Domain dev.api.sinatec.2digits.dev
The Netherlands
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.105.232.48
Domain: dev.api.sinatec.2digits.dev
Port: 443
URL: https://dev.api.sinatec.2digits.devFirst seen 2026-01-09 02:08
Last seen 2026-02-09 18:46
Open for 31 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-09 18:46 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497e2d5e86cb25b78f40388e170a4c4036026e79e2Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /orders/lines/backorder GET /Misc/franco GET /Prepr/productgroups GET /Prepr/products GET /Products/id/{slug} GET /Products/{id} GET /me GET /me/company GET /me/company/orderlists GET /me/company/orderlists/{id} GET /me/company/orders GET /me/company/orders/backorder GET /me/company/orders/recent GET /me/company/quotations GET /me/company/roles/custom GET /me/company/users/{id} GET /me/session GET /orders GET /orders/{id} POST /Misc/ktype/by/cartype POST /Misc/ktype/by/licenseplate POST /Registration POST /Registration/complete POST /Registration/validate POST /auth/forgot POST /auth/login POST /auth/logout POST /auth/reset POST /auth/reset/validate POST /me/company/reports POST /me/company/reports/search POST /me/company/users POST /me/verify POST /orders/import POST /orders/import/orderlist POST /orders/lines POST /orders/payment POST /orders/payment/webhook POST /orders/save POST /quotations/externalquotation PUT /me/company/orderlists/{id}/items/{itemId} PUT /me/password PUT /orders/lines/{id}Found on 2026-01-23 12:18
-
-
Open service 20.105.232.48:443 ยท dev.api.sinatec.2digits.dev
2026-01-23 12:18
HTTP/1.1 400 Bad Request Connection: close Content-Type: application/json; charset=utf-8 Date: Fri, 23 Jan 2026 12:19:14 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:8dd8c7d0-f287-4d76-b425-57de98f58524 {"code":"InvalidOrigin","description":"The request header 'X-Origin' is either missing or invalid","additional":[]}Found 2026-01-23 by HttpPluginCreate report