LeakIX - Host provider.ticnine.com

Domain provider.ticnine.com

The Netherlands

GOOGLE-CLOUD-PLATFORM

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 34.32.211.156
Domain: provider.ticnine.com
Port: 443
URL: https://provider.ticnine.com

First seen 2025-11-14 07:52
Last seen 2026-01-13 06:53
Open for 59 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18c708a519ca7245a804368dad33c35bcb6

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/applications
ANY /v1/admin/applications/{name}
ANY /v1/admin/client/details
ANY /v1/admin/clients/all
ANY /v1/admin/companies
ANY /v1/admin/companies/lock
ANY /v1/admin/companies/subscriptions/change
ANY /v1/admin/companies/validate/name/{name}
ANY /v1/admin/companies/validate/vat
ANY /v1/admin/companies/{name}
ANY /v1/admin/dashboard
ANY /v1/admin/entity-fields
ANY /v1/admin/entity-fields/{entity}/{key}
ANY /v1/admin/fields
ANY /v1/admin/fields/{name}
ANY /v1/admin/languages
ANY /v1/admin/languages/json/{type}/{language}
ANY /v1/admin/languages/sync/{type}
ANY /v1/admin/lock-user
ANY /v1/admin/logs/assistant
ANY /v1/admin/logs/invoice
ANY /v1/admin/logs/invoice/company/{company}
ANY /v1/admin/logs/invoice/upload/company/{company}
ANY /v1/admin/logs/invoice/{id}
ANY /v1/admin/logs/invoices/{id}
ANY /v1/admin/logs/supplier/all
ANY /v1/admin/logs/supplier/code/{company}/{supplierCode}
ANY /v1/admin/logs/supplier/company/{company}
ANY /v1/admin/logs/supplier/{id}
ANY /v1/admin/logs/twinfield
ANY /v1/admin/roles
ANY /v1/admin/roles/{id}
ANY /v1/admin/stats/clients
ANY /v1/admin/stats/detail
ANY /v1/admin/stats/login/details
ANY /v1/admin/stats/overall
ANY /v1/admin/stats/signup/details
ANY /v1/admin/subscriptions/
ANY /v1/admin/users
ANY /v1/admin/users/all
ANY /v1/admin/{company}/delete
ANY /v1/admin/{company}/details
ANY /v1/admin/{company}/document-analytics
ANY /v1/admin/{company}/edit-details
ANY /v1/admin/{company}/purchase-details
ANY /v1/api-doc/{domain}
ANY /v1/brands
ANY /v1/brands/config/{domain}
ANY /v1/brands/status
ANY /v1/brands/{type}/{domain}
ANY /v1/company-subscription
ANY /v1/dimensions/{dimension}/all
ANY /v1/dimensions/{dimension}/company/{company}
ANY /v1/dimensions/{dimension}/company/{company}/{code}
ANY /v1/dimensions/{dimension}/{id}
ANY /v1/integrations/gstock/connection/{company}
ANY /v1/integrations/gstock/deliver
ANY /v1/integrations/test/api/{app}
ANY /v1/integrations/test/basic/{app}
ANY /v1/integrations/test/bearer/{app}
ANY /v1/logs/feedback
ANY /v1/statistics/dashboard
ANY /v1/workflows/engine-preferences
ANY /v1/workflows/engine-preferences/{type}/{id}
ANY /v2/admin/entity-fields

Found on 2026-01-13 06:53

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18c708a519ca7245a804368dad32a7007a8

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/applications
ANY /v1/admin/applications/{name}
ANY /v1/admin/client/details
ANY /v1/admin/clients/all
ANY /v1/admin/companies
ANY /v1/admin/companies/lock
ANY /v1/admin/companies/subscriptions/change
ANY /v1/admin/companies/validate/name/{name}
ANY /v1/admin/companies/validate/vat
ANY /v1/admin/companies/{name}
ANY /v1/admin/dashboard
ANY /v1/admin/entity-fields
ANY /v1/admin/entity-fields/{entity}/{key}
ANY /v1/admin/fields
ANY /v1/admin/fields/{name}
ANY /v1/admin/languages
ANY /v1/admin/languages/json/{type}/{language}
ANY /v1/admin/languages/sync/{type}
ANY /v1/admin/lock-user
ANY /v1/admin/logs/assistant
ANY /v1/admin/logs/invoice
ANY /v1/admin/logs/invoice/company/{company}
ANY /v1/admin/logs/invoice/upload/company/{company}
ANY /v1/admin/logs/invoice/{id}
ANY /v1/admin/logs/invoices/{id}
ANY /v1/admin/logs/supplier/all
ANY /v1/admin/logs/supplier/code/{company}/{supplierCode}
ANY /v1/admin/logs/supplier/company/{company}
ANY /v1/admin/logs/supplier/{id}
ANY /v1/admin/logs/twinfield
ANY /v1/admin/roles
ANY /v1/admin/roles/{id}
ANY /v1/admin/subscriptions/
ANY /v1/admin/users
ANY /v1/admin/users/all
ANY /v1/admin/{company}/delete
ANY /v1/admin/{company}/details
ANY /v1/admin/{company}/document-analytics
ANY /v1/admin/{company}/edit-details
ANY /v1/admin/{company}/purchase-details
ANY /v1/api-doc/{domain}
ANY /v1/brands
ANY /v1/brands/config/{domain}
ANY /v1/brands/status
ANY /v1/brands/{type}/{domain}
ANY /v1/company-subscription
ANY /v1/dimensions/{dimension}/all
ANY /v1/dimensions/{dimension}/company/{company}
ANY /v1/dimensions/{dimension}/company/{company}/{code}
ANY /v1/dimensions/{dimension}/{id}
ANY /v1/integrations/gstock/connection/{company}
ANY /v1/integrations/gstock/deliver
ANY /v1/integrations/test/api/{app}
ANY /v1/integrations/test/basic/{app}
ANY /v1/integrations/test/bearer/{app}
ANY /v1/logs/feedback
ANY /v1/statistics/dashboard
ANY /v1/workflows/engine-preferences
ANY /v1/workflows/engine-preferences/{type}/{id}
ANY /v2/admin/entity-fields

Found on 2026-01-02 03:03

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4305c2e18c708a519ca7245a80f482dbfe9798877a

Public Swagger UI/API detected at path: /swagger.json - sample paths:
ANY /
ANY /v1/admin/applications
ANY /v1/admin/applications/{name}
ANY /v1/admin/companies
ANY /v1/admin/companies/lock
ANY /v1/admin/companies/subscriptions/change
ANY /v1/admin/companies/validate/name/{name}
ANY /v1/admin/companies/validate/vat
ANY /v1/admin/companies/{name}
ANY /v1/admin/dashboard
ANY /v1/admin/entity-fields
ANY /v1/admin/entity-fields/{entity}/{key}
ANY /v1/admin/fields
ANY /v1/admin/fields/{name}
ANY /v1/admin/languages
ANY /v1/admin/languages/json/{type}/{language}
ANY /v1/admin/languages/sync/{type}
ANY /v1/admin/lock-user
ANY /v1/admin/logs/assistant
ANY /v1/admin/logs/invoice
ANY /v1/admin/logs/invoice/company/{company}
ANY /v1/admin/logs/invoice/upload/company/{company}
ANY /v1/admin/logs/invoice/{id}
ANY /v1/admin/logs/invoices/{id}
ANY /v1/admin/logs/supplier/all
ANY /v1/admin/logs/supplier/code/{company}/{supplierCode}
ANY /v1/admin/logs/supplier/company/{company}
ANY /v1/admin/logs/supplier/{id}
ANY /v1/admin/logs/twinfield
ANY /v1/admin/roles
ANY /v1/admin/roles/{id}
ANY /v1/admin/subscriptions/
ANY /v1/admin/users
ANY /v1/admin/users/all
ANY /v1/api-doc/{domain}
ANY /v1/brands
ANY /v1/brands/config/{domain}
ANY /v1/brands/status
ANY /v1/brands/{type}/{domain}
ANY /v1/company-subscription
ANY /v1/dimensions/{dimension}/all
ANY /v1/dimensions/{dimension}/company/{company}
ANY /v1/dimensions/{dimension}/company/{company}/{code}
ANY /v1/dimensions/{dimension}/{id}
ANY /v1/integrations/gstock/connection/{company}
ANY /v1/integrations/gstock/deliver
ANY /v1/integrations/test/api/{app}
ANY /v1/integrations/test/basic/{app}
ANY /v1/integrations/test/bearer/{app}
ANY /v1/logs/feedback
ANY /v1/statistics/dashboard
ANY /v2/admin/entity-fields

Found on 2025-12-20 21:16

Create report

Open service 34.32.211.156:443 · provider.ticnine.com

2026-01-09 11:40

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 11:40:57 GMT
Content-Type: application/json
Content-Length: 71
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"OP-PROVIDER-SERVICE-API v8.10.3 Running..","success":true}

Found 2026-01-09 by HttpPlugin

Create report

Open service 34.32.211.156:443 · provider.ticnine.com

2026-01-02 03:03

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 03:03:50 GMT
Content-Type: application/json
Content-Length: 71
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"OP-PROVIDER-SERVICE-API v8.10.1 Running..","success":true}

Found 2026-01-02 by HttpPlugin

Create report

Open service 34.32.211.156:443 · provider.ticnine.com

2025-12-22 18:35

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 18:35:45 GMT
Content-Type: application/json
Content-Length: 71
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"OP-PROVIDER-SERVICE-API v8.10.0 Running..","success":true}

Found 2025-12-22 by HttpPlugin

Create report

Open service 34.32.211.156:443 · provider.ticnine.com

2025-12-20 21:16

HTTP/1.1 200 OK
Date: Sat, 20 Dec 2025 21:16:14 GMT
Content-Type: application/json
Content-Length: 70
Connection: close
Vary: Origin
Strict-Transport-Security: max-age=15724800; includeSubDomains


{"message":"OP-PROVIDER-SERVICE-API v8.9.0 Running..","success":true}

Found 2025-12-20 by HttpPlugin

Create report

provider.ticnine.com

Fingerprint:

fb5a777d7b47ee42c037736b7d4e16b3a77582cc21b8f55bc1b38e310ee21599

CN:

provider.ticnine.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-14 06:53

Not after:

2026-02-12 06:53

Domain summary

provider.ticnine.com 6

1 recorded

IP summary

34.32.211.156 2

1 recorded