LeakIX - Host api.egon.dev.h-k.no

Domain api.egon.dev.h-k.no

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.7
Domain: api.egon.dev.h-k.no
Port: 443
URL: https://api.egon.dev.h-k.no

First seen 2026-01-11 09:23
Last seen 2026-01-22 23:14
Open for 11 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b83a8a271faf4c496fdfe6633ddd1b91c6b238af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /cache
DELETE /cache/clear/{departmentId}
DELETE /calendarevent/unattend
DELETE /egon-coupons/DeleteCouponUsage/{id}
DELETE /egon-vacancies/deleteOldApplications
DELETE /gamification/activity/{id}
DELETE /identity/delete-me
DELETE /user/{userId}/external-login/{providerName}
GET /cache/keys
GET /cache/{key}
GET /cache/{key}/{departmentId}
GET /calendarevent
GET /calendarevent/attendees/{eventId}
GET /calendarevent/attendeesCount/{eventId}
GET /calendarevent/attendingevents/{userId}/{entityConnectionId}/{calendarId}
GET /calendarevent/menuPath
GET /calendarevent/singleEvent
GET /calendarevent/user
GET /claim
GET /claim/user/{id}
GET /claim/{id}
GET /client
GET /comment
GET /comment/count
GET /comment/{id}
GET /department/client/{id}
GET /department/{id}
GET /egon-coupons
GET /egon-coupons/ClearCouponData
GET /egon-coupons/GetCouponUsage/{id}
GET /egon-coupons/GetCouponUsageCountByCouponId/{id}
GET /egon-coupons/{id}
GET /egon-vacancies
GET /egon-vacancies/categories
GET /egon-vacancies/restaurant/{id}
GET /egon-vacancies/restaurants
GET /egon-vacancies/{id}
GET /entity/connected
GET /entity/connected/{id}
GET /gamification/activity
GET /gamification/function
GET /gamification/function/{id}
GET /gamification/reward
GET /gamification/reward/current-user
GET /gamification/reward/user/{id}
GET /gamification/reward/{id}
GET /gamification/rule
GET /gamification/rule/{id}
GET /gamification/rulereward
GET /gamification/rulereward/{id}
GET /globalization
GET /globalization/resourcegroup/{resourceGroupId}
GET /like
GET /like/count
GET /like/existsForUser/{entityId}
GET /menu
GET /menu/{id}
GET /menuitem
GET /menuitem/{id}
GET /notification/current-user
GET /order
GET /order/{id}
GET /page
GET /page/connectedEntity/{id}/entityConnection/{entityConnectionId}
GET /page/imageControls/{pageId}
GET /page/template/{pageTemplateId}
GET /page/{id}
GET /pageStats/mostPopularItemsForUser
GET /pageStats/{id}
GET /product
GET /product/{id}
GET /search
GET /search/types
GET /tag
GET /tenantInfo
GET /user
GET /user/external-login-provider/{provider}/{externalId}
GET /user/{id}
POST /calendarevent/isJoining
POST /claim/entity/{id}
POST /egon-coupons/RegisterCouponUsage
POST /egon-coupons/UseCouponUsage
POST /egon-vacancies/application
POST /egon-vacancies/openApplication
POST /entity
POST /form
POST /identity/accessToken
POST /identity/token
POST /identity/userinfo
POST /notification/broadcast
POST /notification/broadcast/user/{userId}
POST /notification/user/{userId}/seen
POST /notification/{id}/seen
POST /order/{orderNumber}/cancel
POST /pageStats
POST /transactionLog
POST /user/{userId}/external-login
PUT /calendarevent/attend
PUT /user/password
PUT /user/password/recover
PUT /user/password/recover/initiate

Found on 2026-01-22 23:14

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.7
Domain: api.egon.dev.h-k.no
Port: 80
URL: http://api.egon.dev.h-k.no

First seen 2026-01-11 09:23
Last seen 2026-02-09 18:14
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b83a8a271faf4c496fdfe6633ddd1b91c6b238af

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /cache
DELETE /cache/clear/{departmentId}
DELETE /calendarevent/unattend
DELETE /egon-coupons/DeleteCouponUsage/{id}
DELETE /egon-vacancies/deleteOldApplications
DELETE /gamification/activity/{id}
DELETE /identity/delete-me
DELETE /user/{userId}/external-login/{providerName}
GET /cache/keys
GET /cache/{key}
GET /cache/{key}/{departmentId}
GET /calendarevent
GET /calendarevent/attendees/{eventId}
GET /calendarevent/attendeesCount/{eventId}
GET /calendarevent/attendingevents/{userId}/{entityConnectionId}/{calendarId}
GET /calendarevent/menuPath
GET /calendarevent/singleEvent
GET /calendarevent/user
GET /claim
GET /claim/user/{id}
GET /claim/{id}
GET /client
GET /comment
GET /comment/count
GET /comment/{id}
GET /department/client/{id}
GET /department/{id}
GET /egon-coupons
GET /egon-coupons/ClearCouponData
GET /egon-coupons/GetCouponUsage/{id}
GET /egon-coupons/GetCouponUsageCountByCouponId/{id}
GET /egon-coupons/{id}
GET /egon-vacancies
GET /egon-vacancies/categories
GET /egon-vacancies/restaurant/{id}
GET /egon-vacancies/restaurants
GET /egon-vacancies/{id}
GET /entity/connected
GET /entity/connected/{id}
GET /gamification/activity
GET /gamification/function
GET /gamification/function/{id}
GET /gamification/reward
GET /gamification/reward/current-user
GET /gamification/reward/user/{id}
GET /gamification/reward/{id}
GET /gamification/rule
GET /gamification/rule/{id}
GET /gamification/rulereward
GET /gamification/rulereward/{id}
GET /globalization
GET /globalization/resourcegroup/{resourceGroupId}
GET /like
GET /like/count
GET /like/existsForUser/{entityId}
GET /menu
GET /menu/{id}
GET /menuitem
GET /menuitem/{id}
GET /notification/current-user
GET /order
GET /order/{id}
GET /page
GET /page/connectedEntity/{id}/entityConnection/{entityConnectionId}
GET /page/imageControls/{pageId}
GET /page/template/{pageTemplateId}
GET /page/{id}
GET /pageStats/mostPopularItemsForUser
GET /pageStats/{id}
GET /product
GET /product/{id}
GET /search
GET /search/types
GET /tag
GET /tenantInfo
GET /user
GET /user/external-login-provider/{provider}/{externalId}
GET /user/{id}
POST /calendarevent/isJoining
POST /claim/entity/{id}
POST /egon-coupons/RegisterCouponUsage
POST /egon-coupons/UseCouponUsage
POST /egon-vacancies/application
POST /egon-vacancies/openApplication
POST /entity
POST /form
POST /identity/accessToken
POST /identity/token
POST /identity/userinfo
POST /notification/broadcast
POST /notification/broadcast/user/{userId}
POST /notification/user/{userId}/seen
POST /notification/{id}/seen
POST /order/{orderNumber}/cancel
POST /pageStats
POST /transactionLog
POST /user/{userId}/external-login
PUT /calendarevent/attend
PUT /user/password
PUT /user/password/recover
PUT /user/password/recover/initiate

Found on 2026-02-09 18:14

Create report

Open service 13.69.68.7:80 · api.egon.dev.h-k.no

2026-01-23 13:13

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 13:14:13 GMT
Server: Kestrel
Set-Cookie: ARRAffinity=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;Domain=api.egon.dev.h-k.no
Request-Context: appId=cid-v1:5b88ffcd-432e-4139-adfe-0b6d563c014a
X-Powered-By: ASP.NET

Found 2026-01-23 by HttpPlugin

Create report

Open service 13.69.68.7:443 · api.egon.dev.h-k.no

2026-01-22 23:14

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Thu, 22 Jan 2026 23:14:46 GMT
Server: Kestrel
Set-Cookie: ARRAffinity=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;Secure;Domain=api.egon.dev.h-k.no
Set-Cookie: ARRAffinitySameSite=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.egon.dev.h-k.no
Request-Context: appId=cid-v1:5b88ffcd-432e-4139-adfe-0b6d563c014a
X-Powered-By: ASP.NET

Found 2026-01-22 by HttpPlugin

Create report

Open service 13.69.68.7:443 · api.egon.dev.h-k.no

2026-01-11 09:23

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Sun, 11 Jan 2026 09:24:45 GMT
Server: Kestrel
Set-Cookie: ARRAffinity=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;Secure;Domain=api.egon.dev.h-k.no
Set-Cookie: ARRAffinitySameSite=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.egon.dev.h-k.no
Request-Context: appId=cid-v1:5b88ffcd-432e-4139-adfe-0b6d563c014a
X-Powered-By: ASP.NET

Found 2026-01-11 by HttpPlugin

Create report

Open service 13.69.68.7:80 · api.egon.dev.h-k.no

2026-01-11 09:23

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Sun, 11 Jan 2026 09:24:44 GMT
Server: Kestrel
Set-Cookie: ARRAffinity=436842ee8924729835dcf04d775f0933f840858fe9ce2ecfe11725e4533a4712;Path=/;HttpOnly;Domain=api.egon.dev.h-k.no
Request-Context: appId=cid-v1:5b88ffcd-432e-4139-adfe-0b6d563c014a
X-Powered-By: ASP.NET

Found 2026-01-11 by HttpPlugin

Create report

api.egon.dev.h-k.no

Fingerprint:

b98f3a297129300ac69775e3d980f118f38e807a38e3bf0f4caa89e8c7968fc1

CN:

api.egon.dev.h-k.no

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2026-01-11 00:00

Not after:

2026-04-14 23:59

api.egon.dev.h-k.no

Fingerprint:

844418b62f8c907208fabb12fe4d68eb83e0aef5775a57dc4b6f68aef2749975

CN:

api.egon.dev.h-k.no

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-08-23 00:00

Not after:

2026-02-23 23:59

Domain summary

api.egon.dev.h-k.no 5

1 recorded

IP summary

13.69.68.7 2

1 recorded