Domain hyperion-api.internal.congatec.app
The Netherlands
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 20.50.2.68
Domain: hyperion-api.internal.congatec.app
Port: 443
URL: https://hyperion-api.internal.congatec.appFirst seen 2026-01-05 17:12
Last seen 2026-02-02 05:34
Open for 27 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dee8f10328866450f2f88691e20438e8b46764d5Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/competences GET /api/v1/competences/{CompetenceId} GET /api/v1/employees GET /api/v1/employees/check-open GET /api/v1/employees/myself GET /api/v1/employees/performance-reviews GET /api/v1/employees/personnel-areas GET /api/v1/employees/sap-checksync GET /api/v1/employees/{EmployeeId}/performance-reviews GET /api/v1/job-positions GET /api/v1/job-positions/{JobPositionId} PATCH /api/v1/employees/begin PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate/myself PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/comment PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/review/{Vote} POST /api/v1/employees/performance-reviews/create-by-job-position POST /api/v1/employees/sap-sync POST /api/v1/import/competences/xlsx PUT /api/v1/competences/{Id} PUT /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId} PUT /api/v1/job-positions/{Id}Found on 2026-02-02 05:34 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dee8f10328866450f2f88691e20438e831d6d79fPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/competences GET /api/v1/competences/{CompetenceId} GET /api/v1/employees GET /api/v1/employees/check-open GET /api/v1/employees/myself GET /api/v1/employees/performance-reviews GET /api/v1/employees/sap-checksync GET /api/v1/employees/{EmployeeId}/performance-reviews GET /api/v1/job-positions GET /api/v1/job-positions/{JobPositionId} PATCH /api/v1/employees/begin PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/comment PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/review/{Vote} POST /api/v1/employees/performance-reviews/create-by-job-position POST /api/v1/employees/sap-sync POST /api/v1/import/competences/xlsx PUT /api/v1/competences/{Id} PUT /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId} PUT /api/v1/job-positions/{Id}Found on 2026-01-17 01:59
-
-
Open service 20.50.2.68:443 · hyperion-api.internal.congatec.app
2026-01-23 01:32
HTTP/1.1 400 Bad Request Connection: close Content-Type: application/json Date: Fri, 23 Jan 2026 01:33:07 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:d414c502-8531-4344-a41b-17af7491efa6 {"Error":"The call you made was not found. For all available endpoints, check \u003Ca href=\u0022/swagger\u0022\u003Eswaggegr\u003C/a\u003E"}Found 2026-01-23 by HttpPluginCreate report
-
Open service 20.50.2.68:443 · hyperion-api.internal.congatec.app
2026-01-09 10:56
HTTP/1.1 400 Bad Request Connection: close Content-Type: application/json Date: Fri, 09 Jan 2026 10:57:11 GMT Server: Kestrel Transfer-Encoding: chunked Request-Context: appId=cid-v1:d414c502-8531-4344-a41b-17af7491efa6 {"Error":"The call you made was not found. For all available endpoints, check \u003Ca href=\u0022/swagger\u0022\u003Eswaggegr\u003C/a\u003E"}Found 2026-01-09 by HttpPluginCreate report