LeakIX - Host api.flandersopticians.be

Domain api.flandersopticians.be

United States

GOOGLE

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.217.208.121
Domain: api.flandersopticians.be
Port: 443
URL: https://api.flandersopticians.be

First seen 2025-12-08 17:59
Last seen 2026-01-09 09:06
Open for 31 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff4372ee7bad1c83386a0c914db47fb97b3ccb484368
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY description
GET /api/dm
GET /api/optician/{opticianid}
GET /api/opticians
GET /api/order/{orderid}
GET /api/orders
GET /api/product/{eancode}
GET /api/urlshortenflush
POST /api/auth/login
POST /api/customers
POST /api/inventory/{eancode}
POST /api/login_check
POST /api/optician
POST /api/product/
POST /api/products/
POST /api/sales
POST /api/urldecode
```
  Found on 2026-01-09 09:06
Create report

Open service 172.217.208.121:443 · api.flandersopticians.be

2026-01-09 09:06

HTTP/1.1 302 Found
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
location: /api/docs
vary: Accept
content-type: text/plain; charset=utf-8
x-cloud-trace-context: 2d6c40df3789b06344e0792cd516c46b
date: Fri, 09 Jan 2026 09:06:18 GMT
server: Google Frontend
Content-Length: 31
Connection: close


Found. Redirecting to /api/docs

Found 2026-01-09 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.flandersopticians.be

2026-01-01 19:38

HTTP/1.1 302 Found
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
location: /api/docs
vary: Accept
content-type: text/plain; charset=utf-8
x-cloud-trace-context: 0ea446675d828c2dd4ca802fe5eda327
date: Thu, 01 Jan 2026 19:38:18 GMT
server: Google Frontend
Content-Length: 31
Connection: close


Found. Redirecting to /api/docs

Found 2026-01-01 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.flandersopticians.be

2025-12-22 22:02

HTTP/1.1 302 Found
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
location: /api/docs
vary: Accept
content-type: text/plain; charset=utf-8
x-cloud-trace-context: 01a1813d406bd68dc50ffc433a05d92b
date: Mon, 22 Dec 2025 22:02:41 GMT
server: Google Frontend
Content-Length: 31
Connection: close


Found. Redirecting to /api/docs

Found 2025-12-22 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.flandersopticians.be

2025-12-21 09:49

HTTP/1.1 302 Found
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
location: /api/docs
vary: Accept
content-type: text/plain; charset=utf-8
x-cloud-trace-context: d5134d670002b70b1b60fb3eb3480b57
date: Sun, 21 Dec 2025 09:49:39 GMT
server: Google Frontend
Content-Length: 31
Connection: close


Found. Redirecting to /api/docs

Found 2025-12-21 by HttpPlugin

Create report

Open service 172.217.208.121:443 · api.flandersopticians.be

2025-12-19 11:00

HTTP/1.1 302 Found
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
location: /api/docs
vary: Accept
content-type: text/plain; charset=utf-8
x-cloud-trace-context: 74681832125abacb26410e98bda50a30
date: Fri, 19 Dec 2025 11:00:50 GMT
server: Google Frontend
Content-Length: 31
Connection: close


Found. Redirecting to /api/docs

Found 2025-12-19 by HttpPlugin

Create report

api.flandersopticians.be

Fingerprint:

7fdf96c38b960b6a2053de47ca84fc5686fbe3602b6171b1f6d7a7c8908f331a

CN:

api.flandersopticians.be

Key:

RSA-2048

Issuer:

WR3

Not before:

2025-12-08 16:57

Not after:

2026-03-08 17:48

Domain summary

api.flandersopticians.be 5

1 recorded

IP summary

172.217.208.121 2

1 recorded

Domain api.flandersopticians.be

United States

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

api.flandersopticians.be

Domain summary

IP summary