Domain bhz-api.q-plant.com
The Netherlands
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-07 04:33
Last seen 2026-02-16 14:59
Open for 71 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-16 14:59
-
-
Open service 20.105.224.46:443 ยท bhz-api.q-plant.com
2026-01-23 03:24
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 03:25:23 GMT Server: Kestrel Location: /swagger/index.html Set-Cookie: ARRAffinity=baa1866b47e393030e213279ba67fd6c2518fbf161cb77302df0e5bf128e5caf;Path=/;HttpOnly;Secure;Domain=bhz-api.q-plant.com Set-Cookie: ARRAffinitySameSite=baa1866b47e393030e213279ba67fd6c2518fbf161cb77302df0e5bf128e5caf;Path=/;HttpOnly;SameSite=None;Secure;Domain=bhz-api.q-plant.com Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:08be3e71-3b5e-4b5e-81f3-26d4bd0d8d32 Content-Security-Policy: style-src 'self' 'nonce-ZqtDrAULP+muoKn8vCCBUnEsa0PbYCRcOOnbbDx10hI='; script-src 'self' 'nonce-ZqtDrAULP+muoKn8vCCBUnEsa0PbYCRcOOnbbDx10hI='; default-src 'none'; img-src 'self' data:; connect-src 'self'; font-src 'none'; frame-src 'none'; frame-ancestors 'none'; media-src 'none'; object-src 'none'; manifest-src 'none'; worker-src 'none'; form-action 'none'
Found 2026-01-23 by HttpPluginCreate report