Domain dataapi.ibss.theacre.iconics.cloud
United Kingdom
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.90.134.37
Domain: dataapi.ibss.theacre.iconics.cloud
Port: 443
URL: https://dataapi.ibss.theacre.iconics.cloudFirst seen 2025-12-09 10:48
Last seen 2026-02-09 19:30
Open for 62 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a6df841643df1239667dc638605a2357347444a5Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/data/old/Calls/heartbeat GET /api/data/v1/OfficeExport/{nodeid}/{eventid} GET /api/data/v1/OfficeExport/{nodeid}/{eventid}/{templatename} GET /api/data/v1/{eventtype} GET /api/data/v1/{eventtype}/Event/findbypk GET /api/data/v1/{eventtype}/Event/{guid} GET /api/data/v1/{eventtype}/Event/{guid}/associated GET /api/data/v1/{eventtype}/Event/{guid}/history GET /api/data/v1/{eventtype}/Events GET /api/data/v1/{eventtype}/Events/{nodeid} GET /api/data/v1/{eventtype}/Events/{nodeid}/history GET /api/data/v1/{eventtype}/Events/{nodeid}/{filter} GET /api/data/v1/{eventtype}/Events/{nodeid}/{filter}/history GET /api/data/v1/{eventtype}/File/{eventid} GET /api/data/v1/{eventtype}/File/{eventid}/{filename} GET /api/data/v1/{eventtype}/Lookups/getlookupvalue GET /api/data/v1/{eventtype}/Variable/{nodeid} GET /api/data/v1/{eventtype}/Variable/{nodeid}/getnames GET /api/data/v1/{eventtype}/Variable/{nodeid}/{name} GET /api/data/v1/{eventtype}/metadata GET /v1/Service/heartbeat GET /v1/Service/version POST /api/data/old/Calls/custom POST /api/data/old/Calls/custompost POST /api/data/v1/{eventtype}/Event POST /api/data/v1/{eventtype}/Event/changeownerFound on 2026-02-09 19:30
-
-
Open service 20.90.134.37:443 · dataapi.ibss.theacre.iconics.cloud
2026-01-23 05:47
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 05:47:55 GMT Server: Kestrel Cache-Control: no-store Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Content-Security-Policy: default-src 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Referrer-Policy: no-referrer Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
Found 2026-01-23 by HttpPluginCreate report
-
Open service 20.90.134.37:443 · dataapi.ibss.theacre.iconics.cloud
2026-01-09 19:46
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 09 Jan 2026 19:47:39 GMT Server: Kestrel Cache-Control: no-store Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Content-Security-Policy: default-src 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Referrer-Policy: no-referrer Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.90.134.37:443 · dataapi.ibss.theacre.iconics.cloud
2026-01-02 18:14
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 02 Jan 2026 18:14:14 GMT Server: Kestrel Cache-Control: no-store Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Content-Security-Policy: default-src 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Referrer-Policy: no-referrer Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.90.134.37:443 · dataapi.ibss.theacre.iconics.cloud
2025-12-23 00:09
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Tue, 23 Dec 2025 00:09:23 GMT Server: Kestrel Cache-Control: no-store Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Content-Security-Policy: default-src 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Referrer-Policy: no-referrer Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
Found 2025-12-23 by HttpPluginCreate report