krasserstoff.com

First seen 2025-11-16 00:14
Last seen 2026-01-02 16:36
Open for 47 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31ac6de87e8a5d535f7f8046b56dfed4c602b84ec

GraphQL introspection enabled at /graphql
Types: 133 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 106, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-02 16:36

186.5 kBytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: test.copybrains.com
Port: 443
URL: https://test.copybrains.com

First seen 2025-06-03 16:15
Last seen 2026-01-02 16:27
Open for 213 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d516b4a56516b4a56516b4a56516b4a56
```
Found 1 files trough .DS_Store spidering:

/fonts
```
  Found on 2026-01-02 16:27
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: growup.academy
Port: 443
URL: https://growup.academy

First seen 2025-06-04 11:59
Last seen 2026-01-02 16:22
Open for 212 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d516b4a56516b4a56516b4a56516b4a56
```
Found 1 files trough .DS_Store spidering:

/fonts
```
  Found on 2026-01-02 16:22
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: liftus.copybrains.com
Port: 443
URL: https://liftus.copybrains.com

First seen 2025-06-14 09:29
Last seen 2026-01-02 15:41
Open for 202 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d516b4a56516b4a56516b4a56516b4a56
```
Found 1 files trough .DS_Store spidering:

/fonts
```
  Found on 2026-01-02 15:41
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: backend.app.allactivity.com
Port: 443
URL: https://backend.app.allactivity.com

First seen 2025-11-23 00:51
Last seen 2026-01-02 15:37
Open for 40 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3f8d4510df5121a2f9ba0029b9865c0bcf74e9a04
```
GraphQL introspection enabled at /graphql
Types: 213 (by kind: ENUM: 10, INPUT_OBJECT: 45, OBJECT: 149, SCALAR: 9)
Operations:
- Query: Query | fields: address, addresses, addressesMeta, billingGeneral, checkInviteAcceptToken
- Mutation: Mutation | fields: acceptShareRules, activateClient, activateProject, activateUser, archiveProject
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 15:37
  
  332.9 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: admin.infra.advizeo.app
Port: 443
URL: https://admin.infra.advizeo.app

First seen 2025-11-06 16:10
Last seen 2026-01-02 15:25
Open for 56 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 15:25

123.0 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: wiki.welti-furrer.ch
Port: 80
URL: http://wiki.welti-furrer.ch

First seen 2025-11-23 02:12
Last seen 2026-01-02 15:21
Open for 40 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-02 15:21

190.9 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.pircel.com
Port: 443
URL: https://api.pircel.com

First seen 2025-10-18 22:06
Last seen 2026-01-02 15:10
Open for 75 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa357376a4644aa11b6d414c4454b169ff938a60725

GraphQL introspection enabled at /graphql
Types: 213 (by kind: ENUM: 31, INPUT_OBJECT: 30, OBJECT: 144, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 15:10

255.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c1b81349d28babeb46374f16cccbba2a835addb6

GraphQL introspection enabled at /graphql
Types: 209 (by kind: ENUM: 30, INPUT_OBJECT: 30, OBJECT: 141, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-02 22:03

252.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3548f9a363e5bfca682915475044d69a933879e95

GraphQL introspection enabled at /graphql
Types: 208 (by kind: ENUM: 30, INPUT_OBJECT: 29, OBJECT: 141, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-27 09:18

251.7 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d20cd0987de44e7c5c8be37f0221543b59e73513

GraphQL introspection enabled at /graphql
Types: 205 (by kind: ENUM: 30, INPUT_OBJECT: 27, OBJECT: 140, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-10-22 07:43

249.5 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.trainingtoolz.com
Port: 443
URL: https://www.trainingtoolz.com

First seen 2025-11-02 00:08
Last seen 2026-01-02 14:40
Open for 61 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa30ddeca26dece5556a2960b6c3ee68ac0d31e1098
```
GraphQL introspection enabled at /graphql
Types: 64 (by kind: ENUM: 8, INPUT_OBJECT: 9, OBJECT: 42, SCALAR: 5)
Operations:
- Query: Query | fields: currentOrganization, currentUser
- Mutation: Mutation | fields: addTag, connectRespondentsToAccessToken, createAccessToken, createDirectAccessToken, createOneOffPayment
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 14:40
  
  82.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: app.urkla.com
Port: 443
URL: https://app.urkla.com

First seen 2025-11-20 00:02
Last seen 2026-01-02 14:39
Open for 43 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34f95026c55d658f0e447bc3485dedf2f049361ef

GraphQL introspection enabled at /graphql
Types: 63 (by kind: ENUM: 13, INPUT_OBJECT: 4, OBJECT: 37, SCALAR: 9)
Operations:
- Query: Query | fields: _empty, organization, organizations, project, projects
- Mutation: Mutation | fields: _empty, createProject, deleteProject, updateOrganization, updateProject
Directives: deprecated, include, skip (total: 3)

Found on 2026-01-02 14:39

137.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3cb9ed2dc344d9260f8dcafc4582be65fb40ab37f

GraphQL introspection enabled at /graphql
Types: 62 (by kind: ENUM: 13, INPUT_OBJECT: 4, OBJECT: 36, SCALAR: 9)
Operations:
- Query: Query | fields: _empty, organization, organizations, project, projects
- Mutation: Mutation | fields: _empty, createProject, deleteProject, updateOrganization, updateProject
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-16 14:12

136.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d2caac50fd776894a57c43308a78d97bbad0a25b

GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 12, INPUT_OBJECT: 4, OBJECT: 36, SCALAR: 9)
Operations:
- Query: Query | fields: _empty, organization, organizations, project, projects
- Mutation: Mutation | fields: _empty, createProject, deleteProject, updateOrganization, updateProject
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-12 17:12

134.2 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3229c71c3ab5a4e412c885b9f24b1150403e18efc

GraphQL introspection enabled at /graphql
Types: 55 (by kind: ENUM: 10, INPUT_OBJECT: 4, OBJECT: 32, SCALAR: 9)
Operations:
- Query: Query | fields: _empty, organization, organizations, project, projects
- Mutation: Mutation | fields: _empty, createProject, deleteProject, updateOrganization, updateProject
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-01 11:14

123.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36a4e76d2c12464227dee67be2aa5562974055f99

GraphQL introspection enabled at /graphql
Types: 45 (by kind: ENUM: 9, INPUT_OBJECT: 1, OBJECT: 26, SCALAR: 9)
Operations:
- Query: Query | fields: _empty, organization, organizations, project, projects
- Mutation: Mutation | fields: _empty, createProject, deleteProject, updateOrganization, updateProject
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-29 08:16

97.5 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.handstand-lernen.de
Port: 443
URL: https://www.handstand-lernen.de

First seen 2025-11-01 06:48
Last seen 2026-01-02 14:37
Open for 62 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3c5b13f9f9509282dca5f75b7ef82edfc8cf9cc44
```
GraphQL introspection enabled at /graphql
Types: 55 (by kind: ENUM: 13, INPUT_OBJECT: 10, OBJECT: 27, SCALAR: 5)
Operations:
- Query: Query | fields: me, pose, poses, transitions, user
- Mutation: Mutation | fields: login, logout, register, resendEmailVerification, verifyEmail
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 14:37
  
  47.1 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api-write.boomhub.app
Port: 443
URL: https://api-write.boomhub.app

First seen 2025-10-16 00:59
Last seen 2026-01-02 14:24
Open for 78 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa35746f0295ca6de8b5209b3b6a76b22545a885834

GraphQL introspection enabled at /graphql
Types: 123 (by kind: ENUM: 2, INPUT_OBJECT: 1, INTERFACE: 1, OBJECT: 113, SCALAR: 5, UNION: 1)
Operations:
- Query: Query | fields: archivedClassBooks, bookChapter, bookTemplate, bookTemplateCategories, classBook
- Mutation: Mutation | fields: addBookTemplateChapter, addBookTemplateChoice, addBookTemplateResource, addBookTemplateToPack, addClassStudent
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 14:24

177.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3270827c583ffa007e83c757a50128e38199ed3ea

GraphQL introspection enabled at /graphql
Types: 125 (by kind: ENUM: 2, INPUT_OBJECT: 1, INTERFACE: 1, OBJECT: 115, SCALAR: 5, UNION: 1)
Operations:
- Query: Query | fields: archivedClassBooks, bookChapter, bookTemplate, bookTemplateCategories, classBook
- Mutation: Mutation | fields: addBookTemplateChapter, addBookTemplateChoice, addBookTemplateResource, addBookTemplateToPack, addClassStudent
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-07 04:49

179.6 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: app.careerskitchen.com
Port: 80
URL: http://app.careerskitchen.com

First seen 2025-11-11 02:26
Last seen 2026-01-02 13:51
Open for 52 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa32ffd3f23d80a6be1ef979a9ad1a3c27ae925cfa6

GraphQL introspection enabled at /graphql
Types: 97 (by kind: ENUM: 2, INPUT_OBJECT: 2, OBJECT: 86, SCALAR: 7)
Operations:
- Query: Query | fields: migrateUsers, products, user, userDetails, users
- Mutation: Mutation | fields: deactivateUser, deleteUser, login, requestReset, signup
- Subscription: Subscription | fields: currency, id, lastBillDate, nextBillDate, price
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 13:51

174.2 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.mtn8predictor.com
Port: 80
URL: http://www.mtn8predictor.com

First seen 2025-10-22 00:25
Last seen 2026-01-02 13:39
Open for 72 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a393500dd

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : env=Live slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w...

Found on 2026-01-02 13:39

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a6c582e79

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : env=Live slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w...

Found on 2025-12-26 17:21

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ae90b2eb1

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-24 18:01

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a1a054e07

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true]
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-12-22 20:44

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ab804debd

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-12-21 00:51

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a81150987

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true]
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-21 00:51

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5ae8d43a3d

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-12-21 00:51

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a1342476d

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-12-20 14:56

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5aec94ef05

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-12-12 21:52

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5aeb20f645

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z]
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-11-27 03:18

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5abc9d2807

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true]
gameConfig (args: none) : gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[]

Found on 2025-11-16 16:26

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5affa1ff05

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8 lockedOut=false
gameConfig (args: none) : slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live

Found on 2025-11-12 15:05

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a5f7afddf

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : _id=64c7904df126aa24e9de19d8 lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam...
gameConfig (args: none) : env=Live slider=map[] gameCode=football_predictor_mtn_cons version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w...

Found on 2025-11-10 14:34

25.6 kBytes 9 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa381bc9ce1afee902393fe0f6b5773de5a2507ced9

GraphQL introspection enabled at /graphql
Types: 21 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 12, SCALAR: 6)
Operations:
- Query: Query | fields: categories, config, gameConfig, items
- Mutation: Mutation | fields: updateConfig
Directives: deprecated, include, skip (total: 3)

Readable stores: 2
config (args: optional/default) : lockedOut=false lockedOutCategories=map[9:2023-10-07T16:00:00.000Z] lockedOutCategoriesBoolen=map[9:true] categories=[map[altName:predictor class:category_2 game:efp_2017 gameNam... _id=64c7904df126aa24e9de19d8
gameConfig (args: none) : version=map[googleAnalyticsToken:UA-68512439-28 landingPage:https://w... env=Live slider=map[] gameCode=football_predictor_mtn_cons

Found on 2025-11-08 13:14

25.6 kBytes 9 rows

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.gamedex.org
Port: 80
URL: http://api.gamedex.org

First seen 2025-11-14 00:24
Last seen 2026-01-02 13:15
Open for 49 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3976be76c0ff64ff03413534aacf49023247a7a9f

GraphQL introspection enabled at /graphql
Types: 57 (by kind: ENUM: 5, INPUT_OBJECT: 3, OBJECT: 41, SCALAR: 5, UNION: 3)
Operations:
- Query: Query | fields: filters, inventory, inventoryCount, inventoryFilters, inventoryPrice
- Mutation: Mutation | fields: authValidate, authValidateExtension, createOffer, deleteOffer, updateOffer
- Subscription: Subscription | fields: historyUpdate, inventoryUpdate, ping, tradingUpdate
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 13:15

64.2 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.petsly.org
Port: 80
URL: http://api.petsly.org

First seen 2025-11-28 00:18
Last seen 2026-01-02 13:06
Open for 35 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c19cbc06a429cff6ce7a80797b3769cb704e7cf7

GraphQL introspection enabled at /graphql
Types: 253 (by kind: ENUM: 27, INPUT_OBJECT: 116, OBJECT: 102, SCALAR: 8)
Operations:
- Query: Query | fields: getAddressById, getAppointmentById, getAppointments, getAppointmentsByClient, getLocations
- Mutation: Mutation | fields: createAddress, createAppointment, removeAddress, updateAddress, updateAppointment
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 13:06

305.5 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.touchandtell.com
Port: 80
URL: http://api.touchandtell.com

First seen 2025-12-12 00:37
Last seen 2026-01-02 12:58
Open for 21 days
- Severity: medium
  Fingerprint: c2db3a1c40d490dbf8cbe7e2f46ebe74426f3c78a17f4be5ca5b249d0e0148cd
```
GraphQL introspection enabled at /graphql/api
Types: 279 (by kind: ENUM: 2, INPUT_OBJECT: 101, INTERFACE: 1, OBJECT: 170, SCALAR: 5)
Operations:
- Query: Query | fields: adminSurveys, node, survey, surveys, viewer
- Mutation: Mutation | fields: createReport, createWidget, deleteWidget, populateReport, updateWidget
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 12:58
  
  265.3 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.utux.fi
Port: 443
URL: https://www.utux.fi

First seen 2025-11-25 01:34
Last seen 2026-01-02 12:20
Open for 38 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
  Found on 2026-01-02 12:20
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d6e6e2d575e8dbfa7740808bc513f21f200037d550
```
GraphQL introspection enabled at /api/graphql
Types: 2250 (by kind: ENUM: 34, INPUT_OBJECT: 225, OBJECT: 1978, SCALAR: 8, UNION: 5)
Operations:
- Query: Query | fields: User, Users, countUsers, docAccessUser, meUser
- Mutation: Mutation | fields: createUser, deleteUser, logoutUser, refreshTokenUser, updateUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2025-12-01 12:18
  
  1.4 MBytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.tommasorandazzo.it
Port: 80
URL: http://www.tommasorandazzo.it

First seen 2024-11-14 02:24
Last seen 2026-01-02 12:14
Open for 414 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c39aac35b39aac35b92705af73eecf6fbb17db4ac891b06c3
```
Found 14 files trough .DS_Store spidering:

/404.html
/422.html
/500.html
/apple-touch-icon-precomposed.png
/apple-touch-icon.png
/assets
/documents
/documents/cv.pdf
/documents/cv1.pdf
/documents/CV2.pdf
/favicon.ico
/images
/packs
/robots.txt
```
  Found on 2026-01-02 12:14
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.debedrijfsverzekeraar.nl
Port: 443
URL: https://www.debedrijfsverzekeraar.nl

First seen 2025-11-25 00:44
Last seen 2026-01-02 11:55
Open for 38 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-02 11:55
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e350b1f5f99ffa0b662d9e5b7c2784d9b7db7270c8d2
```
GraphQL introspection enabled at /api
Types: 195 (by kind: ENUM: 4, INPUT_OBJECT: 6, INTERFACE: 11, OBJECT: 135, SCALAR: 9, UNION: 30)
Operations:
- Query: Query | fields: bannersEntries, entries, entry, entryCount, ping
- Mutation: Mutation | fields: ping
Directives: deprecated, formatDateTime, include, markdown, money, parseRefs, skip, stripTags, transform, trim (total: 12)
```
  Found on 2025-11-29 13:27
  
  7.6 MBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.touchandtell.se
Port: 80
URL: http://api.touchandtell.se

First seen 2025-12-12 00:57
Last seen 2026-01-02 11:50
Open for 21 days
- Severity: medium
  Fingerprint: c2db3a1c40d490dbf8cbe7e2f46ebe74426f3c78a17f4be5ca5b249d0e0148cd
```
GraphQL introspection enabled at /graphql/api
Types: 279 (by kind: ENUM: 2, INPUT_OBJECT: 101, INTERFACE: 1, OBJECT: 170, SCALAR: 5)
Operations:
- Query: Query | fields: adminSurveys, node, survey, surveys, viewer
- Mutation: Mutation | fields: createReport, createWidget, deleteWidget, populateReport, updateWidget
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 11:50
  
  265.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: calculator-be.refsite.info
Port: 80
URL: http://calculator-be.refsite.info

First seen 2025-12-13 00:12
Last seen 2026-01-02 11:48
Open for 20 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa368aabb82185e4412290654dc64d79cffc8d282a7

GraphQL introspection enabled at /graphql
Types: 93 (by kind: ENUM: 7, INPUT_OBJECT: 46, OBJECT: 35, SCALAR: 5)
Operations:
- Query: Query | fields: advertisements, article, articleBySlug, articleCategories, articleCategory
- Mutation: Mutation | fields: bulkUpdateCards, bulkUpdateQrProducts, createAdvertisement, createArticle, createArticleCategory
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 11:48

151.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3bbf3e92db0d0078f263dbb0cbe691de873b60708

GraphQL introspection enabled at /graphql
Types: 89 (by kind: ENUM: 6, INPUT_OBJECT: 44, OBJECT: 34, SCALAR: 5)
Operations:
- Query: Query | fields: article, articleBySlug, articleCategories, articleCategory, articles
- Mutation: Mutation | fields: bulkUpdateCards, bulkUpdateQrProducts, createArticle, createArticleCategory, createCalculator
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-26 18:24

140.5 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.nzr-portal.de
Port: 443
URL: https://api.nzr-portal.de

First seen 2025-11-21 03:49
Last seen 2026-01-02 10:47
Open for 42 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 10:47

123.0 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: runbook.lonedesignclub.com
Port: 443
URL: https://runbook.lonedesignclub.com

First seen 2025-12-13 00:42
Last seen 2026-01-02 10:28
Open for 20 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-02 10:28

190.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e280b4b6a0ebb23fa431b8700ac441a6f18f743293

GraphQL introspection enabled at /graphql/api
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2025-12-24 15:55

190.9 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.cqspots.info
Port: 443
URL: https://www.cqspots.info

First seen 2025-11-14 11:23
Last seen 2026-01-02 10:15
Open for 48 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa309f6873c1181b80040e7bd4aa99868f60c55e9f6
```
GraphQL introspection enabled at /graphql
Types: 28 (by kind: ENUM: 2, INPUT_OBJECT: 3, INTERFACE: 1, OBJECT: 17, SCALAR: 5)
Operations:
- Query: Query | fields: node, nodes, spots, viewer
- Mutation: Mutation | fields: createSpot, deleteSpot, updateSpot
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0
```
  Found on 2026-01-02 10:15
  
  37.3 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.geekbattle.online
Port: 443
URL: https://www.geekbattle.online

First seen 2025-11-03 00:29
Last seen 2026-01-02 10:13
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35f773b01ebe7868340a077bdee03c39ed61d8088
```
GraphQL introspection enabled at /graphql
Types: 59 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 48, SCALAR: 8)
Operations:
- Query: Query | fields: myProfile, myRegistration, registrationById, userProfileById, userProfiles
- Mutation: Mutation | fields: updateRegistrationAnswers
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 10:13
  
  74.9 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: app.hyper.place
Port: 443
URL: https://app.hyper.place

First seen 2025-11-30 00:51
Last seen 2026-01-02 10:06
Open for 33 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d67e5f07bdf55e315f28e13dfedc787243daded5fa

GraphQL introspection enabled at /api/graphql
Types: 94 (by kind: ENUM: 7, INPUT_OBJECT: 12, INTERFACE: 1, OBJECT: 65, SCALAR: 8, UNION: 1)
Operations:
- Query: Query | fields: activeSubscription, agentConversation, book, entity, entry
- Mutation: Mutation | fields: acceptInvitation, agentConversationArchive, agentConversationChat, agentConversationCreate, agentConversationDestroy
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
preferences (args: none) : colorTheme=AUTO

Found on 2026-01-02 10:06

110.5 kBytes 1 rows

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: legacyapi.lkss.se
Port: 443
URL: https://legacyapi.lkss.se

First seen 2025-10-20 01:16
Last seen 2026-01-02 08:59
Open for 74 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3a481e617c84062c5e35b56ab16814590993787c2
```
GraphQL introspection enabled at /graphql
Types: 25 (by kind: ENUM: 5, INPUT_OBJECT: 2, OBJECT: 11, SCALAR: 7)
Operations:
- Query: Query | fields: group, groups, me, user, users
- Mutation: Mutation | fields: getToken
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 08:59
  
  26.6 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.dev.coreo.io
Port: 443
URL: https://api.dev.coreo.io

First seen 2025-11-21 02:09
Last seen 2026-01-02 08:14
Open for 42 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3c15d8f5475c1b698fec6991ef40bdfb93f459b09
```
GraphQL introspection enabled at /graphql
Types: 273 (by kind: ENUM: 11, INPUT_OBJECT: 171, OBJECT: 83, SCALAR: 8)
Operations:
- Query: RootQueryType | fields: projects, record, records, user, users
- Mutation: RootMutationType | fields: createProject, createProjectPage, createProjectTemplate, updateProject, updateProjectPage
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 08:14
  
  423.0 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-21 02:09
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging.origin.goodgym.org
Port: 443
URL: https://staging.origin.goodgym.org

First seen 2025-11-16 00:15
Last seen 2026-01-02 07:51
Open for 47 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3770016411815fd43f4de97f8778f89fd93988159

GraphQL introspection enabled at /graphql
Types: 129 (by kind: ENUM: 10, INPUT_OBJECT: 1, INTERFACE: 2, OBJECT: 108, SCALAR: 7, UNION: 1)
Operations:
- Query: Query | fields: area, areas, autocompleteAddress, autocompleteAddressDatabase, autocompleteBeneficiary
- Mutation: Mutation | fields: block, cancelTaskReferralReservation, cancelTestPairing, cheer, completeTestPairing
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 07:51

202.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa325bf8115a55d7457db11edc4c0b1acd16fd104ed

GraphQL introspection enabled at /graphql
Types: 126 (by kind: ENUM: 10, INPUT_OBJECT: 1, INTERFACE: 2, OBJECT: 105, SCALAR: 7, UNION: 1)
Operations:
- Query: Query | fields: area, areas, autocompleteAddress, autocompleteAddressDatabase, autocompleteBeneficiary
- Mutation: Mutation | fields: block, cancelTaskReferralReservation, cancelTestPairing, cheer, completeTestPairing
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-16 12:52

197.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33fe0b929b199218b5ac5d71046d181d55cc3f3e1

GraphQL introspection enabled at /graphql
Types: 128 (by kind: ENUM: 10, INPUT_OBJECT: 1, INTERFACE: 2, OBJECT: 107, SCALAR: 7, UNION: 1)
Operations:
- Query: Query | fields: area, areas, autocompleteAddress, autocompleteAddressDatabase, autocompleteBeneficiary
- Mutation: Mutation | fields: block, cancelTaskReferralReservation, cancelTestPairing, cheer, completeTestPairing
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-14 04:55

201.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa308d5e6311a07d6333ea4be68e6b365cddc607369

GraphQL introspection enabled at /graphql
Types: 125 (by kind: ENUM: 10, INPUT_OBJECT: 1, INTERFACE: 2, OBJECT: 104, SCALAR: 7, UNION: 1)
Operations:
- Query: Query | fields: area, areas, autocompleteAddress, autocompleteAddressDatabase, autocompleteBeneficiary
- Mutation: Mutation | fields: block, cancelTaskReferralReservation, cancelTestPairing, cheer, completeTestPairing
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-02 10:57

196.2 kBytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 3.33.249.164
Domain: indydevs.com
Port: 443
URL: https://indydevs.com

First seen 2023-10-23 11:33
Last seen 2026-01-02 07:45
Open for 801 days

Severity: low
Fingerprint: 5f32cf5d6962f09c87f05b7087f05b70c526ce8886830e2b34b3566ba14c8be2

Found 26 files trough .DS_Store spidering:

/css
/css/fonts
/img
/img/hp
/img/hp/bootcamp.jpeg
/img/hp/course.jpg
/img/hp/event.jpg
/img/hp/mic2.svg
/img/hp/special.jpg
/img/hp/talk.jpg
/img/hp/yoga2.jpeg
/img/icons
/img/landing_page
/img/logos
/img/msg0.jpg
/img/msg1.jpg
/img/msg2.jpg
/img/msg3.jpg
/img/msg4.jpg
/img/msg_pic.jpg
/js
/js/lib
/lib
/logos
/pdfs
/video

Found on 2026-01-02 07:45

Severity: low
Fingerprint: 5f32cf5d6962f09cdc57c57adc57c57a578f388aa08570094474cf7109155ce0

Found 19 files trough .DS_Store spidering:

/css
/css/fonts
/img
/img/hp
/img/icons
/img/landing_page
/img/logos
/img/msg0.jpg
/img/msg1.jpg
/img/msg2.jpg
/img/msg3.jpg
/img/msg4.jpg
/img/msg_pic.jpg
/js
/js/lib
/lib
/logos
/pdfs
/video

Found on 2025-12-20 10:21

Severity: low
Fingerprint: 5f32cf5d6962f09cdafa5447dafa54476f97dfef0e4cb0a7e8353e6a53b8aa66

Found 18 files trough .DS_Store spidering:

/css
/img
/img/hp
/img/icons
/img/landing_page
/img/logos
/img/msg0.jpg
/img/msg1.jpg
/img/msg2.jpg
/img/msg3.jpg
/img/msg4.jpg
/img/msg_pic.jpg
/js
/js/lib
/lib
/logos
/pdfs
/video

Found on 2025-12-20 10:21

Severity: low
Fingerprint: 5f32cf5d6962f09ca0cc0fcfa0cc0fcf7c01fcc742225844c242306091846b4d

Found 25 files trough .DS_Store spidering:

/css
/css/fonts
/img
/img/hp
/img/hp/bootcamp.jpeg
/img/hp/course.jpg
/img/hp/event.jpg
/img/hp/mic2.svg
/img/hp/special.jpg
/img/hp/talk.jpg
/img/hp/yoga2.jpeg
/img/icons
/img/landing_page
/img/logos
/img/msg0.jpg
/img/msg1.jpg
/img/msg2.jpg
/img/msg3.jpg
/img/msg4.jpg
/img/msg_pic.jpg
/js
/lib
/logos
/pdfs
/video

Found on 2025-12-14 00:21

Severity: low
Fingerprint: 5f32cf5d6962f09c4239b3d84239b3d8143ab0e042731604f3ed02ba0c859e3d
```
Found 8 files trough .DS_Store spidering:

/css
/img
/js
/js/lib
/lib
/logos
/pdfs
/video
```
Found on 2025-10-18 18:58

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.tradesman-insurance4u.co.uk
Port: 443
URL: https://www.tradesman-insurance4u.co.uk

First seen 2025-05-23 09:28
Last seen 2026-01-02 07:29
Open for 223 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf17642f079f9265f554ed45f554ed45f554ed4
```
Found 2 files trough .DS_Store spidering:

/favicon.ico
/robots.txt
```
  Found on 2026-01-02 07:29
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.johnsongibbs.co.uk
Port: 443
URL: https://api.johnsongibbs.co.uk

First seen 2025-11-14 01:03
Last seen 2026-01-02 06:35
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa39f0a2292787f8a62fc915afe4dd3dff64ab4967a
```
GraphQL introspection enabled at /graphql
Types: 253 (by kind: ENUM: 7, INPUT_OBJECT: 79, OBJECT: 151, SCALAR: 13, UNION: 3)
Operations:
- Query: Query | fields: article, articles, articlesConnection, contact, footerNav
- Mutation: Mutation | fields: createArticle, deleteArticle, deleteContact, updateArticle, updateContact
Directives: cacheControl, deprecated, include, skip (total: 4)
```
  Found on 2026-01-02 06:35
  
  206.5 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: dev.api.payvo.gr
Port: 443
URL: https://dev.api.payvo.gr

First seen 2025-10-21 01:21
Last seen 2026-01-02 05:58
Open for 73 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa327405247877e9d7581d75e17729642df16d6a847

GraphQL introspection enabled at /graphql
Types: 111 (by kind: ENUM: 20, INPUT_OBJECT: 37, OBJECT: 49, SCALAR: 5)
Operations:
- Query: Query | fields: AADEInvoice, AADEInvoices, business, businesses, transactions
- Mutation: Mutation | fields: addAADEInvoice, addBusiness, addTransaction, initiatePOSPayment, initiatePOSinvoice
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 05:58

132.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c4a2f7e9d023cccb352115d9890cf899067e2605

GraphQL introspection enabled at /graphql
Types: 108 (by kind: ENUM: 19, INPUT_OBJECT: 36, OBJECT: 48, SCALAR: 5)
Operations:
- Query: Query | fields: AADEInvoice, AADEInvoices, business, businesses, transactions
- Mutation: Mutation | fields: addAADEInvoice, addBusiness, addTransaction, initiatePOSPayment, initiatePOSinvoice
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-08 03:12

129.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa377163c0246259992935844ba6ac31ecb95427bf7

GraphQL introspection enabled at /graphql
Types: 128 (by kind: ENUM: 35, INPUT_OBJECT: 31, OBJECT: 55, SCALAR: 7)
Operations:
- Query: Query | fields: AADEInvoice, AADEInvoices, business, businesses, companyDetails
- Mutation: Mutation | fields: addAADEInvoice, addBusiness, addContact, addError, addOffering
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-30 15:09

155.5 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.petsly.org
Port: 443
URL: https://api.petsly.org

First seen 2025-11-28 00:18
Last seen 2026-01-02 05:08
Open for 35 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c19cbc06a429cff6ce7a80797b3769cb704e7cf7

GraphQL introspection enabled at /graphql
Types: 253 (by kind: ENUM: 27, INPUT_OBJECT: 116, OBJECT: 102, SCALAR: 8)
Operations:
- Query: Query | fields: getAddressById, getAppointmentById, getAppointments, getAppointmentsByClient, getLocations
- Mutation: Mutation | fields: createAddress, createAppointment, removeAddress, updateAddress, updateAppointment
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-02 05:08

305.5 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.jagerfinancieeladvies.nl
Port: 443
URL: https://www.jagerfinancieeladvies.nl

First seen 2025-12-11 00:16
Last seen 2026-01-02 04:56
Open for 22 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-02 04:56
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.growup.academy
Port: 443
URL: https://www.growup.academy

First seen 2025-06-12 17:52
Last seen 2026-01-02 04:55
Open for 203 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d516b4a56516b4a56516b4a56516b4a56
```
Found 1 files trough .DS_Store spidering:

/fonts
```
  Found on 2026-01-02 04:55
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.goapps.app
Port: 80
URL: http://api.goapps.app

First seen 2025-11-19 00:31
Last seen 2026-01-02 04:21
Open for 44 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3f7e51889c67c00ab39f2ca0215085c8748fac91f
```
GraphQL introspection enabled at /graphql
Types: 370 (by kind: ENUM: 2, INPUT_OBJECT: 12, INTERFACE: 1, OBJECT: 349, SCALAR: 6)
Operations:
- Query: Query | fields: academicMonthlyReports, activeContest, activePromotions, adminStats, appPromoCodes
- Mutation: Mutation | fields: activateSchoolMemberships, addBillingProfileToSchool, addBookTemplate, addBookTemplateCategory, addBookTemplateChapter
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2026-01-02 04:21
  
  589.1 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-27 02:07
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging-auth.meister1.com
Port: 443
URL: https://staging-auth.meister1.com

First seen 2025-12-09 01:04
Last seen 2026-01-02 04:17
Open for 24 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbaf0a55e6

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : buildTime=2026-01-02T04:17:27.722Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging

Found on 2026-01-02 04:17

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb2908373d

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-30T08:56:03.461Z

Found on 2025-12-30 08:56

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbe1fb9bc1

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-26T09:02:51.517Z

Found on 2025-12-26 09:02

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbc1906ce1

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-24T06:47:06.685Z

Found on 2025-12-24 06:47

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb4f14038a

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-22T08:01:33.633Z

Found on 2025-12-22 08:01

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb5f626116

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-20T09:17:37.761Z

Found on 2025-12-20 09:17

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb5706e767

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-18T10:02:49.061Z

Found on 2025-12-18 10:02

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb9fc0ab7c

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-16T08:25:09.318Z

Found on 2025-12-16 08:25

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbee844347

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-12T11:56:01.724Z

Found on 2025-12-12 11:56

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb6f3d4816

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : env=staging buildTime=2025-12-09T01:04:23.484Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb26ad0ed3

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : buildTime=2025-12-09T01:04:23.203Z name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cbd52a77c9

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-09T01:04:23.308Z

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa33edaacf3ad7af3715d23d6ada33863cb6593295f

GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 10, SCALAR: 4)
Operations:
- Query: Query | fields: health, serviceInfo, user
- Mutation: Mutation | fields: inviteUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 1
serviceInfo (args: none) : name=authservice version=d17f9b2ce26ade8501ed840a2b5603344baf8c43_669 env=staging buildTime=2025-12-09T01:04:23.207Z

Found on 2025-12-09 01:04

24.4 kBytes 4 rows

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www-api.denovo.at
Port: 80
URL: http://www-api.denovo.at

First seen 2025-11-13 03:23
Last seen 2026-01-02 02:58
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3cabed0e33088b5213a6cb734ea8e7e6c740cece6
```
GraphQL introspection enabled at /graphql
Types: 22 (by kind: ENUM: 6, OBJECT: 13, SCALAR: 3)
Operations:
- Query: Query | fields: dummyEnumQuery, jobs
- Mutation: Mutation | fields: requestDocument, submitForm
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 02:58
  
  26.2 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 15.197.253.240
Domain: strapi.almanac.energy
Port: 80
URL: http://strapi.almanac.energy

First seen 2025-11-14 01:23
Last seen 2026-01-02 02:26
Open for 49 days

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c30a9d6e2

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2026-01-02 02:26

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c43faa3ba

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-27 05:34

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c954ebd68

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-12-25 04:31

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c72eb0718

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z
bookingDate (args: optional/default) : datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.





bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-23 05:41

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cfd190838

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru...
businessInformation (args: optional/default) : getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-21 01:21

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c26485372

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z
businessInformation (args: optional/default) : getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-19 05:35

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c2032fde4

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us
courseDirectory (args: optional/default) : updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-17 01:50

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c11298d54

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry
businessInformation (args: optional/default) : updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z
contactUs (args: optional/default) : text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-13 18:34

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c98ec1d00

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis...
courseDirectory (args: optional/default) : published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c659148b2

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c7a65b6ea

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru...
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c502d6e42

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-12-11 11:04

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c3ae6a1ea

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy
contactUs (args: optional/default) : created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-12-10 21:59

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cf679fd20

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-12-01 00:37

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770ca275fc46

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z
courseDirectory (args: optional/default) : updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-28 21:06

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770ca25d7ce2

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-26 10:59

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c07341780

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1
bookingEnquiry (args: optional/default) : title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z
businessInformation (args: optional/default) : created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1
contactUs (args: optional/default) : title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z
coursePage (args: optional/default) : updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z

Found on 2025-11-24 10:09

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c0095e25e

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-22 09:18

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c0c183bc6

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z
bookingDate (args: optional/default) : datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.





bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : published_at=2021-09-19T13:56:28.422Z id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z

Found on 2025-11-20 10:50

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c814686a2

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-16 03:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cb9870652

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th...
bookingEnquiry (args: optional/default) : created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1
businessInformation (args: optional/default) : contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z
contactUs (args: optional/default) : title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z
courseDirectory (args: optional/default) : updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z
courseEnquiry (args: optional/default) : updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c7811f0f8

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z
bookingEnquiry (args: optional/default) : title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z
courseDirectory (args: optional/default) : published_at=2021-09-13T12:28:13.938Z id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory
courseEnquiry (args: optional/default) : published_at=2021-10-04T18:11:49.374Z id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ...
coursePage (args: optional/default) : created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z id=1

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770cb46fc3f8

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : id=1 created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z
bookingDate (args: optional/default) : noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates
bookingEnquiry (args: optional/default) : id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z
businessInformation (args: optional/default) : published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy getInTouchMsg=Would you like to see our new training centre in person? Or m...
contactUs (args: optional/default) : id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z
courseDirectory (args: optional/default) : created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z id=1
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Severity: high
Fingerprint: c2db3a1c40d490db1a0bbaa3c28e2db1cb6f18b3cacf0a3fe5b9770c309d2bb0

GraphQL introspection enabled at /graphql
Types: 520 (by kind: ENUM: 8, INPUT_OBJECT: 227, OBJECT: 263, SCALAR: 16, UNION: 6)
Operations:
- Query: Query | fields: aboutUs, bookingDate, bookingEnquiry, businessInformation, contactUs
- Mutation: Mutation | fields: deleteAboutUs, deleteBookingDate, updateAboutUs, updateBookingDate, updateBookingEnquiry
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 8
aboutUs (args: optional/default) : created_at=2021-09-20T19:15:31.518Z updated_at=2022-01-26T16:11:24.086Z title=About almanac.energy published_at=2021-09-20T19:15:38.931Z id=1
bookingDate (args: optional/default) : id=1 created_at=2021-09-24T14:02:44.174Z updated_at=2023-07-17T13:12:04.509Z title=Booking Dates noDatesAvailableText=Please contact us at 01383260002 to make a reservation.




 datesAvailableText=Below you can find the current booking dates available for th... published_at=2023-07-17T12:13:41.756Z
bookingEnquiry (args: optional/default) : formInstruction=Having a problem with a booking you’ve already placed, stru... published_at=2021-10-08T13:57:22.887Z id=1 created_at=2021-10-08T13:48:26.277Z updated_at=2021-10-18T17:22:49.986Z title=Booking Enquiry
businessInformation (args: optional/default) : getInTouchMsg=Would you like to see our new training centre in person? Or m... published_at=2021-09-24T14:08:38.653Z id=1 created_at=2021-09-24T14:03:50.587Z updated_at=2021-12-20T20:09:19.710Z contactNumber=01383260002 email=info@almanac.energy
contactUs (args: optional/default) : title=Contact Us text=Get in touch if there are any questions you would like to dis... published_at=2021-09-24T14:08:35.196Z id=1 created_at=2021-09-24T14:04:13.571Z updated_at=2021-10-18T17:12:39.795Z
courseDirectory (args: optional/default) : id=1 created_at=2021-09-13T12:28:10.405Z updated_at=2022-01-26T16:18:58.478Z title=Course Directory published_at=2021-09-13T12:28:13.938Z
courseEnquiry (args: optional/default) : id=1 created_at=2021-10-04T18:11:35.859Z updated_at=2021-10-18T17:22:09.375Z title=Course Enquiry formInstruction=Need some extra information about a specific course you’re ... published_at=2021-10-04T18:11:49.374Z
coursePage (args: optional/default) : id=1 created_at=2021-09-19T13:35:26.495Z updated_at=2023-07-17T13:20:15.207Z published_at=2021-09-19T13:56:28.422Z

Found on 2025-11-14 01:23

433.7 kBytes 46 rows

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.oksnoen.no
Port: 80
URL: http://api.oksnoen.no

First seen 2025-11-18 00:18
Last seen 2026-01-02 01:58
Open for 45 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa36a5dffbd2025d95f6bf1152d2b733eadf91b3609
```
GraphQL introspection enabled at /graphql
Types: 90 (by kind: ENUM: 12, INPUT_OBJECT: 30, OBJECT: 42, SCALAR: 6)
Operations:
- Query: Query | fields: activeSeason, season, seasons, viewer, webOrder
- Mutation: Mutation | fields: cancelReservations, createReservations, login, requestOtp, storeOrder
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2026-01-02 01:58
  
  99.6 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.infra.advizeo.app
Port: 443
URL: https://api.infra.advizeo.app

First seen 2025-11-06 16:07
Last seen 2026-01-02 01:49
Open for 56 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-02 01:49

123.0 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: staging.api.strada.nu
Port: 443
URL: https://staging.api.strada.nu

First seen 2025-11-21 04:28
Last seen 2026-01-02 01:24
Open for 41 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa331f0e287af7a813542c04a54539d7c9dd627a449
```
GraphQL introspection enabled at /graphql
Types: 76 (by kind: ENUM: 9, INPUT_OBJECT: 7, INTERFACE: 1, OBJECT: 51, SCALAR: 8)
Operations:
- Query: RootQueryType | fields: activityLogs, companies, company, damage, damages
- Mutation: RootMutationType | fields: createCompany, createDamage, createFeedback, createFeedbackMeasure, createFeedbackPicture
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 01:24
  
  93.6 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.themotorhomeinsurer.co.uk
Port: 443
URL: https://cms.themotorhomeinsurer.co.uk

First seen 2025-10-31 00:49
Last seen 2026-01-02 01:18
Open for 63 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3455e9b1d125dcb7fcdf31a8294331d899f81ff5d
```
GraphQL introspection enabled at /graphql
Types: 496 (by kind: ENUM: 29, INPUT_OBJECT: 141, OBJECT: 298, SCALAR: 19, UNION: 9)
Operations:
- Query: Query | fields: article, articles, articlesConnection, author, authors
- Mutation: Mutation | fields: createArticle, createAuthor, deleteArticle, updateArticle, updateAuthor
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-02 01:18
  
  465.3 kBytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.matchinvest.fr
Port: 443
URL: https://www.matchinvest.fr

First seen 2025-06-15 00:15
Last seen 2026-01-02 00:45
Open for 201 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf17642babc5aa190219d0090219d0090219d00
```
Found 2 files trough .DS_Store spidering:

/fonts
/webfonts
```
  Found on 2026-01-02 00:45
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.twentehuis.nl
Port: 443
URL: https://www.twentehuis.nl

First seen 2025-11-11 00:46
Last seen 2026-01-02 00:19
Open for 51 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-02 00:19
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e350b1f5f99ffa0b662d9e5b7c2784d9b7db7270c8d2
```
GraphQL introspection enabled at /api
Types: 195 (by kind: ENUM: 4, INPUT_OBJECT: 6, INTERFACE: 11, OBJECT: 135, SCALAR: 9, UNION: 30)
Operations:
- Query: Query | fields: bannersEntries, entries, entry, entryCount, ping
- Mutation: Mutation | fields: ping
Directives: deprecated, formatDateTime, include, markdown, money, parseRefs, skip, stripTags, transform, trim (total: 12)
```
  Found on 2025-11-30 15:02
  
  7.5 MBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: lager.tdp-portal.de
Port: 443
URL: https://lager.tdp-portal.de

First seen 2025-11-14 01:23
Last seen 2026-01-01 22:35
Open for 48 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-01 22:35

123.0 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.arion-hst.com
Port: 443
URL: https://api.arion-hst.com

First seen 2025-11-24 00:16
Last seen 2026-01-01 22:34
Open for 38 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3d9d0232be1f893699e67dd8d3ed9cd6548d97ed1
```
GraphQL introspection enabled at /graphql
Types: 249 (by kind: ENUM: 13, INPUT_OBJECT: 59, OBJECT: 165, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: client, clients, clientsConnection, product, products
- Mutation: Mutation | fields: createClient, createProduct, deleteClient, updateClient, updateProduct
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-01 22:34
  
  220.6 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: iwmzverbrauch.ewe.de
Port: 443
URL: https://iwmzverbrauch.ewe.de

First seen 2025-11-23 01:21
Last seen 2026-01-01 22:14
Open for 39 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3d7bee2cef48b2c3e92cf319b6fb05f636abfb38b

GraphQL introspection enabled at /graphql
Types: 110 (by kind: ENUM: 23, INPUT_OBJECT: 14, INTERFACE: 1, OBJECT: 56, SCALAR: 8, UNION: 8)
Operations:
- Query: Query | fields: accountGroup, accountGroups, realEstate, reportDocument, reports
- Mutation: Mutation | fields: assignEnergyProcessorSlot, assignUtilizationSpaces, createConsumption, createUtilizationSpace, generateReportDocument
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-01 22:14

123.0 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: docs.incentivehouse.com.pt
Port: 80
URL: http://docs.incentivehouse.com.pt

First seen 2025-11-18 00:18
Last seen 2026-01-01 21:56
Open for 44 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31ac6de87e8a5d535f7f8046b56dfed4c602b84ec

GraphQL introspection enabled at /graphql
Types: 133 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 106, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-01 21:56

186.4 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.vandenhoven.nl
Port: 443
URL: https://www.vandenhoven.nl

First seen 2025-10-21 00:20
Last seen 2026-01-01 21:56
Open for 72 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e35084e0e35084e0e35084e0e35084e0e35084e0e350
```
GraphQL introspection enabled at /api
```
  Found on 2026-01-01 21:56
- Severity: medium
  Fingerprint: c2db3a1c40d490db84e0e350b1f5f99ffa0b662d9e5b7c2784d9b7db7270c8d2
```
GraphQL introspection enabled at /api
Types: 195 (by kind: ENUM: 4, INPUT_OBJECT: 6, INTERFACE: 11, OBJECT: 135, SCALAR: 9, UNION: 30)
Operations:
- Query: Query | fields: bannersEntries, entries, entry, entryCount, ping
- Mutation: Mutation | fields: ping
Directives: deprecated, formatDateTime, include, markdown, money, parseRefs, skip, stripTags, transform, trim (total: 12)
```
  Found on 2025-11-30 15:04
  
  7.5 MBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: back.aishka.pro
Port: 80
URL: http://back.aishka.pro

First seen 2025-10-29 00:49
Last seen 2026-01-01 21:19
Open for 64 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a150b216521241c6a483be140a7a79b3d8712bc7

GraphQL introspection enabled at /graphql
Types: 120 (by kind: ENUM: 10, INPUT_OBJECT: 9, OBJECT: 91, SCALAR: 7, UNION: 3)
Operations:
- Query: Query | fields: getChatsWithUnreadMessages, getClientWithMessages, getClientsByConnectedMsgrId, getMessengerCleients, getMessengerClientFull
- Mutation: Mutation | fields: clientNameUpdate, clientPhoneUpdate, markClientMessagesAsRead, onClientDelete, setClientBlockedParams
- Subscription: Subscription | fields: chatMessagesUpdated, clientVariablesUpdated, clientsUpdated, sendUpdatedClientToFront, unreadClients
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-01 21:19

272.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3943efb8816860eacf9d0339234db10190d46a335

GraphQL introspection enabled at /graphql
Types: 118 (by kind: ENUM: 10, INPUT_OBJECT: 9, OBJECT: 89, SCALAR: 7, UNION: 3)
Operations:
- Query: Query | fields: getChatsWithUnreadMessages, getClientWithMessages, getClientsByConnectedMsgrId, getMessengerCleients, getMessengerClientFull
- Mutation: Mutation | fields: clientNameUpdate, clientPhoneUpdate, markClientMessagesAsRead, onClientDelete, setClientBlockedParams
- Subscription: Subscription | fields: chatMessagesUpdated, clientVariablesUpdated, clientsUpdated, sendUpdatedClientToFront, unreadClients
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-16 04:24

268.6 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www-api.denovo.at
Port: 443
URL: https://www-api.denovo.at

First seen 2025-11-13 03:23
Last seen 2026-01-01 19:34
Open for 49 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3cabed0e33088b5213a6cb734ea8e7e6c740cece6
```
GraphQL introspection enabled at /graphql
Types: 22 (by kind: ENUM: 6, OBJECT: 13, SCALAR: 3)
Operations:
- Query: Query | fields: dummyEnumQuery, jobs
- Mutation: Mutation | fields: requestDocument, submitForm
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2026-01-01 19:34
  
  26.2 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cogent-backend.bytecode.hr
Port: 80
URL: http://cogent-backend.bytecode.hr

First seen 2025-11-11 03:46
Last seen 2026-01-01 19:34
Open for 51 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31964cb43a76f96c1c5742fdbec7f3eb03ac8f3e0
```
GraphQL introspection enabled at /graphql
Types: 79 (by kind: ENUM: 3, INPUT_OBJECT: 27, OBJECT: 41, SCALAR: 8)
Operations:
- Query: Query | fields: block, blocks, blocksSearch, card, cards
- Mutation: Mutation | fields: changePositionBlock, changePositionCard, createBlock, createCard, createCog
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2026-01-01 19:34
  
  79.9 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api-staging.booqed.com
Port: 80
URL: http://api-staging.booqed.com

First seen 2025-11-02 00:28
Last seen 2026-01-01 01:23
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37b462d1f5b194cadd80b95d9f37c34ea42691368

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 15, INPUT_OBJECT: 45, OBJECT: 66, SCALAR: 8)
Operations:
- Query: Query | fields: checkUserBookingsDurationLimit, getAvailableTimeOptions, getNowTimeOption, getUpcomingUserBookings, isUserAbleToBook
- Mutation: Mutation | fields: cancelBookingByBuildingManager, cancelPayMePaymentRequest, changeTimeOptionsAvailability, createPayMePaymentRequest, notifyPayMeRequestStatus
- Subscription: Subscription | fields: subscribeToAdminLogs, subscribeToAvailableTimeOptions, subscribeToPayMeRequestStatus, subscribeToSpaceById, subscribeToSpacesForBuildingGuest
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-01-01 01:23

163.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37c432f23a1b1bbe11bc48405c8b63e6e52035374

GraphQL introspection enabled at /graphql
Types: 131 (by kind: ENUM: 15, INPUT_OBJECT: 44, OBJECT: 64, SCALAR: 8)
Operations:
- Query: Query | fields: checkUserBookingsDurationLimit, getAvailableTimeOptions, getNowTimeOption, getUpcomingUserBookings, isUserAbleToBook
- Mutation: Mutation | fields: cancelBookingByBuildingManager, cancelPayMePaymentRequest, changeTimeOptionsAvailability, createPayMePaymentRequest, notifyPayMeRequestStatus
- Subscription: Subscription | fields: subscribeToAdminLogs, subscribeToAvailableTimeOptions, subscribeToPayMeRequestStatus, subscribeToSpaceById, subscribeToSpacesForBuildingGuest
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2025-11-14 08:28

156.1 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: graphql.omgevingsalert.nl
Port: 443
URL: https://graphql.omgevingsalert.nl

First seen 2025-11-01 06:48
Last seen 2026-01-01 00:23
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31c0c154a5577aa7afe53ea88f3931110284a8600

GraphQL introspection enabled at /graphql
Types: 198 (by kind: ENUM: 29, INPUT_OBJECT: 61, INTERFACE: 1, OBJECT: 96, SCALAR: 10, UNION: 1)
Operations:
- Query: Query | fields: accountFeatureSummaryRequestCount, appEvents, appMessage, appMessageCounts, appMessages
- Mutation: Mutation | fields: bulkFeatureAssetState, changePassword, createAccountFeatureSummary, createAndroidSubscription, createAppEvent
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-01-01 00:23

190.1 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.laboratoire-analyse.com
Port: 443
URL: https://www.laboratoire-analyse.com

First seen 2025-11-01 06:47
Last seen 2026-01-01 00:12
Open for 60 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa36b59a51ebcb9400eca788ed0ffd9600ac4996faa
```
GraphQL introspection enabled at /graphql
Types: 19 (by kind: ENUM: 2, OBJECT: 12, SCALAR: 5)
Operations:
- Query: Query | fields: laboratories, laboratoriesAround, laboratory
- Mutation: Mutation | fields: testField
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-01 00:12
  
  25.2 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: dev-api.pircel.com
Port: 443
URL: https://dev-api.pircel.com

First seen 2025-10-31 00:30
Last seen 2025-12-30 14:34
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa357376a4644aa11b6d414c4454b169ff938a60725

GraphQL introspection enabled at /graphql
Types: 213 (by kind: ENUM: 31, INPUT_OBJECT: 30, OBJECT: 144, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-30 14:34

255.8 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3c1b81349d28babeb46374f16cccbba2a835addb6

GraphQL introspection enabled at /graphql
Types: 209 (by kind: ENUM: 30, INPUT_OBJECT: 30, OBJECT: 141, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-28 04:14

252.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e235dfed9c60715ba01e1bd51b026a30e7b5f2b0bf

GraphQL introspection enabled at /graphql/api
Types: 209 (by kind: ENUM: 30, INPUT_OBJECT: 30, OBJECT: 141, SCALAR: 8)
Operations:
- Query: Query | fields: analytics, cities, deliveryCompanies, eshop, eshopBranding
- Mutation: Mutation | fields: addShipment, cancelVoucher, connectStore, createPickupList, createVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-22 04:31

252.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d69259381946d9fc7b5c6ff30fe2f2921961515785

GraphQL introspection enabled at /api/graphql
Types: 120 (by kind: ENUM: 25, INPUT_OBJECT: 18, OBJECT: 69, SCALAR: 8)
Operations:
- Query: Query | fields: deliveryCompanies, eshop, eshopBranding, trackShipment, trackVoucher
- Mutation: Mutation | fields: addShipment, cancelVoucher, createPickupList, createVoucher, printVoucher
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-10 06:49

133.7 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.touchandtell.com
Port: 443
URL: https://api.touchandtell.com

First seen 2025-12-12 00:37
Last seen 2025-12-30 12:44
Open for 18 days
- Severity: medium
  Fingerprint: c2db3a1c40d490dbf8cbe7e2f46ebe74426f3c78a17f4be5ca5b249d0e0148cd
```
GraphQL introspection enabled at /graphql/api
Types: 279 (by kind: ENUM: 2, INPUT_OBJECT: 101, INTERFACE: 1, OBJECT: 170, SCALAR: 5)
Operations:
- Query: Query | fields: adminSurveys, node, survey, surveys, viewer
- Mutation: Mutation | fields: createReport, createWidget, deleteWidget, populateReport, updateWidget
Directives: deprecated, include, skip (total: 3)
```
  Found on 2025-12-30 12:44
  
  265.3 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: odyssey-api.portagent.eu
Port: 443
URL: https://odyssey-api.portagent.eu

First seen 2025-11-11 01:16
Last seen 2025-12-30 12:03
Open for 49 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3638a6328dec0c50ca7ca07d2e0644adb841d3773

GraphQL introspection enabled at /graphql
Types: 528 (by kind: ENUM: 41, INPUT_OBJECT: 127, INTERFACE: 1, OBJECT: 348, SCALAR: 10, UNION: 1)
Operations:
- Query: ApplicationQuery | fields: apiLogList, attachmentQuery, calendarQuery, contactList, contactShow
- Mutation: ApplicationCommand | fields: infoAcceptInvitation, infoAcceptWorkspaceInvitation, infoAddContact, infoAddContactLink, infoAddContainer
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-30 12:03

743.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3740aae24131ee5a803431c3c58ab26654581a731

GraphQL introspection enabled at /graphql
Types: 522 (by kind: ENUM: 41, INPUT_OBJECT: 127, INTERFACE: 1, OBJECT: 342, SCALAR: 10, UNION: 1)
Operations:
- Query: ApplicationQuery | fields: apiLogList, attachmentQuery, contactList, contactShow, containerShow
- Mutation: ApplicationCommand | fields: infoAcceptInvitation, infoAcceptWorkspaceInvitation, infoAddContact, infoAddContactLink, infoAddContainer
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-23 12:28

737.0 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
Found on 2025-11-11 01:16

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.otohub.org
Port: 80
URL: http://www.otohub.org

First seen 2025-10-29 00:08
Last seen 2025-12-28 00:50
Open for 60 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6dbf5541867ffa4fc6f370d9fef58c67b9cd8bc53

GraphQL introspection enabled at /api/graphql
Types: 73 (by kind: ENUM: 18, INPUT_OBJECT: 15, INTERFACE: 1, OBJECT: 30, SCALAR: 9)
Operations:
- Query: Query | fields: airportByCityId, cities, cityByName, countries, user
- Mutation: Mutation | fields: deleteUser, deleteUsers, resetUserPassword, resetUserPasswordByEmail, saveUser
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-28 00:50

103.4 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d65a8c05ce81848d3e3cea46013458f7a154867c4e

GraphQL introspection enabled at /api/graphql
Types: 64 (by kind: ENUM: 15, INPUT_OBJECT: 12, INTERFACE: 1, OBJECT: 28, SCALAR: 8)
Operations:
- Query: Query | fields: airportByCityId, cities, cityByName, countries, user
- Mutation: Mutation | fields: deleteUser, deleteUsers, resetUserPassword, resetUserPasswordByEmail, saveUser
- Subscription: Subscription | fields: paymentResult
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-23 01:16

87.2 kBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: frontapp.stage.rdey.se
Port: 443
URL: https://frontapp.stage.rdey.se

First seen 2025-12-05 17:28
Last seen 2025-12-26 12:30
Open for 20 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d62337d3d62337d3d62337d3d62337d3d62337d3d6
```
GraphQL introspection enabled at /api/graphql
```
  Found on 2025-12-26 12:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.rustyrobot.io
Port: 443
URL: https://api.rustyrobot.io

First seen 2025-11-13 03:23
Last seen 2025-12-22 22:18
Open for 39 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035491d8cac26ca7108b749bfe5923a730d3213e4010c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Auth/nonce
GET /Auth/userInfo
GET /RustyNfts
GET /RustyNfts/ofOwner/{walletAddress}
GET /RustyNfts/{id}
GET /UserProfile
GET /WorldMap
POST /Auth/connect
POST /Auth/refresh
```
  Found on 2025-12-22 22:18
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.yuppify.xyz
Port: 80
URL: http://api.yuppify.xyz

First seen 2025-10-18 00:57
Last seen 2025-12-20 15:47
Open for 63 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa37e4a5ed07ace241401531572609402410c0370c5
```
GraphQL introspection enabled at /graphql
Types: 49 (by kind: ENUM: 9, INPUT_OBJECT: 16, OBJECT: 18, SCALAR: 6)
Operations:
- Query: Query | fields: auth, chains, myPosts, post, user
- Mutation: Mutation | fields: follow, login, logout, register, unfollow
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Readable stores: 0
```
  Found on 2025-12-20 15:47
  
  55.5 kBytes
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.sagliktan.com
Port: 80
URL: http://api.sagliktan.com

First seen 2025-11-28 01:18
Last seen 2025-12-16 17:19
Open for 18 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8b978a710aa1045f3f26fa1d1077277d43a2e034

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /ChatReactions/cancelDislikeChat
DELETE /ChatReactions/cancelLikeChat
DELETE /CommentReactions/cancelDislikeComment
DELETE /CommentReactions/cancelLikeComment
DELETE /announcement/deleteAnnouncement
DELETE /chats/deleteChat
DELETE /comments/deleteComment
DELETE /contactInfor/deleteContact
DELETE /disease/deleteDisease
DELETE /post/deletePost
DELETE /postReaction/cancelDislikePost
DELETE /postReaction/cancelLikePost
DELETE /specialization/deleteSpecialization
DELETE /workAddress/deleteWorkAddress
GET /ChatReactions/dislikedPeople
GET /ChatReactions/likedPeople
GET /CommentReactions/dislikedPeople
GET /CommentReactions/likedPeople
GET /announcement/getAnnouncement
GET /announcement/getAnnouncements
GET /chats/getAllChat
GET /chats/getChatWithID
GET /chats/getChats
GET /chats/getChatsWithFiltre
GET /comments/getComment
GET /comments/getCommentWithID
GET /contactInfor/getAllContact
GET /contactInfor/getContact
GET /disease/getDisease
GET /disease/getDiseaseNames
GET /disease/getDiseases
GET /doctor/doctor
GET /doctor/doctors
GET /post/getAllPost
GET /post/getPostWithId
GET /post/getPostsWithFiltre
GET /post/getUserPosts
GET /postReaction/getDislikedPostPeope
GET /postReaction/getLikedPostPeope
GET /publicUser/publicUser
GET /publicUser/publicUsers
GET /specialization/getSpecialization
GET /specialization/getSpecializations
GET /user/getUser
GET /user/loggedUser
GET /user/users
GET /workAddress/getWorkAddreses
GET /workAddress/getWorkAddress
POST /ChatReactions/LikeChat
POST /ChatReactions/dislikeChat
POST /CommentReactions/DislikedComment
POST /CommentReactions/LikeComment
POST /announcement/addAnnouncement
POST /chats/addChat
POST /comments/addComment
POST /contactInfor/addContactInfor
POST /disease/addDisease
POST /logUser/loginUser
POST /logUser/refreshToken
POST /logUser/signupUser
POST /post/addPost
POST /postReaction/dislikePost
POST /postReaction/likePost
POST /sagliktaAI/ask
POST /specialization/addSpecialization
POST /workAddress/addWorkAddress
PUT /contactInfor/updateContactInfor
PUT /disease/updateDisease
PUT /specialization/updateSpecialization
PUT /workAddress/updateWorkAddress

Found on 2025-12-16 17:19

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8b978a710aa1045f3f26fa1d1077277d8ad8e2a3

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /ChatReactions/cancelDislikeChat
DELETE /ChatReactions/cancelLikeChat
DELETE /CommentReactions/cancelDislikeComment
DELETE /CommentReactions/cancelLikeComment
DELETE /announcement/deleteAnnouncement
DELETE /chats/deleteChat
DELETE /comments/deleteComment
DELETE /contactInfor/deleteContact
DELETE /disease/deleteDisease
DELETE /specialization/deleteSpecialization
DELETE /workAddress/deleteWorkAddress
GET /ChatReactions/dislikedPeople
GET /ChatReactions/likedPeople
GET /CommentReactions/dislikedPeople
GET /CommentReactions/likedPeople
GET /announcement/getAnnouncement
GET /announcement/getAnnouncements
GET /chats/getAllChat
GET /chats/getChatWithID
GET /chats/getChats
GET /chats/getChatsWithFiltre
GET /comments/getComment
GET /comments/getCommentWithID
GET /contactInfor/getAllContact
GET /contactInfor/getContact
GET /disease/getDisease
GET /disease/getDiseaseNames
GET /disease/getDiseases
GET /doctor/doctor
GET /doctor/doctors
GET /publicUser/publicUser
GET /publicUser/publicUsers
GET /specialization/getSpecialization
GET /specialization/getSpecializations
GET /user/getUser
GET /user/loggedUser
GET /user/users
GET /workAddress/getWorkAddreses
GET /workAddress/getWorkAddress
POST /ChatReactions/LikeChat
POST /ChatReactions/dislikeChat
POST /CommentReactions/DislikedComment
POST /CommentReactions/LikeComment
POST /announcement/addAnnouncement
POST /chats/addChat
POST /comments/addComment
POST /contactInfor/addContactInfor
POST /disease/addDisease
POST /logUser/loginUser
POST /logUser/signupUser
POST /sagliktaAI/ask
POST /specialization/addSpecialization
POST /workAddress/addWorkAddress
PUT /contactInfor/updateContactInfor
PUT /disease/updateDisease
PUT /specialization/updateSpecialization
PUT /workAddress/updateWorkAddress

Found on 2025-12-05 15:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: www.bringi.co.il
Port: 80
URL: http://www.bringi.co.il

First seen 2025-10-17 06:42
Last seen 2025-12-01 08:15
Open for 45 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b6e6325ab415c4e9759d01287337bf98da89ccd8e

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/users/{userId}
GET /api/buyer-tasks
GET /api/buyer-tasks/{buyerTaskId}
GET /api/extension/config
GET /api/maps/autocomplete
GET /api/orders
GET /api/orders/track/{orderId}
GET /api/orders/{orderId}
GET /api/product/admin/ineligible
GET /api/product/{productId}/is-eligible
GET /api/shipments
GET /api/shipments/{shipmentId}
GET /api/users
GET /api/users/me
PATCH /api/buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /api/users/{userId}/activate
PATCH /api/users/{userId}/deactivate
PATCH /api/users/{userId}/name
PATCH /api/users/{userId}/phone
POST /api/buyer-tasks/{buyerTaskId}/complete-picking
POST /api/buyer-tasks/{buyerTaskId}/generate-qr
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /api/buyer-tasks/{buyerTaskId}/receipt
POST /api/extension/error
POST /api/login
POST /api/logs
POST /api/orders/checkout
POST /api/orders/checkout/additional-cost
POST /api/orders/track
POST /api/orders/webhook/payment
POST /api/otp/send
POST /api/shipments/handover/{buyerTaskId}/complete
POST /api/shipments/handover/{buyerTaskId}/confirm-item/{packageSerialNumber}
POST /api/shipments/{shipmentId}/claim/{courierId}
POST /api/shipments/{shipmentId}/mark-delivered
POST /api/shipments/{shipmentId}/mark-shipped
POST /api/shipments/{shipmentId}/proof-of-delivery
POST /api/shipments/{shipmentId}/release/{courierId}
POST /api/users/createAdmin
POST /api/users/login-as/{targetUserId}
PUT /api/buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /api/buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /api/login/invalidateToken
PUT /api/product/{productId}/clear-from-cache
PUT /api/product/{productId}/disable-always
PUT /api/product/{productId}/enable-always

Found on 2025-12-01 08:15

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b6e6325ab415c4e9759d01287a36282bb6e851abd

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/users/{userId}
GET /api/buyer-tasks
GET /api/buyer-tasks/{buyerTaskId}
GET /api/maps/autocomplete
GET /api/orders
GET /api/orders/track/{orderId}
GET /api/orders/{orderId}
GET /api/product/{productId}/is-eligible
GET /api/shipments
GET /api/shipments/{shipmentId}
GET /api/users
GET /api/users/me
PATCH /api/buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /api/users/{userId}/activate
PATCH /api/users/{userId}/deactivate
PATCH /api/users/{userId}/name
PATCH /api/users/{userId}/phone
POST /api/buyer-tasks/{buyerTaskId}/complete-picking
POST /api/buyer-tasks/{buyerTaskId}/generate-qr
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /api/buyer-tasks/{buyerTaskId}/receipt
POST /api/login
POST /api/logs
POST /api/orders/checkout
POST /api/orders/checkout/additional-cost
POST /api/orders/track
POST /api/orders/webhook/payment
POST /api/otp/send
POST /api/shipments/handover/{buyerTaskId}/complete
POST /api/shipments/handover/{buyerTaskId}/confirm-item/{packageSerialNumber}
POST /api/shipments/{shipmentId}/claim/{courierId}
POST /api/shipments/{shipmentId}/mark-delivered
POST /api/shipments/{shipmentId}/mark-shipped
POST /api/shipments/{shipmentId}/proof-of-delivery
POST /api/shipments/{shipmentId}/release/{courierId}
POST /api/users/createAdmin
POST /api/users/login-as/{targetUserId}
PUT /api/buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /api/buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /api/login/invalidateToken
PUT /api/product/{productId}/clear-from-cache

Found on 2025-11-26 17:00

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b6e6325ab415c4e9759d01287a36282bb1611b1af

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/users/{userId}
GET /api/buyer-tasks
GET /api/buyer-tasks/{buyerTaskId}
GET /api/maps/autocomplete
GET /api/orders
GET /api/orders/track/{orderId}
GET /api/orders/{orderId}
GET /api/product/{productId}/is-eligible
GET /api/shipments
GET /api/shipments/{shipmentId}
GET /api/users
GET /api/users/me
PATCH /api/buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /api/users/{userId}/activate
PATCH /api/users/{userId}/deactivate
PATCH /api/users/{userId}/name
PATCH /api/users/{userId}/phone
POST /api/buyer-tasks/{buyerTaskId}/complete-picking
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /api/buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /api/buyer-tasks/{buyerTaskId}/receipt
POST /api/login
POST /api/logs
POST /api/orders/checkout
POST /api/orders/checkout/additional-cost
POST /api/orders/track
POST /api/orders/webhook/payment
POST /api/otp/send
POST /api/shipments/{shipmentId}/claim/{courierId}
POST /api/shipments/{shipmentId}/mark-delivered
POST /api/shipments/{shipmentId}/mark-shipped
POST /api/shipments/{shipmentId}/release/{courierId}
POST /api/users/createAdmin
POST /api/users/login-as/{targetUserId}
PUT /api/buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /api/buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /api/login/invalidateToken
PUT /api/product/{productId}/clear-from-cache

Found on 2025-11-22 19:46

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bbe11cdbceed46ffdcedec8f079c1dc0186117636

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /product/{productId}/is-eligible
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /buyer-tasks/{buyerTaskId}/receipt
POST /login
POST /logs
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /otp/send
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /users/login-as/{targetUserId}
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken
PUT /product/{productId}/clear-from-cache

Found on 2025-11-16 16:00

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bbe11cdbceed46ffdcedec8f079c1dc01784fce94

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /product/{productId}/is-eligible
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /buyer-tasks/{buyerTaskId}/receipt
POST /login
POST /logs
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /otp/send
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /users/login-as/{targetUserId}
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-11-14 19:37

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bbe11cdbc40f7b61103e99408d361fd859af5aedc

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /users/{userId}
GET /auth/sso/{provider}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /product/{productId}/is-eligible
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /auth/sso/callback
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /buyer-tasks/{buyerTaskId}/receipt
POST /login
POST /logs
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /otp/send
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /users/login-as/{targetUserId}
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-11-12 14:35

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bbe11cdbceed46ffdcedec8f079c1dc018c80e098

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /product/{productId}/is-eligible
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /login
POST /logs
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /otp/send
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /users/login-as/{targetUserId}
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-11-10 19:24

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bbe11cdbceed46ffdcedec8f079c1dc011442cf68

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /product/{productId}/is-eligible
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /login
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /otp/send
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /users/login-as/{targetUserId}
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-11-05 13:43

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e59997b626305d309b60ec70aad7d57b9e363c0a2c

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /buyer-tasks/{buyerTaskId}/calculateFulfilledItemsCost
GET /maps/autocomplete
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /login
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /v1/otp/send
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-11-03 13:49

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e59997b626305d309b60ec70aad7d57b9eee11c56b

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /buyer-tasks/{buyerTaskId}/calculateFulfilledItemsCost
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-location
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /login
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /v1/otp/send
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-10-29 08:13

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e59997b626305d309b60ec70aad7d57b9ebdfc3a83

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /users/{userId}
GET /buyer-tasks
GET /buyer-tasks/{buyerTaskId}
GET /buyer-tasks/{buyerTaskId}/calculateFulfilledItemsCost
GET /orders
GET /orders/track/{orderId}
GET /orders/{orderId}
GET /shipments
GET /shipments/{shipmentId}
GET /users
GET /users/me
PATCH /buyer-tasks/{buyerTaskId}/items/{productId}/update-picked
PATCH /users/{userId}/activate
PATCH /users/{userId}/deactivate
PATCH /users/{userId}/name
PATCH /users/{userId}/phone
POST /buyer-tasks/{buyerTaskId}/complete-picking
POST /buyer-tasks/{buyerTaskId}/items/{productId}/flag-wrong-price
POST /login
POST /orders/checkout
POST /orders/checkout/additional-cost
POST /orders/track
POST /orders/webhook/payment
POST /shipments/{shipmentId}/claim/{courierId}
POST /shipments/{shipmentId}/mark-delivered
POST /shipments/{shipmentId}/mark-shipped
POST /shipments/{shipmentId}/release/{courierId}
POST /v1/otp/send
PUT /buyer-tasks/{buyerTaskId}/claim/{buyerId}
PUT /buyer-tasks/{buyerTaskId}/release/{buyerId}
PUT /login/invalidateToken

Found on 2025-10-21 03:14

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.dev.carcollect.com
Port: 80
URL: http://cms.dev.carcollect.com

First seen 2025-10-21 09:19
Last seen 2025-12-01 05:11
Open for 40 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6191b7d2f898e4a7d1b0046e5f98d0080c0a44270

GraphQL introspection enabled at /api/graphql
Types: 2318 (by kind: ENUM: 89, INPUT_OBJECT: 643, OBJECT: 1571, SCALAR: 8, UNION: 7)
Operations:
- Query: Query | fields: GlobalNewsitem, GlobalNewsitems, countGlobalNewsitems, docAccessGlobalNewsitem, versionGlobalNewsitem
- Mutation: Mutation | fields: createGlobalNewsitem, createLocalNewsitem, deleteGlobalNewsitem, restoreVersionGlobalNewsitem, updateGlobalNewsitem
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-01 05:11

1.9 MBytes

Create report

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: kunstgavekortet-shop.dealmonster.no
Port: 443
URL: https://kunstgavekortet-shop.dealmonster.no

First seen 2025-11-19 00:12
Last seen 2025-11-30 15:06
Open for 11 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3b2edc1a442286c2834ab5efe3512bc604a094378
```
GraphQL introspection enabled at /graphql
Types: 99 (by kind: ENUM: 16, INPUT_OBJECT: 30, OBJECT: 43, SCALAR: 10)
Operations:
- Query: Query | fields: client, clientsAdmin, clientsPlatformAdmin, dinteroClientContractReminder, pizzaPastaClientsAdmin
- Mutation: Mutation | fields: cleateInvoices, createComplimentaryOrder, createGiftcard, createPlatform, updateOrDuplicateGiftcard
Directives: deprecated, include, skip (total: 3)
```
  Found on 2025-11-30 15:06
  
  179.6 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: atami.dealmonster.no
Port: 443
URL: https://atami.dealmonster.no

First seen 2025-10-29 01:19
Last seen 2025-11-29 12:13
Open for 31 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3b2edc1a442286c2834ab5efe3512bc604a094378
```
GraphQL introspection enabled at /graphql
Types: 99 (by kind: ENUM: 16, INPUT_OBJECT: 30, OBJECT: 43, SCALAR: 10)
Operations:
- Query: Query | fields: client, clientsAdmin, clientsPlatformAdmin, dinteroClientContractReminder, pizzaPastaClientsAdmin
- Mutation: Mutation | fields: cleateInvoices, createComplimentaryOrder, createGiftcard, createPlatform, updateOrDuplicateGiftcard
Directives: deprecated, include, skip (total: 3)
```
  Found on 2025-11-29 12:13
  
  179.6 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-02 15:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: backend.havala.io
Port: 80
URL: http://backend.havala.io

First seen 2025-11-16 01:14
Last seen 2025-11-28 12:57
Open for 12 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2025-11-28 12:57
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.rainmakingdigital.com
Port: 443
URL: https://www.rainmakingdigital.com

First seen 2025-06-27 09:35
Last seen 2025-11-23 16:31
Open for 149 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9de4b76ee4e4b76ee4e4b76ee4e4b76ee4
```
Found 1 files trough .DS_Store spidering:

/topics
```
  Found on 2025-11-23 16:31
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.rainmakingdigital.nl
Port: 443
URL: https://www.rainmakingdigital.nl

First seen 2025-09-10 02:10
Last seen 2025-11-22 09:19
Open for 73 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9de4b76ee4e4b76ee4e4b76ee4e4b76ee4
```
Found 1 files trough .DS_Store spidering:

/topics
```
  Found on 2025-11-22 09:19
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: www.api.tayloredhire.co.uk
Port: 80
URL: http://www.api.tayloredhire.co.uk

First seen 2025-11-13 01:13
Last seen 2025-11-16 23:11
Open for 3 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db2337d3d68e065e60eab072e4ceba0e1179f923f7233b6faf
```
GraphQL introspection enabled at /api/graphql
Types: 138 (by kind: ENUM: 10, INPUT_OBJECT: 86, OBJECT: 31, SCALAR: 9, UNION: 2)
Operations:
- Query: Query | fields: role, roles, user, users, usersCount
- Mutation: Mutation | fields: createUser, createUsers, deleteUser, updateUser, updateUsers
Directives: deprecated, include, skip, specifiedBy (total: 4)

Readable stores: 0
```
  Found on 2025-11-16 23:11
  
  177.4 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: test.api.conversationdesigninstitute.com
Port: 443
URL: https://test.api.conversationdesigninstitute.com

First seen 2025-11-15 02:00
Last seen 2025-11-16 23:02
Open for 1 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35763c9dd5c88d3bf0473ffa253a6a380fcb46fd2
```
GraphQL introspection enabled at /graphql
Types: 429 (by kind: ENUM: 6, INPUT_OBJECT: 76, OBJECT: 335, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: certificate, certificates, certificatesConnection, companies, company
- Mutation: Mutation | fields: createCertificate, createCompany, deleteCertificate, updateCertificate, updateCompany
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2025-11-16 23:02
  
  393.6 kBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.conversationdesigninstitute.com
Port: 80
URL: http://api.conversationdesigninstitute.com

First seen 2025-11-15 00:31
Last seen 2025-11-16 21:22
Open for 1 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa35763c9dd5c88d3bf0473ffa253a6a380fcb46fd2
```
GraphQL introspection enabled at /graphql
Types: 429 (by kind: ENUM: 6, INPUT_OBJECT: 76, OBJECT: 335, SCALAR: 11, UNION: 1)
Operations:
- Query: Query | fields: certificate, certificates, certificatesConnection, companies, company
- Mutation: Mutation | fields: createCertificate, createCompany, deleteCertificate, updateCertificate, updateCompany
Directives: deprecated, include, skip, specifiedBy (total: 4)
```
  Found on 2025-11-16 21:22
  
  393.6 kBytes
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: cms.dev.carcollect.com
Port: 443
URL: https://cms.dev.carcollect.com

First seen 2025-10-21 09:19
Last seen 2025-11-16 05:37
Open for 25 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6191b7d2f898e4a7d1b0046e5f98d0080c0a44270

GraphQL introspection enabled at /api/graphql
Types: 2318 (by kind: ENUM: 89, INPUT_OBJECT: 643, OBJECT: 1571, SCALAR: 8, UNION: 7)
Operations:
- Query: Query | fields: GlobalNewsitem, GlobalNewsitems, countGlobalNewsitems, docAccessGlobalNewsitem, versionGlobalNewsitem
- Mutation: Mutation | fields: createGlobalNewsitem, createLocalNewsitem, deleteGlobalNewsitem, restoreVersionGlobalNewsitem, updateGlobalNewsitem
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-11-16 05:37

1.9 MBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev-instant-quote.orderfox.com
Port: 443
URL: https://dev-instant-quote.orderfox.com

First seen 2025-11-14 00:23
Last seen 2025-11-14 00:23
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-14 00:23
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.185.157
Domain: api.e2wallet.com
Port: 443
URL: https://api.e2wallet.com

First seen 2025-10-16 07:14
Last seen 2025-10-20 12:13
Open for 4 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa373716b1aec732e8a7af9da3d276dc652baa68387
```
GraphQL introspection enabled at /graphql
Types: 50 (by kind: INPUT_OBJECT: 9, OBJECT: 20, SCALAR: 21)
Operations:
- Query: Query | fields: access_key, access_keys, access_keys_count, transaction, xpub
- Mutation: Mutation | fields: access_key, access_key_revoke, transaction, xpub, xpub_metadata
Directives: defer, deprecated, include, skip, specifiedBy (total: 5)
```
  Found on 2025-10-20 12:13
  
  58.0 kBytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.e2wallet.com
Port: 443
URL: https://api.e2wallet.com

First seen 2025-10-15 00:35
Last seen 2025-10-20 12:13
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-10-20 12:13
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.thetraverse.co
Port: 80
URL: http://api.thetraverse.co

First seen 2025-10-15 20:03
Last seen 2025-10-20 08:46
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-10-20 08:46
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: api.thetraverse.co
Port: 443
URL: https://api.thetraverse.co

First seen 2025-10-15 20:03
Last seen 2025-10-19 11:01
Open for 3 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-10-19 11:01
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: www.dashboard.volunteer-heilbronn.de
Port: 443
URL: https://www.dashboard.volunteer-heilbronn.de

First seen 2025-05-30 00:19
Last seen 2025-06-12 17:22
Open for 13 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0ff409caf1821195c23a2649103a264910
```
Found 3 files trough .DS_Store spidering:

/assets
/images
/robots.txt
```
  Found on 2025-06-12 17:22
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 99.83.185.157
Domain: my.remax.ua
Port: 80
URL: http://my.remax.ua

First seen 2024-12-01 17:06
Last seen 2025-02-24 23:52
Open for 85 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c0215adfc0215adfcf0b98a2bc67d7de07c3e61e74cb3f4b2
```
Found 4 files trough .DS_Store spidering:

/DATA
/packs
/uploads
/vue
```
  Found on 2025-02-24 23:52
Create report

Open service 99.83.185.157:443 · webbooking.doranordic.dk

2026-01-12 10:44

HTTP/1.1 404 Not Found
Content-Length: 9
Content-Type: text/plain; charset=utf-8
Date: Mon, 12 Jan 2026 10:44:55 GMT
Etag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=viE42FRrOs7fqpvVTP2WVASecfIBO68VHVfrP%2Bp7y5Q%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1768214695"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=viE42FRrOs7fqpvVTP2WVASecfIBO68VHVfrP%2Bp7y5Q%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1768214695"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQYAy44Rg477XPUbR7UwpStLeDFrJHLbJOrmSR8P4GTdgkk=
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
Via: 1.1 heroku-router
X-Request-Id: 43c7b189-dcaa-da31-9b6c-7835b5b03502
Connection: close


Not Found

Found 2 minutes ago by HttpPlugin