Domain api.trainvision.eu
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-05 16:52
Last seen 2026-02-01 23:57
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-01 23:57
-
-
Open service 20.105.216.40:443 · api.trainvision.eu
2026-01-22 21:56
HTTP/1.1 200 OK Content-Length: 55 Connection: close Content-Type: text/html Date: Thu, 22 Jan 2026 21:57:05 GMT Accept-Ranges: bytes ETag: "1dbccaea1e3d3b7" Last-Modified: Sat, 24 May 2025 13:20:35 GMT Set-Cookie: ARRAffinity=36a59cd37c043509ce4f238878a2d541291a2ab74254da8d4eb184fc4625c979;Path=/;HttpOnly;Secure;Domain=api.trainvision.eu Set-Cookie: ARRAffinitySameSite=36a59cd37c043509ce4f238878a2d541291a2ab74254da8d4eb184fc4625c979;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.trainvision.eu Strict-Transport-Security: max-age=2592000; includeSubDomains Request-Context: appId=cid-v1:db9b11ad-11a0-4408-ac28-ee57dba68802 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin <script> location.href = "/swagger"; </script>Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.105.216.40:443 · api.trainvision.eu
2026-01-09 22:35
HTTP/1.1 200 OK Content-Length: 55 Connection: close Content-Type: text/html Date: Fri, 09 Jan 2026 22:36:16 GMT Accept-Ranges: bytes ETag: "1dbccaea1e3d3b7" Last-Modified: Sat, 24 May 2025 13:20:35 GMT Set-Cookie: ARRAffinity=898a81a7290e9a3e440d1bd7bbd5509dc81f52bac090f8a47a6c88c50c299024;Path=/;HttpOnly;Secure;Domain=api.trainvision.eu Set-Cookie: ARRAffinitySameSite=898a81a7290e9a3e440d1bd7bbd5509dc81f52bac090f8a47a6c88c50c299024;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.trainvision.eu Strict-Transport-Security: max-age=2592000; includeSubDomains Request-Context: appId=cid-v1:db9b11ad-11a0-4408-ac28-ee57dba68802 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin <script> location.href = "/swagger"; </script>Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.105.216.40:80 · api.trainvision.eu
2026-01-05 16:52
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 05 Jan 2026 16:53:41 GMT Location: https://api.trainvision.eu/
Found 2026-01-05 by HttpPluginCreate report
-
Open service 20.105.216.40:443 · api.trainvision.eu
2026-01-05 16:52
HTTP/1.1 200 OK Content-Length: 55 Connection: close Content-Type: text/html Date: Mon, 05 Jan 2026 16:53:42 GMT Accept-Ranges: bytes ETag: "1dbccaea1e3d3b7" Last-Modified: Sat, 24 May 2025 13:20:35 GMT Set-Cookie: ARRAffinity=898a81a7290e9a3e440d1bd7bbd5509dc81f52bac090f8a47a6c88c50c299024;Path=/;HttpOnly;Secure;Domain=api.trainvision.eu Set-Cookie: ARRAffinitySameSite=898a81a7290e9a3e440d1bd7bbd5509dc81f52bac090f8a47a6c88c50c299024;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.trainvision.eu Strict-Transport-Security: max-age=2592000; includeSubDomains Request-Context: appId=cid-v1:db9b11ad-11a0-4408-ac28-ee57dba68802 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin <script> location.href = "/swagger"; </script>Found 2026-01-05 by HttpPluginCreate report