LeakIX - Host iot.achtbytes.com

Domain iot.achtbytes.com

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: iot.achtbytes.com
Port: 443
URL: https://iot.achtbytes.com

First seen 2025-12-29 12:25
Last seen 2026-02-09 14:27
Open for 42 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 14:27

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499aa1f2a111e62b09ea0a9e38e72d3d274c9591d7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables/{workflowVariableId}
DELETE /{__tenant__}/api/tenant/groups/{groupId}/users/{userId}
DELETE /{__tenant__}/api/users/invites/{userInviteId}
DELETE /{__tenant__}/api/users/{userId}
GET /api/admin/tenants
GET /api/tenants
GET /{__tenant__}/api/admin/remoteMaintenance
GET /{__tenant__}/api/alerts
GET /{__tenant__}/api/alerts/getEvents
GET /{__tenant__}/api/alerts/getLimits
GET /{__tenant__}/api/alerts/{alertId}
GET /{__tenant__}/api/alerts/{alertId}/actions
GET /{__tenant__}/api/alerts/{alertId}/actions/{actionId}
GET /{__tenant__}/api/alerts/{alertId}/conditions
GET /{__tenant__}/api/alerts/{alertId}/conditions/{conditionId}
GET /{__tenant__}/api/analytics/all
GET /{__tenant__}/api/assetgroups
GET /{__tenant__}/api/assetgroups/{assetGroupId}
GET /{__tenant__}/api/assetgroups/{assetGroupId}/assets
GET /{__tenant__}/api/assets
GET /{__tenant__}/api/assets/all
GET /{__tenant__}/api/dashboards
GET /{__tenant__}/api/dashboards/widgetTypes
GET /{__tenant__}/api/dashboards/{dashboardId}
GET /{__tenant__}/api/dataExports
GET /{__tenant__}/api/devices
GET /{__tenant__}/api/devices/all
GET /{__tenant__}/api/devices/{deviceId}
GET /{__tenant__}/api/devices/{deviceId}/analytics
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/states
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/customerDefinitions
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/events
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/metadata
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties/{name}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValues
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/userInterface
GET /{__tenant__}/api/devices/{deviceId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/events
GET /{__tenant__}/api/devices/{deviceId}/map
GET /{__tenant__}/api/devices/{deviceId}/masters/testConnectivity
GET /{__tenant__}/api/devices/{deviceId}/workflows
GET /{__tenant__}/api/devices/{deviceId}/workflows/nodeTypes
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables
GET /{__tenant__}/api/events
GET /{__tenant__}/api/map
GET /{__tenant__}/api/notifications
GET /{__tenant__}/api/notifications/types
GET /{__tenant__}/api/productionOrders
GET /{__tenant__}/api/productionOrders/{productionOrderId}/detail
GET /{__tenant__}/api/search
GET /{__tenant__}/api/telemetryGroups
GET /{__tenant__}/api/telemetryGroups/all
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}/telemetry
GET /{__tenant__}/api/tenant
GET /{__tenant__}/api/tenant/auditHistory
GET /{__tenant__}/api/tenant/group/{groupId}
GET /{__tenant__}/api/tenant/groups
GET /{__tenant__}/api/tenant/groups/{groupId}/users
GET /{__tenant__}/api/tenant/logo
GET /{__tenant__}/api/tenant/stylesheet
GET /{__tenant__}/api/users
GET /{__tenant__}/api/users/invites
GET /{__tenant__}/api/users/me
GET /{__tenant__}/api/workflows
GET /{__tenant__}/api/workflows/modules
GET /{__tenant__}/api/workflows/modules/nodeTypes
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}/versions
POST /{__tenant__}/api/admin/remoteMaintenance/{deviceId}
POST /{__tenant__}/api/ai
POST /{__tenant__}/api/dashboards/{dashboardId}/widgets
POST /{__tenant__}/api/dataExports/{id}/retry
POST /{__tenant__}/api/devices/{deviceId}/analytics/completions
POST /{__tenant__}/api/devices/{deviceId}/analytics/quickinfo
POST /{__tenant__}/api/devices/{deviceId}/analytics/signatures
POST /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/commands
POST /{__tenant__}/api/devices/{deviceId}/liveData
POST /{__tenant__}/api/devices/{deviceId}/masters/add
POST /{__tenant__}/api/devices/{deviceId}/workflows/data
POST /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/simulate
POST /{__tenant__}/api/users/invite
PUT /{__tenant__}/api/dashboards/{dashboardId}/widgets/{widgetId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/input/{inputId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/metaData
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/resume
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/disable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/enable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/resume
PUT /{__tenant__}/api/notifications/readAll
PUT /{__tenant__}/api/notifications/{notificationId}/read
PUT /{__tenant__}/api/productionOrders/{productionOrderId}
PUT /{__tenant__}/api/productionOrders/{productionOrderId}/update

Found on 2026-01-09 11:46

Create report

Open service 13.69.68.45:443 · iot.achtbytes.com

2026-01-23 04:15

HTTP/1.1 200 OK
Content-Length: 956
Connection: close
Content-Type: text/html
Date: Fri, 23 Jan 2026 04:15:44 GMT
Accept-Ranges: bytes
ETag: "1dc855ca706d0bc"
Last-Modified: Wed, 14 Jan 2026 13:49:50 GMT
Set-Cookie: ARRAffinity=f433f4c9f94441b172ed8b7986ddb8811df4ff7e78901ffbc4b10508b362bf1e;Path=/;HttpOnly;Secure;Domain=iot.achtbytes.com
Set-Cookie: ARRAffinitySameSite=f433f4c9f94441b172ed8b7986ddb8811df4ff7e78901ffbc4b10508b362bf1e;Path=/;HttpOnly;SameSite=None;Secure;Domain=iot.achtbytes.com
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:16042d0a-2492-4e21-9612-e27eb97bbfe1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=self, fullscreen=self
Content-Security-Policy: default-src 'none'; worker-src 'self'; frame-src https://stegoconnecteuwprod.b2clogin.com 'self'; font-src 'self'; media-src blob:; manifest-src 'self'; connect-src https://dc.services.visualstudio.com/ https://js.monitor.azure.com/scripts/b/ai.config.1.cfg.json https://stegoconnecteuwprod.b2clogin.com 'self'; style-src 'unsafe-inline' 'self'; script-src https://*.vo.msecnd.net 'self'; img-src https://connectprodeuwstg.blob.core.windows.net/ 'self' data:

Page title: achtBytes IoT

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8"/>
        <title>achtBytes IoT</title>
        <base href="/"/>
        <meta name="viewport" content="width=device-width, initial-scale=1"/>
        <link rel="shortcut icon" href="/assets/favicon/favicon.ico" type="image/x-icon"/>
        <script src="/assets/scripts/tenant-theme.js"></script>
        <link rel="manifest" href="manifest.webmanifest"/>
        <meta name="theme-color" content="#1976d2"/>
    <link rel="stylesheet" href="styles.1be7e23392cc2587.css"></head>

    <body>
        <app-root></app-root>
        <noscript>Please enable JavaScript to continue using this application.</noscript>
    <script src="runtime.9be3263783de4238.js" type="module"></script><script src="polyfills.aef8dd76be6b68bd.js" type="module"></script><script src="scripts.f44552b79fb39de6.js" defer></script><script src="main.1d9bfee6734d4260.js" type="module"></script></body>
</html>

Found 2026-01-23 by HttpPlugin

Create report

iot.achtbytes.com

Fingerprint:

722478148b0e740058070b7552058ac4ccd7278213f8d44c32d4bfcd314f0510

CN:

iot.achtbytes.com

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-12-29 00:00

Not after:

2026-04-14 23:59

Domain summary

iot.achtbytes.com 2

1 recorded

IP summary

13.69.68.45 2

1 recorded