LeakIX - Host api.ibss.arcadistest.iconics.cloud

Domain api.ibss.arcadistest.iconics.cloud

United Kingdom

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.90.134.13
Domain: api.ibss.arcadistest.iconics.cloud
Port: 443
URL: https://api.ibss.arcadistest.iconics.cloud

First seen 2026-01-12 04:23
Last seen 2026-02-09 15:12
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491f82fe4caeff56e0c9a6131d4544d83c6505f199

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /v1/{nodeid}/Notifications/{notificationid}
DELETE /v1/{nodeid}/TaskCategories/{taskCategoryName}
DELETE /v1/{nodeid}/TaskTypes/{taskTypeId}
GET /v1/Auth
GET /v1/Auth/rights
GET /v1/Auth/rights2
GET /v1/Devices
GET /v1/Devices/Status
GET /v1/Devices/{deviceId}
GET /v1/Devices/{deviceType}/{deviceCode}/deviceInfo
GET /v1/Devices/{nodeId}/nodedevices
GET /v1/NotificationHubRegister
GET /v1/Organisations
GET /v1/Organisations/{organisationid}
GET /v1/Service/CachedData
GET /v1/Service/LogTrace
GET /v1/Service/RefreshCache
GET /v1/Service/heartbeat
GET /v1/Service/privacy-policy
GET /v1/Service/supported-version
GET /v1/Service/version
GET /v1/SpacesDailySummary/Recalculate
GET /v1/SpacesSummary/Recalculate
GET /v1/Users/access-pass
GET /v1/Users/access-pass/{buildingid}
GET /v1/Users/{name}
GET /v1/Users/{search}/search
GET /v1/Users/{username}/location
GET /v1/delegates/my-delegates
GET /v1/delegates/my-primaries
GET /v1/{nodeid}/BookingParties
GET /v1/{nodeid}/BookingParties/{recordid}
GET /v1/{nodeid}/Bookings
GET /v1/{nodeid}/Bookings/checkedin
GET /v1/{nodeid}/Bookings/download
GET /v1/{nodeid}/Bookings/spaces
GET /v1/{nodeid}/Bookings/today
GET /v1/{nodeid}/Bookings/user-bookings
GET /v1/{nodeid}/Bookings/{bookingId}/rawdata/{date}
GET /v1/{nodeid}/Bookings/{bookingid}
GET /v1/{nodeid}/BookingsDailySummary/Recalculate
GET /v1/{nodeid}/BookingsDailySummary/{startDate}/{endDate}/BookingsSummaryData
GET /v1/{nodeid}/BuildingKPIs
GET /v1/{nodeid}/BuildingKPIs/refresh
GET /v1/{nodeid}/BuildingKPIs/{buildingkpiid}
GET /v1/{nodeid}/BuildingKPIs/{buildingkpiid}/refresh
GET /v1/{nodeid}/Buildings
GET /v1/{nodeid}/Buildings/{buildingid}
GET /v1/{nodeid}/Buildings/{buildingid}/environmental
GET /v1/{nodeid}/Connectors
GET /v1/{nodeid}/Connectors/{connectorid}
GET /v1/{nodeid}/CostCodes
GET /v1/{nodeid}/CostCodes/{costcodeid}
GET /v1/{nodeid}/EnvironmentalSensors
GET /v1/{nodeid}/EnvironmentalSensors/{envSensorId}
GET /v1/{nodeid}/EnvironmentalZoneDailySummary
GET /v1/{nodeid}/EnvironmentalZoneDailySummary/Recalculate
GET /v1/{nodeid}/EnvironmentalZoneData
GET /v1/{nodeid}/EnvironmentalZoneData/ZonesData
GET /v1/{nodeid}/EnvironmentalZoneData/{envzoneid}
GET /v1/{nodeid}/EnvironmentalZoneSummary
GET /v1/{nodeid}/EnvironmentalZones
GET /v1/{nodeid}/EnvironmentalZones/{envzoneid}
GET /v1/{nodeid}/Equipment
GET /v1/{nodeid}/Equipment/definitions
GET /v1/{nodeid}/Equipment/refresh
GET /v1/{nodeid}/Equipment/search
GET /v1/{nodeid}/Equipment/{equipid}
GET /v1/{nodeid}/Equipment/{equipid}/definitions
GET /v1/{nodeid}/Equipment/{equipid}/refresh
GET /v1/{nodeid}/Equipment/{equipid}/tasks
GET /v1/{nodeid}/Floors
GET /v1/{nodeid}/Floors/availability
GET /v1/{nodeid}/Floors/availability-and-environmental
GET /v1/{nodeid}/Floors/environmental
GET /v1/{nodeid}/Floors/{floorid}
GET /v1/{nodeid}/Floors/{floorid}/availability
GET /v1/{nodeid}/Floors/{floorid}/availability-and-environmental
GET /v1/{nodeid}/Languages
GET /v1/{nodeid}/Languages/{languageid}
GET /v1/{nodeid}/Lockers/Lockerbanks
GET /v1/{nodeid}/Lockers/claimed
GET /v1/{nodeid}/Lockers/{lockerId}
GET /v1/{nodeid}/Lockers/{lockerbankid}/available
GET /v1/{nodeid}/Nodes
GET /v1/{nodeid}/Notifications
GET /v1/{nodeid}/Notifications/active
GET /v1/{nodeid}/Notifications/{notificationId}
GET /v1/{nodeid}/Parameters
GET /v1/{nodeid}/Parameters/byname/{parameterName}
GET /v1/{nodeid}/Parameters/{parameterId}
GET /v1/{nodeid}/Regions
GET /v1/{nodeid}/Regions/{regionid}
GET /v1/{nodeid}/ResolversCategories
GET /v1/{nodeid}/ResolversDailySummary
GET /v1/{nodeid}/Signage
GET /v1/{nodeid}/Signage/{SignageId}
GET /v1/{nodeid}/SpaceCateringMenu
GET /v1/{nodeid}/SpaceCateringMenu/pre-book
GET /v1/{nodeid}/SpaceCateringMenu/room-service
GET /v1/{nodeid}/SpaceCateringMenu/{spacecateringId}
GET /v1/{nodeid}/SpaceStates
GET /v1/{nodeid}/SpaceStates/{spacestateid}
GET /v1/{nodeid}/SpaceStates/{spacestateid}/states
GET /v1/{nodeid}/SpaceUtilisation/SpaceUtilisationData
GET /v1/{nodeid}/SpaceUtilisation/{startDate}/{endDate}/SpaceUtilisationData
GET /v1/{nodeid}/SpaceZones
GET /v1/{nodeid}/SpaceZones/{spacezoneid}
GET /v1/{nodeid}/Spaces
GET /v1/{nodeid}/Spaces/availability
GET /v1/{nodeid}/Spaces/bookings-today
GET /v1/{nodeid}/Spaces/count
GET /v1/{nodeid}/Spaces/definitions
GET /v1/{nodeid}/Spaces/refresh
GET /v1/{nodeid}/Spaces/search
GET /v1/{nodeid}/Spaces/{spaceId}/rawdata/{date}
GET /v1/{nodeid}/Spaces/{spaceId}/refresh
GET /v1/{nodeid}/Spaces/{spaceid}
GET /v1/{nodeid}/Spaces/{spaceid}/av-display
GET /v1/{nodeid}/Spaces/{spaceid}/av-source
GET /v1/{nodeid}/Spaces/{spaceid}/av-volume
GET /v1/{nodeid}/Spaces/{spaceid}/blinds
GET /v1/{nodeid}/Spaces/{spaceid}/bookings-today
GET /v1/{nodeid}/Spaces/{spaceid}/definitions
GET /v1/{nodeid}/Spaces/{spaceid}/environmental
GET /v1/{nodeid}/Spaces/{spaceid}/lighting
GET /v1/{nodeid}/Spaces/{spaceid}/schedule
GET /v1/{nodeid}/Spaces/{spaceid}/space-av-info
GET /v1/{nodeid}/Spaces/{spaceid}/space-info
GET /v1/{nodeid}/Spaces/{spaceid}/tasks
GET /v1/{nodeid}/Spaces/{spaceid}/temperature
GET /v1/{nodeid}/Spaces/{spacetype}/availability
GET /v1/{nodeid}/SpacesDailySummary
GET /v1/{nodeid}/SpacesDailySummary/{spaceId}
GET /v1/{nodeid}/SpacesSummary
GET /v1/{nodeid}/SpacesSummary/{spaceId}
GET /v1/{nodeid}/SupportedVersions
GET /v1/{nodeid}/SupportedVersions/{supportedversionid}
GET /v1/{nodeid}/TaskCategories
GET /v1/{nodeid}/TaskCategories/{categoryId}
GET /v1/{nodeid}/TaskStates
GET /v1/{nodeid}/TaskStates/{taskstateid}
GET /v1/{nodeid}/TaskTypes
GET /v1/{nodeid}/TaskTypes/{tasktypeid}
GET /v1/{nodeid}/Tasks
GET /v1/{nodeid}/Tasks/active
GET /v1/{nodeid}/Tasks/download
GET /v1/{nodeid}/Tasks/history
GET /v1/{nodeid}/Tasks/user-summary
GET /v1/{nodeid}/Tasks/user-tasks
GET /v1/{nodeid}/Tasks/{taskid}
GET /v1/{nodeid}/Tasks/{taskid}/history
GET /v1/{nodeid}/Tasks/{taskid}/refresh
GET /v1/{nodeid}/TasksDailySummary
GET /v1/{nodeid}/TasksDailySummary/Recalculate
GET /v1/{nodeid}/UserNotifications
GET /v1/{nodeid}/UserNotifications/{usernotificationId}
GET /v1/{nodeid}/UserPreferences
GET /v1/{nodeid}/Visits
GET /v1/{nodeid}/Visits/active
GET /v1/{nodeid}/Visits/awaiting-approval
GET /v1/{nodeid}/Visits/checked-in
GET /v1/{nodeid}/Visits/download
GET /v1/{nodeid}/Visits/inactive
GET /v1/{nodeid}/Visits/{visitid}
GET /v1/{nodeid}/Visits/{visitid}/checked-in
GET /v1/{nodeid}/VisitsDailySummary
POST /v1/Devices/{deviceId}/SendCommand
POST /v1/Devices/{deviceId}/Update
POST /v1/Users/{name}/check-pin
POST /v1/Users/{userid}/access-pass
POST /v1/{nodeid}/Bookings/import
POST /v1/{nodeid}/Bookings/search
POST /v1/{nodeid}/Equipment/available
POST /v1/{nodeid}/Equipment/{equipid}/bookings
POST /v1/{nodeid}/Lockers/{lockerId}/claim
POST /v1/{nodeid}/Spaces/{spaceid}/bookings
POST /v1/{nodeid}/Spaces/{spaceid}/create-space-clean
POST /v1/{nodeid}/TrackAndTrace/location
POST /v1/{nodeid}/TrackAndTrace/trackAndTraceCounts
POST /v1/{nodeid}/UserPreferences/{equipId}/favourite-equipment
POST /v1/{nodeid}/UserPreferences/{spaceId}/favourite-space
POST /v1/{nodeid}/UserPreferences/{username}/favourite-colleagues
POST /v1/{nodeid}/Visits/import
PUT /v1/Devices/{deviceId}/Status
PUT /v1/NotificationHubRegister/{id}
PUT /v1/{nodeid}/BookingParties/{bookingid}
PUT /v1/{nodeid}/Bookings/{bookingId}
PUT /v1/{nodeid}/BuildingKPIs/{buildingKPIId}
PUT /v1/{nodeid}/EnvironmentalSensors/{envSensorId}/assign-zone/{envZoneId}
PUT /v1/{nodeid}/EnvironmentalSensors/{envSensorId}/disable
PUT /v1/{nodeid}/EnvironmentalSensors/{envSensorId}/enable
PUT /v1/{nodeid}/EnvironmentalSensors/{envSensorId}/unassign-zone
PUT /v1/{nodeid}/EnvironmentalSensors/{envSensorId}/update
PUT /v1/{nodeid}/EnvironmentalZones/{envzoneid}/disable
PUT /v1/{nodeid}/EnvironmentalZones/{envzoneid}/enable
PUT /v1/{nodeid}/EnvironmentalZones/{envzoneid}/{name}
PUT /v1/{nodeid}/Equipment/{equipid}/disable
PUT /v1/{nodeid}/Equipment/{equipid}/enable
PUT /v1/{nodeid}/Lockers/{lockerId}/release
PUT /v1/{nodeid}/Lockers/{lockerId}/unlock
PUT /v1/{nodeid}/Signage/{signageId}
PUT /v1/{nodeid}/SpaceCateringMenu/{spaceCateringId}
PUT /v1/{nodeid}/Spaces/update-space-occupancy
PUT /v1/{nodeid}/Spaces/{spaceid}/action
PUT /v1/{nodeid}/Spaces/{spaceid}/checkin
PUT /v1/{nodeid}/Spaces/{spaceid}/checkout
PUT /v1/{nodeid}/Spaces/{spaceid}/disable
PUT /v1/{nodeid}/Spaces/{spaceid}/enable
PUT /v1/{nodeid}/Spaces/{spaceid}/reserve
PUT /v1/{nodeid}/Spaces/{spaceid}/setpoint
PUT /v1/{nodeid}/TaskCategories/{taskCategoryId}
PUT /v1/{nodeid}/TaskCategories/{taskCategoryId}/disable
PUT /v1/{nodeid}/TaskCategories/{taskCategoryId}/enable
PUT /v1/{nodeid}/TaskCategories/{taskCategoryId}/update
PUT /v1/{nodeid}/TaskTypes/{tasktypeid}/disable
PUT /v1/{nodeid}/TaskTypes/{tasktypeid}/enable
PUT /v1/{nodeid}/Tasks/{taskId}
PUT /v1/{nodeid}/Tasks/{taskId}/assign
PUT /v1/{nodeid}/Tasks/{taskId}/cancel
PUT /v1/{nodeid}/Tasks/{taskId}/change-priority
PUT /v1/{nodeid}/Tasks/{taskId}/re-allocate
PUT /v1/{nodeid}/Tasks/{taskId}/resolve
PUT /v1/{nodeid}/Tasks/{taskId}/set-in-progress
PUT /v1/{nodeid}/Tasks/{taskId}/unassign
PUT /v1/{nodeid}/Tasks/{taskId}/comment
PUT /v1/{nodeid}/UserPreferences/update-calendarprefs
PUT /v1/{nodeid}/UserPreferences/update-diagnosticsprefs
PUT /v1/{nodeid}/UserPreferences/update-environment
PUT /v1/{nodeid}/UserPreferences/update-notifications
PUT /v1/{nodeid}/UserPreferences/update-privacy
PUT /v1/{nodeid}/UserPreferences/update-searchprefs
PUT /v1/{nodeid}/UserPreferences/update-workinghours
PUT /v1/{nodeid}/UserPreferences/{floor}/updatedefaultfloor
PUT /v1/{nodeid}/Visits/{visitid}/action
PUT /v1/{nodeid}/Visits/{visitid}/approve
PUT /v1/{nodeid}/Visits/{visitid}/cancel
PUT /v1/{nodeid}/Visits/{visitid}/checkin
PUT /v1/{nodeid}/Visits/{visitid}/checkout
PUT /v1/{nodeid}/Visits/{visitid}/deny
PUT /v1/{nodeid}/Visits/{visitid}/user-update

Found on 2026-02-09 15:12

Create report

Open service 20.90.134.13:443 · api.ibss.arcadistest.iconics.cloud

2026-01-23 09:11

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 09:12:13 GMT
Server: Kestrel
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
Request-Context: appId=cid-v1:f05708fd-3456-4167-ad93-f5e92f1fa17d
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()

Found 2026-01-23 by HttpPlugin

Create report

Open service 20.90.134.13:80 · api.ibss.arcadistest.iconics.cloud

2026-01-12 04:23

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Mon, 12 Jan 2026 04:24:54 GMT
Location: https://api.ibss.arcadistest.iconics.cloud/

Found 2026-01-12 by HttpPlugin

Create report

Open service 20.90.134.13:443 · api.ibss.arcadistest.iconics.cloud

2026-01-12 04:23

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Mon, 12 Jan 2026 04:24:54 GMT
Server: Kestrel
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
Request-Context: appId=cid-v1:f05708fd-3456-4167-ad93-f5e92f1fa17d
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()

Found 2026-01-12 by HttpPlugin

Create report

api.ibss.arcadistest.iconics.cloud

Fingerprint:

185a73bb29faeedc3e7037869f0587bc1771f9230eca0dd2538ab9a16097696c

CN:

api.ibss.arcadistest.iconics.cloud

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2026-01-12 00:00

Not after:

2026-04-14 23:59

api.ibss.arcadistest.iconics.cloud

Fingerprint:

60539a79f08a7abef6301d42e3871530125a52cd8521a0bae9d55b6be1a7527d

CN:

api.ibss.arcadistest.iconics.cloud

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-08-24 00:00

Not after:

2026-02-24 23:59

Domain summary

api.ibss.arcadistest.iconics.cloud 3

1 recorded

IP summary

20.90.134.13 2

1 recorded