LeakIX - Host dev-api.q-directories-dev.com

Domain dev-api.q-directories-dev.com

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.43
Domain: dev-api.q-directories-dev.com
Port: 443
URL: https://dev-api.q-directories-dev.com

First seen 2025-12-06 09:45
Last seen 2026-01-09 07:40
Open for 33 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035490c303b8f4dab007d0eb9ae98905223705807675a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /apiinfos
GET /v1/httpsubscriptions/{httpSubscriptionId}
GET /v1/logistic/onboardings/mobileDevice/{phoneNumber}
GET /v1/logistic/vehicles/{vehicleRegistrationNumber}
GET /v1/logistic/vehicles/{vehicleRegistrationNumber}/presence
GET /v1/plants
GET /v1/plants/{plantId}
GET /v1/plants/{plantId}/articles
GET /v1/plants/{plantId}/articlesasphalt
GET /v1/plants/{plantId}/articlesasphalt/{articleId}
GET /v1/plants/{plantId}/articlesasphalt/{articleId}/additionaldocuments/{additionalDocumentId}/document
GET /v1/plants/{plantId}/articlesasphalt/{articleId}/appraisal/document
GET /v1/plants/{plantId}/articlesasphalt/{articleId}/epd/document
GET /v1/transportcontractors
GET /v1/transportcontractors/{workspaceId}/vehicles
POST /v1/httpsubscriptions
POST /v1/httpsubscriptions/{httpSubscriptionId}/reactivate
POST /v1/logistic/onboardings/mobileDevice
POST /v1/logistic/vehicles/truckBuddyEnabledStatus
POST /v1/logistic/vehicles/{vehicleRegistrationNumber}/deliveryNotes

Found on 2026-01-09 07:40

Create report

Open service 20.50.2.43:443 · dev-api.q-directories-dev.com

2026-01-09 07:40

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Fri, 09 Jan 2026 07:41:36 GMT
Server: Kestrel
Location: /swagger/index.html
Set-Cookie: ARRAffinity=cb9a1e85b7f446b91cafd7e190ad73d52dcc97f1375ac71d21702bb4d90c19e0;Path=/;HttpOnly;Secure;Domain=dev-api.q-directories-dev.com
Set-Cookie: ARRAffinitySameSite=cb9a1e85b7f446b91cafd7e190ad73d52dcc97f1375ac71d21702bb4d90c19e0;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev-api.q-directories-dev.com
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:eb736dad-6aaf-4b2c-a598-e22e0a9c2422

Found 2026-01-09 by HttpPlugin

Create report

Open service 20.50.2.43:443 · dev-api.q-directories-dev.com

2026-01-02 05:58

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Fri, 02 Jan 2026 05:58:26 GMT
Server: Kestrel
Location: /swagger/index.html
Set-Cookie: ARRAffinity=b87c19a5269869f70deb7cc0a2ed190e1ca72b9babdcf5dd3634affeed69cbc1;Path=/;HttpOnly;Secure;Domain=dev-api.q-directories-dev.com
Set-Cookie: ARRAffinitySameSite=b87c19a5269869f70deb7cc0a2ed190e1ca72b9babdcf5dd3634affeed69cbc1;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev-api.q-directories-dev.com
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:eb736dad-6aaf-4b2c-a598-e22e0a9c2422

Found 2026-01-02 by HttpPlugin

Create report

Open service 20.50.2.43:443 · dev-api.q-directories-dev.com

2025-12-22 21:09

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Mon, 22 Dec 2025 21:09:32 GMT
Server: Kestrel
Location: /swagger/index.html
Set-Cookie: ARRAffinity=e5e65e80b466aaeb05b630ce4e72d24ce88f0da0e85596365c8c224a297b7ac2;Path=/;HttpOnly;Secure;Domain=dev-api.q-directories-dev.com
Set-Cookie: ARRAffinitySameSite=e5e65e80b466aaeb05b630ce4e72d24ce88f0da0e85596365c8c224a297b7ac2;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev-api.q-directories-dev.com
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:eb736dad-6aaf-4b2c-a598-e22e0a9c2422

Found 2025-12-22 by HttpPlugin

Create report

Open service 20.50.2.43:443 · dev-api.q-directories-dev.com

2025-12-21 00:24

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Sun, 21 Dec 2025 00:24:35 GMT
Server: Kestrel
Location: /swagger/index.html
Set-Cookie: ARRAffinity=e5e65e80b466aaeb05b630ce4e72d24ce88f0da0e85596365c8c224a297b7ac2;Path=/;HttpOnly;Secure;Domain=dev-api.q-directories-dev.com
Set-Cookie: ARRAffinitySameSite=e5e65e80b466aaeb05b630ce4e72d24ce88f0da0e85596365c8c224a297b7ac2;Path=/;HttpOnly;SameSite=None;Secure;Domain=dev-api.q-directories-dev.com
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Request-Context: appId=cid-v1:eb736dad-6aaf-4b2c-a598-e22e0a9c2422

Found 2025-12-21 by HttpPlugin

Create report

dev-api.q-directories-dev.com

Fingerprint:

fe3c1316af92161f22f43e60558080879ce70063fd983f32d301859b9d6ddd46

CN:

dev-api.q-directories-dev.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-12-06 00:00

Not after:

2026-04-14 23:59

Domain summary

dev-api.q-directories-dev.com 4

1 recorded

IP summary

20.50.2.43 2

1 recorded