LeakIX - Host stage.api.qrnexus.abb.com

Domain stage.api.qrnexus.abb.com

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.90
Domain: stage.api.qrnexus.abb.com
Port: 443
URL: https://stage.api.qrnexus.abb.com

First seen 2025-10-23 11:22
Last seen 2026-01-13 17:41
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929f0b13be85ca478cacea175232667b8d17b48bb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /priv/v1/Activities/{activityId}
DELETE /priv/v1/Codes/{codeRef}
DELETE /priv/v1/Companies/{masterCode}
GET /api/v1/ABBQrCodes/{codeRef}/DestinationUrl
GET /api/v1/ABBQrCodes/{codeRef}/Image
GET /api/v1/ABBQrCodes/{codeRef}/Salt
GET /api/v1/Administration/Companies/InvitationList
GET /api/v1/Administration/ManagementPortalInvitations
GET /api/v1/Administration/ScanHistory
GET /api/v1/Administration/ScanHistory/Points
GET /api/v1/Administration/ScanHistory/UserMapFocus
GET /api/v1/Administration/Settings/google-maps-api-key
GET /api/v1/Administration/Users/Emails
GET /api/v1/ContactInformation
GET /api/v1/Features
GET /api/v1/Features/{featureName}/IsEnabled
GET /api/v1/IpAddressDetail
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Files
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders/breadcrumb
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Users
GET /api/v1/ManagementPortal/Companies/{companyId}/image
GET /api/v1/ManagementPortal/ProjectFilesCategories
GET /api/v1/ManagementPortal/ProjectVisits/{companyId}/Recent
GET /api/v1/Product/exists/{languageCode}/{productId}
GET /api/v1/Product/{languageCode}/{productId}
GET /api/v1/Test/is-authorized
GET /api/v1/Users/me/memberships/management-portal
GET /api/v1/Users/{email}/photos
GET /api/v1/Version
GET /api/v2/Administration/ScanHistory
GET /api/v2/Administration/ScanHistory/Points
GET /priv/v1/ABBQrCodes/{codeRef}/Image
GET /priv/v1/Codes/{id}/Image
GET /priv/v1/Test/TestEmailTemplate
GET /priv/v1/Test/china-blob
GET /priv/v1/Test/encode-png
GET /priv/v1/Test/generate-png
GET /priv/v1/Test/user-ip
GET /priv/v1/UserRoles
POST /api/v1/ABBQrCodeValidator
POST /api/v1/ABBQrCodes/ProductCodes
POST /api/v1/ABBQrCodes/ProductCodes/Bulk
POST /api/v1/ManagementPortal/Companies/{companyId}
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders/{folderId}
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Users/{targetUserId}
POST /api/v1/ManagementPortal/Invitations/{reference}/Open
POST /api/v1/ManagementPortal/ProjectVisits
POST /api/v1/PisSearchApi/token
POST /api/v1/SupportTickets
POST /api/v1/Users/me
POST /api/v1/Users/photos/batch/info
POST /priv/v1/ABBQrCodes/ProductCodes
POST /priv/v1/ABBQrCodes/ProductCodes/Bulk
POST /priv/v1/Codes
POST /priv/v1/Codes/Bulk
POST /priv/v1/Codes/{codeId}/Dynamic
POST /priv/v1/Companies/{masterCode}/restore
POST /priv/v1/Test/china-blob-bulk-test
POST /priv/v1/Test/china-blob-test
POST /priv/v1/Test/china-sync-events
POST /priv/v1/Test/enqueue-sync-events-from-csv
POST /priv/v1/Test/large-json
POST /priv/v1/Test/upload-image
PUT /priv/v1/ProductsMetadata/{productId}

Found on 2026-01-13 17:41

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354929f0b13be85ca478cacea175232667b83c5946ff

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /priv/v1/Activities/{activityId}
DELETE /priv/v1/Codes/{codeRef}
DELETE /priv/v1/Companies/{masterCode}
GET /api/v1/ABBQrCodes/{codeRef}/DestinationUrl
GET /api/v1/ABBQrCodes/{codeRef}/Image
GET /api/v1/ABBQrCodes/{codeRef}/Salt
GET /api/v1/Administration/Companies/InvitationList
GET /api/v1/Administration/ManagementPortalInvitations
GET /api/v1/Administration/ScanHistory
GET /api/v1/Administration/ScanHistory/Points
GET /api/v1/Administration/ScanHistory/UserMapFocus
GET /api/v1/Administration/Settings/google-maps-api-key
GET /api/v1/Administration/Users/Emails
GET /api/v1/ContactInformation
GET /api/v1/Features
GET /api/v1/Features/{featureName}/IsEnabled
GET /api/v1/IpAddressDetail
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Files
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders/breadcrumb
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Users
GET /api/v1/ManagementPortal/Companies/{companyId}/image
GET /api/v1/ManagementPortal/ProjectFilesCategories
GET /api/v1/ManagementPortal/ProjectVisits/{companyId}/Recent
GET /api/v1/Product/exists/{languageCode}/{productId}
GET /api/v1/Product/{languageCode}/{productId}
GET /api/v1/Test/is-authorized
GET /api/v1/Users/me/memberships/management-portal
GET /api/v1/Users/{email}/photos
GET /api/v1/Version
GET /api/v2/Administration/ScanHistory
GET /api/v2/Administration/ScanHistory/Points
GET /priv/v1/ABBQrCodes/{codeRef}/Image
GET /priv/v1/Codes/{id}/Image
GET /priv/v1/Test/TestEmailTemplate
GET /priv/v1/Test/china-blob
GET /priv/v1/Test/encode-png
GET /priv/v1/Test/generate-png
GET /priv/v1/Test/user-ip
GET /priv/v1/UserRoles
POST /api/v1/ABBQrCodeValidator
POST /api/v1/ABBQrCodes/ProductCodes
POST /api/v1/ABBQrCodes/ProductCodes/Bulk
POST /api/v1/ManagementPortal/Companies/{companyId}
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Folders/{folderId}
POST /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}/Users/{targetUserId}
POST /api/v1/ManagementPortal/Invitations/{reference}/Open
POST /api/v1/ManagementPortal/ProjectVisits
POST /api/v1/PisSearchApi/token
POST /api/v1/SupportTickets
POST /api/v1/Users/me
POST /priv/v1/ABBQrCodes/ProductCodes
POST /priv/v1/ABBQrCodes/ProductCodes/Bulk
POST /priv/v1/Codes
POST /priv/v1/Codes/Bulk
POST /priv/v1/Codes/{codeId}/Dynamic
POST /priv/v1/Companies/{masterCode}/restore
POST /priv/v1/Test/china-blob-bulk-test
POST /priv/v1/Test/china-blob-test
POST /priv/v1/Test/china-sync-events
POST /priv/v1/Test/enqueue-sync-events-from-csv
POST /priv/v1/Test/large-json
POST /priv/v1/Test/upload-image
PUT /priv/v1/ProductsMetadata/{productId}

Found on 2026-01-02 12:22

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-20 04:40

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354940030472e65056c41880b5925a4151f385b7c07d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /priv/v1/Codes/{codeId}
GET /api/ContactInformation
GET /api/IpAddressDetail
GET /api/Product/exists/{languageCode}/{productId}
GET /api/Product/{languageCode}/{productId}
GET /api/Test/is-authorized
GET /api/Users/me/memberships/management-portal
GET /api/Version
GET /api/v1/ABBQrCodes/{codeRef}/DestinationUrl
GET /api/v1/ABBQrCodes/{codeRef}/Image
GET /api/v1/ABBQrCodes/{codeRef}/Salt
GET /api/v1/Administration/Companies/InvitationList
GET /api/v1/Administration/ManagementPortalInvitations
GET /api/v1/Administration/ScanHistory
GET /api/v1/Administration/ScanHistory/Points
GET /api/v1/Administration/Settings/google-maps-api-key
GET /api/v1/Administration/Users/Emails
GET /api/v1/Features
GET /api/v1/Features/{featureName}/IsEnabled
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects
GET /api/v1/ManagementPortal/Companies/{companyId}/Projects/{projectId}
GET /priv/v1/ABBQrCodes/{codeRef}/Image
GET /priv/v1/Codes/{id}/Image
GET /priv/v1/Test/china-blob
GET /priv/v1/Test/encode-png
GET /priv/v1/Test/generate-png
GET /priv/v1/Test/user-ip
GET /priv/v1/UserRoles
PATCH /api/v1/ManagementPortal/Companies/{companyId}
POST /api/ABBQrCodeValidator
POST /api/PisSearchApi/token
POST /api/Users/me
POST /api/v1/ABBQrCodes/ProductCodes
POST /api/v1/ABBQrCodes/ProductCodes/Bulk
POST /api/v1/ManagementPortalInvitations/{reference}/Open
POST /api/v1/SupportTickets
POST /priv/v1/ABBQrCodes/ProductCodes
POST /priv/v1/ABBQrCodes/ProductCodes/Bulk
POST /priv/v1/Codes
POST /priv/v1/Codes/Bulk
POST /priv/v1/Codes/{codeId}/Dynamic
POST /priv/v1/Test/china-blob-bulk-test
POST /priv/v1/Test/china-blob-test
POST /priv/v1/Test/large-json
POST /priv/v1/Test/upload-image
PUT /priv/v1/ProductsMetadata/{productId}

Found on 2025-12-18 21:12

Create report

Open service 2.16.204.90:443 · stage.api.qrnexus.abb.com

2026-01-09 15:05

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 146
Cache-Control: no-store,no-cache,must-revalidate,max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline'
Expect-CT: max-age=604800, enforce
Referrer-Policy: no-referrer
Date: Fri, 09 Jan 2026 15:05:54 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.16.204.90:443 · stage.api.qrnexus.abb.com

2026-01-02 12:22

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 146
Cache-Control: no-store,no-cache,must-revalidate,max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline'
Expect-CT: max-age=604800, enforce
Referrer-Policy: no-referrer
Date: Fri, 02 Jan 2026 12:22:43 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.16.204.90:443 · stage.api.qrnexus.abb.com

2025-12-22 18:57

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 146
Cache-Control: no-store,no-cache,must-revalidate,max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline'
Expect-CT: max-age=604800, enforce
Referrer-Policy: no-referrer
Date: Mon, 22 Dec 2025 18:57:05 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2025-12-22 by HttpPlugin