LeakIX - Host api-test.innothyrogen.com

Domain api-test.innothyrogen.com

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.224.34
Domain: api-test.innothyrogen.com
Port: 443
URL: https://api-test.innothyrogen.com

First seen 2025-12-20 19:12
Last seen 2026-02-09 22:40
Open for 51 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73507b14a427a636a7c479b8ad63549d958e

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Auth/authfirebasetoken
GET /api/Auth/firebaseemail2register
GET /api/Dashboard/disease-autoimune
GET /api/Dashboard/disease-bolest-stitnjace
GET /api/Dashboard/disease-bolest-stitnjace-cumulative
GET /api/Dashboard/duplicate-patients
GET /api/Dashboard/duplicate-questionnaires
GET /api/Dashboard/export-patients
GET /api/Dashboard/export-questionnaires
GET /api/Dashboard/orphaned-patients
GET /api/Dashboard/orphaned-questionnaires
GET /api/Dashboard/patients-karcinom
GET /api/Dashboard/patients-nodes-details
GET /api/Dashboard/patients-other-details
GET /api/Dashboard/questionnaires-non-croatian-citizenship
GET /api/Dashboard/questionnaires-non-croatian-nationality
GET /api/Dashboard/statistics
GET /api/Organization
GET /api/Patient
GET /api/Patient/{id}
GET /api/Questionare
GET /api/Questionare/{id}
GET /api/Test/CreateUserAndSendMail
GET /api/Test/GetConfigValue
GET /api/Test/GetDbValue
GET /api/User
GET /api/User/me
GET /api/User/{id}
GET /robots933456.txt
POST /api/User/{id}/reset-password

Found on 2026-02-09 22:40

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3b73507b14a427a636a7c479b8ad63c886f397

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /
GET /api/Auth/authfirebasetoken
GET /api/Auth/firebaseemail2register
GET /api/Dashboard/disease-autoimune
GET /api/Dashboard/disease-bolest-stitnjace
GET /api/Dashboard/duplicate-patients
GET /api/Dashboard/duplicate-questionnaires
GET /api/Dashboard/export-patients
GET /api/Dashboard/export-questionnaires
GET /api/Dashboard/orphaned-patients
GET /api/Dashboard/orphaned-questionnaires
GET /api/Dashboard/patients-karcinom
GET /api/Dashboard/patients-nodes-details
GET /api/Dashboard/patients-other-details
GET /api/Dashboard/statistics
GET /api/Organization
GET /api/Patient
GET /api/Patient/{id}
GET /api/Questionare
GET /api/Questionare/{id}
GET /api/Test/CreateUserAndSendMail
GET /api/Test/GetConfigValue
GET /api/Test/GetDbValue
GET /api/User
GET /api/User/me
GET /api/User/{id}
GET /robots933456.txt
POST /api/User/{id}/reset-password

Found on 2026-01-23 13:14

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d609b0a7cdb93dc3a8ea13ed82d97cabf32997e577e

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /
GET /api/Auth/authfirebasetoken
GET /api/Auth/firebaseemail2register
GET /api/Dashboard/disease-autoimune
GET /api/Dashboard/disease-bolest-stitnjace
GET /api/Dashboard/duplicate-patients
GET /api/Dashboard/duplicate-questionnaires
GET /api/Dashboard/export-patients
GET /api/Dashboard/export-questionnaires
GET /api/Dashboard/orphaned-patients
GET /api/Dashboard/orphaned-questionnaires
GET /api/Dashboard/patients-karcinom
GET /api/Dashboard/patients-nodes-details
GET /api/Dashboard/patients-other-details
GET /api/Dashboard/statistics
GET /api/Organization
GET /api/Patient
GET /api/Patient/{id}
GET /api/Questionare
GET /api/Questionare/{id}
GET /api/Test/CreateUserAndSendMail
GET /api/Test/GetConfigValue
GET /api/Test/GetDbValue
GET /api/User
GET /api/User/me
GET /api/User/{id}
GET /robots933456.txt
POST /api/User/{id}/reset-password

Found on 2026-01-10 01:02

Create report

Open service 20.105.224.34:443 · api-test.innothyrogen.com

2026-01-23 13:14

HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain; charset=utf-8
Date: Fri, 23 Jan 2026 13:15:25 GMT
Server: Kestrel
Transfer-Encoding: chunked
Request-Context: appId=cid-v1:81ef0ab0-d427-4129-a9c5-592cc866e646


ok

Found 2026-01-23 by HttpPlugin

Create report

Open service 20.105.224.34:443 · api-test.innothyrogen.com

2026-01-10 01:02

HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain; charset=utf-8
Date: Sat, 10 Jan 2026 01:03:07 GMT
Server: Kestrel
Transfer-Encoding: chunked
Request-Context: appId=cid-v1:81ef0ab0-d427-4129-a9c5-592cc866e646


ok

Found 2026-01-10 by HttpPlugin

Create report

api-test.innothyrogen.com

Fingerprint:

105ec276a2937644e0bd2fbb3bd9935f27b131eac6b05e7233fc9f094737cb3f

CN:

api-test.innothyrogen.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-12-14 00:00

Not after:

2026-04-14 23:59

Domain summary

api-test.innothyrogen.com 4

1 recorded

IP summary

20.105.224.34 2

1 recorded