Domain qpro.dressingplus.be
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-06 20:23
Last seen 2026-01-02 12:50
Open for 56 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb41c0dee39c9572c82d82a805bbf3b2992fe0489a0Public Swagger UI/API detected at path: /api/swagger.json - sample paths: GET /account/get GET /account/logout GET /configurator/dressing/init GET /configurator/init GET /discount/current GET /discount/promo/{code} GET /dressing/configuration/external/{externalReference} GET /dressing/configuration/is-valid/{code} GET /dressing/configuration/{code} GET /dressing/delivery GET /dressing/door-handle GET /dressing/door-handle/{id} GET /dressing/light-price POST /account/change-password POST /account/login POST /account/register-password POST /account/reset POST /dressing/2d-plan/create POST /dressing/2d-plan/save POST /dressing/configuration/order POST /dressing/configuration/order/complete-payment-status POST /dressing/configuration/send POST /dressing/door/color/filter POST /dressing/door/filter POST /dressing/finish-item/color/filter POST /dressing/finish-item/filter POST /dressing/module/all-with-top10 POST /dressing/module/color/filter POST /dressing/module/filter POST /dressing/module/number POST /dressing/module/thicknessFound on 2026-01-02 12:50
-
-
Open service 20.82.12.44:443 · qpro.dressingplus.be
2026-01-09 09:14
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Fri, 09 Jan 2026 09:15:10 GMT Location: /home/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src 'none'; connect-src 'self' www.google-analytics.com; font-src 'self' https://ik.imagekit.io/dressingplus/ fonts.gstatic.com; frame-src https://www.google.com/recaptcha/;frame-ancestors 'self'; img-src 'self' data: https://ik.imagekit.io/dressingplus/ https://purecatamphetamine.github.io/country-flag-icons/; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ fonts.googleapis.com; prefetch-src 'self'; base-uri 'none'; form-action 'none' feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none' permissions-policy: accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() Link: <https://ik.imagekit.io>; rel=preconnect; crossorigin
Found 2026-01-09 by HttpPluginCreate report
-
Open service 20.82.12.44:443 · qpro.dressingplus.be
2026-01-02 12:50
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Fri, 02 Jan 2026 12:50:47 GMT Location: /home/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src 'none'; connect-src 'self' www.google-analytics.com; font-src 'self' https://ik.imagekit.io/dressingplus/ fonts.gstatic.com; frame-src https://www.google.com/recaptcha/;frame-ancestors 'self'; img-src 'self' data: https://ik.imagekit.io/dressingplus/ https://purecatamphetamine.github.io/country-flag-icons/; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ fonts.googleapis.com; prefetch-src 'self'; base-uri 'none'; form-action 'none' feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none' permissions-policy: accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() Link: <https://ik.imagekit.io>; rel=preconnect; crossorigin
Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.82.12.44:443 · qpro.dressingplus.be
2025-12-22 19:08
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 22 Dec 2025 19:08:34 GMT Location: /home/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: default-src 'none'; connect-src 'self' www.google-analytics.com; font-src 'self' https://ik.imagekit.io/dressingplus/ fonts.gstatic.com; frame-src https://www.google.com/recaptcha/;frame-ancestors 'self'; img-src 'self' data: https://ik.imagekit.io/dressingplus/ https://purecatamphetamine.github.io/country-flag-icons/; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://ik.imagekit.io/dressingplus/ fonts.googleapis.com; prefetch-src 'self'; base-uri 'none'; form-action 'none' feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none' permissions-policy: accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() Link: <https://ik.imagekit.io>; rel=preconnect; crossorigin
Found 2025-12-22 by HttpPluginCreate report