Domain ts7-api.myhours.com
The Netherlands
Software information
Kestrel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-04 09:12
Last seen 2026-02-02 12:03
Open for 60 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-02 12:03
-
-
Open service 20.105.232.38:443 · ts7-api.myhours.com
2026-01-23 06:05
HTTP/1.1 200 OK Connection: close Date: Fri, 23 Jan 2026 06:06:20 GMT Server: Kestrel Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload client-version: 8.16.0 new-version-needs-signout: False Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=() X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block API
Found 2026-01-23 by HttpPluginCreate report
-
Open service 20.105.232.38:443 · ts7-api.myhours.com
2026-01-10 00:02
HTTP/1.1 200 OK Connection: close Date: Sat, 10 Jan 2026 00:03:13 GMT Server: Kestrel Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload client-version: 8.14.0 new-version-needs-signout: False Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=() X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block API
Found 2026-01-10 by HttpPluginCreate report
-
Open service 20.105.232.38:443 · ts7-api.myhours.com
2026-01-02 20:48
HTTP/1.1 200 OK Connection: close Date: Fri, 02 Jan 2026 20:48:50 GMT Server: Kestrel Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload client-version: 8.13.0 new-version-needs-signout: False Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=() X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block API
Found 2026-01-02 by HttpPluginCreate report
-
Open service 20.105.232.38:443 · ts7-api.myhours.com
2025-12-23 01:26
HTTP/1.1 200 OK Connection: close Date: Tue, 23 Dec 2025 01:26:09 GMT Server: Kestrel Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000; includeSubDomains; preload client-version: 8.11.1 new-version-needs-signout: False Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=() X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block API
Found 2025-12-23 by HttpPluginCreate report