LeakIX - Host contractmanagement-api-test.deheus-apps.com

Domain contractmanagement-api-test.deheus-apps.com

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: contractmanagement-api-test.deheus-apps.com
Port: 443
URL: https://contractmanagement-api-test.deheus-apps.com

First seen 2025-11-26 17:38
Last seen 2026-02-01 22:11
Open for 67 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f2a8324a18

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PUT /api/Contracts/volume-distributions/{id}

Found on 2026-02-01 22:11

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 09:36

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f21b7cd6e9

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-statuses
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PATCH /api/Contracts/volume-distributions/{id}/status
PATCH /api/Contracts/{id}/status
PUT /api/Contracts/volume-distributions/{id}

Found on 2025-12-25 05:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: contractmanagement-api-test.deheus-apps.com
Port: 80
URL: http://contractmanagement-api-test.deheus-apps.com

First seen 2025-11-26 17:38
Last seen 2026-02-09 00:08
Open for 74 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f2a8324a18

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PUT /api/Contracts/volume-distributions/{id}

Found on 2026-02-09 00:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f21b7cd6e9

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-statuses
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PATCH /api/Contracts/volume-distributions/{id}/status
PATCH /api/Contracts/{id}/status
PUT /api/Contracts/volume-distributions/{id}

Found on 2025-12-24 10:43

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-01 09:16

Create report

Open service 20.105.232.48:443 · contractmanagement-api-test.deheus-apps.com

2026-01-23 09:36

HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 09:37:10 GMT
Server: Kestrel
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:2f7f667f-b633-4ae4-b2dd-03b803a4ab48
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(), microphone=(), camera=()
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://login.microsoftonline.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://login.microsoftonline.com https://*.microsoft.com; frame-ancestors 'none';

Found 2026-01-23 by HttpPlugin

Create report

contractmanagement-api-test.deheus-apps.com

Fingerprint:

ea08f196021dc16e71466223e12323787b588ddbb13cb9c62e2f818faa12fd8b

CN:

contractmanagement-api-test.deheus-apps.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-11-26 00:00

Not after:

2026-04-14 23:59

Domain summary

contractmanagement-api-test.deheus-apps.com 6

1 recorded

IP summary

20.105.232.48 2

1 recorded