LeakIX - Host vr-staging.linde.com

Domain vr-staging.linde.com

Germany

Akamai International B.V.

Software information

AK-Ghost-Server

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: vr-staging.linde.com
Port: 443
URL: https://vr-staging.linde.com

First seen 2025-12-05 06:47
Last seen 2026-02-10 00:40
Open for 66 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60526b7e7024b85da89199ed7bdee319f04a860599

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /companies/{id}/subscription/{courseId}
DELETE /trainingplans/{id}/accounts/{accountId}
GET /accounts
GET /accounts/current
GET /accounts/current/statistics
GET /accounts/current/statistics/usage.xlsx
GET /accounts/leaderboard
GET /accounts/sso/authorization-url/{provider}
GET /accounts/{id}
GET /accounts/{id}/statistics/courses
GET /accounts/{id}/statistics/sessions
GET /companies
GET /companies/{id}
GET /companies/{id}/plants
GET /companies/{id}/statistics
GET /companies/{id}/statistics/courses
GET /companies/{id}/statistics/sessions
GET /companies/{id}/statistics/trainees
GET /companies/{id}/statistics/usage.xlsx
GET /companies/{id}/subscription
GET /companies/{id}/subscription/courses
GET /companies/{id}/subscription/usage
GET /cores
GET /cores/courses/{id}
GET /cores/{id}
GET /courses
GET /courses/runnable
GET /courses/summary
GET /courses/{id}
GET /courses/{id}/runnable
GET /courses/{id}/sessions
GET /courses/{id}/sessions/statistics
GET /languages
GET /plants/{id}
GET /streamingvirtualmachine/status
GET /trainingplans
GET /trainingplans/accounts/{accountId}
GET /trainingplans/active
GET /trainingplans/{id}
GET /trainingplans/{id}/accounts
GET /trainingplans/{id}/accounts/{accountId}/progress
GET /trainingplans/{id}/accounts/{accountId}/sessions
GET /trainingplans/{id}/accounts/{accountId}/statistics
GET /trainingplans/{id}/courses
GET /trainingplans/{id}/statistics
POST /accounts/forgot-password
POST /accounts/login
POST /accounts/otp
POST /accounts/otp-login
POST /accounts/register-trial
POST /accounts/reset-password
POST /accounts/sso/callback/{provider}
POST /accounts/validate-reset-token
POST /accounts/{id}/activate
POST /accounts/{id}/deactivate
POST /assets/upload/core
POST /assets/upload/image
POST /assets/upload/video
POST /cores/{id}/version/{version}
POST /coursesessions
POST /coursesessions/create
POST /coursesessions/{id}/complete
POST /plants
POST /productinquiries
POST /streamingvirtualmachine/start
POST /streamingvirtualmachine/stop
PUT /companies/{id}/subscription/cancel
PUT /companies/{id}/subscription/update
PUT /courses/{id}/archive
PUT /courses/{id}/unarchive

Found on 2026-02-10 00:40

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-08 01:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354914d7f30d18bc383787a899924ebf68afc6d5c0a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /companies/{id}/subscription/{courseId}
DELETE /trainingplans/{id}/accounts/{accountId}
GET /accounts
GET /accounts/current
GET /accounts/current/statistics
GET /accounts/current/statistics/usage.xlsx
GET /accounts/leaderboard
GET /accounts/sso/authorization-url/{provider}
GET /accounts/{id}
GET /accounts/{id}/statistics/courses
GET /accounts/{id}/statistics/sessions
GET /companies
GET /companies/{id}
GET /companies/{id}/plants
GET /companies/{id}/statistics
GET /companies/{id}/statistics/courses
GET /companies/{id}/statistics/sessions
GET /companies/{id}/statistics/trainees
GET /companies/{id}/statistics/usage.xlsx
GET /companies/{id}/subscription
GET /companies/{id}/subscription/courses
GET /companies/{id}/subscription/usage
GET /cores
GET /cores/courses/{id}
GET /cores/{id}
GET /courses
GET /courses/runnable
GET /courses/summary
GET /courses/{id}
GET /courses/{id}/runnable
GET /courses/{id}/sessions
GET /courses/{id}/sessions/statistics
GET /languages
GET /plants/{id}
GET /streamingvirtualmachine/status
GET /trainingplans
GET /trainingplans/accounts/{accountId}
GET /trainingplans/active
GET /trainingplans/{id}
GET /trainingplans/{id}/accounts
GET /trainingplans/{id}/accounts/{accountId}/progress
GET /trainingplans/{id}/accounts/{accountId}/sessions
GET /trainingplans/{id}/accounts/{accountId}/statistics
GET /trainingplans/{id}/courses
GET /trainingplans/{id}/statistics
POST /accounts/forgot-password
POST /accounts/login
POST /accounts/otp
POST /accounts/otp-login
POST /accounts/register-trial
POST /accounts/reset-password
POST /accounts/sso/callback/{provider}
POST /accounts/validate-reset-token
POST /accounts/{id}/activate
POST /accounts/{id}/deactivate
POST /assets/upload/core
POST /assets/upload/image
POST /assets/upload/video
POST /cores/{id}/version/{version}
POST /coursesessions
POST /coursesessions/create
POST /coursesessions/{id}/complete
POST /plants
POST /productinquiries
POST /streamingvirtualmachine/start
POST /streamingvirtualmachine/stop
PUT /companies/{id}/subscription/cancel
PUT /companies/{id}/subscription/update
PUT /courses/{id}/archive
PUT /courses/{id}/unarchive

Found on 2026-01-23 07:43

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: api.training.vr-staging.linde.com
Port: 443
URL: https://api.training.vr-staging.linde.com

First seen 2025-12-05 06:47
Last seen 2026-02-08 01:02
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-08 01:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354914d7f30d18bc383787a899924ebf68afc6d5c0a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /companies/{id}/subscription/{courseId}
DELETE /trainingplans/{id}/accounts/{accountId}
GET /accounts
GET /accounts/current
GET /accounts/current/statistics
GET /accounts/current/statistics/usage.xlsx
GET /accounts/leaderboard
GET /accounts/sso/authorization-url/{provider}
GET /accounts/{id}
GET /accounts/{id}/statistics/courses
GET /accounts/{id}/statistics/sessions
GET /companies
GET /companies/{id}
GET /companies/{id}/plants
GET /companies/{id}/statistics
GET /companies/{id}/statistics/courses
GET /companies/{id}/statistics/sessions
GET /companies/{id}/statistics/trainees
GET /companies/{id}/statistics/usage.xlsx
GET /companies/{id}/subscription
GET /companies/{id}/subscription/courses
GET /companies/{id}/subscription/usage
GET /cores
GET /cores/courses/{id}
GET /cores/{id}
GET /courses
GET /courses/runnable
GET /courses/summary
GET /courses/{id}
GET /courses/{id}/runnable
GET /courses/{id}/sessions
GET /courses/{id}/sessions/statistics
GET /languages
GET /plants/{id}
GET /streamingvirtualmachine/status
GET /trainingplans
GET /trainingplans/accounts/{accountId}
GET /trainingplans/active
GET /trainingplans/{id}
GET /trainingplans/{id}/accounts
GET /trainingplans/{id}/accounts/{accountId}/progress
GET /trainingplans/{id}/accounts/{accountId}/sessions
GET /trainingplans/{id}/accounts/{accountId}/statistics
GET /trainingplans/{id}/courses
GET /trainingplans/{id}/statistics
POST /accounts/forgot-password
POST /accounts/login
POST /accounts/otp
POST /accounts/otp-login
POST /accounts/register-trial
POST /accounts/reset-password
POST /accounts/sso/callback/{provider}
POST /accounts/validate-reset-token
POST /accounts/{id}/activate
POST /accounts/{id}/deactivate
POST /assets/upload/core
POST /assets/upload/image
POST /assets/upload/video
POST /cores/{id}/version/{version}
POST /coursesessions
POST /coursesessions/create
POST /coursesessions/{id}/complete
POST /plants
POST /productinquiries
POST /streamingvirtualmachine/start
POST /streamingvirtualmachine/stop
PUT /companies/{id}/subscription/cancel
PUT /companies/{id}/subscription/update
PUT /courses/{id}/archive
PUT /courses/{id}/unarchive

Found on 2026-01-16 12:46

Create report

Open service 23.3.88.147:443 · api.training.vr-staging.linde.com

2026-01-23 08:23
Found 2026-01-23 by HttpPlugin
Create report

Open service 2.21.79.51:443 · vr-staging.linde.com

2026-01-23 07:43

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Fri, 23 Jan 2026 07:43:13 GMT
Date: Fri, 23 Jan 2026 07:43:13 GMT
Connection: close
X-Ak-Ref-ID: 0.8f580317.1769154193.2622219b
Client-RTT: 1 | 0 | 1
Server: AK-Ghost-Server

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.21.79.51:443 · vr-staging.linde.com

2026-01-09 11:41

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Fri, 09 Jan 2026 11:42:01 GMT
Date: Fri, 09 Jan 2026 11:42:01 GMT
Connection: close
X-Ak-Ref-ID: 0.2f4f1502.1767958921.16f79584
Client-RTT: 94 | 0 | 1
Server: AK-Ghost-Server

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.3.88.147:443 · api.training.vr-staging.linde.com

2026-01-09 10:32

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Fri, 09 Jan 2026 10:32:52 GMT
Date: Fri, 09 Jan 2026 10:32:52 GMT
Connection: close
X-Ak-Ref-ID: 0.2f4f1502.1767954772.16cf3d37
Client-RTT: 0 | 0 | 0
Server: AK-Ghost-Server

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.3.88.147:443 · api.training.vr-staging.linde.com

2026-01-02 09:56

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Fri, 02 Jan 2026 09:56:35 GMT
Date: Fri, 02 Jan 2026 09:56:35 GMT
Connection: close
X-Ak-Ref-ID: 0.2f4f1502.1767347795.49951d1
Client-RTT: 82 | 0 | 0
Server: AK-Ghost-Server

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.21.79.51:443 · vr-staging.linde.com

2025-12-23 02:04

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Tue, 23 Dec 2025 02:04:54 GMT
Date: Tue, 23 Dec 2025 02:04:54 GMT
Connection: close
X-Ak-Ref-ID: 0.3f4f1502.1766455494.e3f9a6f
Client-RTT: 147 | 0 | 1
Server: AK-Ghost-Server

Found 2025-12-23 by HttpPlugin

Create report

Open service 23.3.88.147:443 · api.training.vr-staging.linde.com

2025-12-22 17:10

HTTP/1.1 404 Not Found
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Cache-Control: max-age=0
Expires: Mon, 22 Dec 2025 17:10:13 GMT
Date: Mon, 22 Dec 2025 17:10:13 GMT
Connection: close
X-Ak-Ref-ID: 0.8f580317.1766423413.22db96b1
Client-RTT: 14 | 0 | 1
Server: AK-Ghost-Server

Found 2025-12-22 by HttpPlugin

Create report

acs.exchange.gdmstest.linde-le.comadfs.sandbox.linde-le.comadfsletest.linde.nameakamtestle.linde-le.comapi-plantserv.linde-engineering.comapi-test.cms.linde-le.comapi.cms.linde-le.comapi.customersurvey.plantserv.linde.comapi.hchub.linde.comapi.lvf.iot.linde-le.comapi.training.vr-staging.linde.comapi.training.vr.linde.comautospir.linde-le.combasflu.lvf.iot.linde-le.comcf.procorr.linde-le.comchevron.linex.iot.linde-le.comclientconnect.linde-le.comcms.linde-le.comconfigurator.lhf.iot.linde-le.comcustomersurvey.plantserv.linde.comdahej.lvf.iot.linde-le.comdemo.lvf.iot.linde-le.comdes.mylindemarket.linde.ardev.launchpad.linde.comdev.leconnect.linde.comdev.procorr.linde-le.comexp.procorr.linde-le.comfab.linde-le.comflp.linde-le.comgrafana.test.iot.linde-le.comgrtd.launchpad.linde.comgrtp.launchpad.linde-le.comgrtp.launchpad.linde.comgrtq.launchpad.linde.comgrtq.test-launchpad.linde-le.comgrts.launchpad.linde.comguacamole.lhf.iot.linde-le.comhfcapp.linde-le.comhml.mylindemarket.linde.arignition.dev.iot.linde-le.comintel.asu-monitoring.iot.linde-le.comipp.rewprint.linde.comitp.software.quality.portal.iot.linde-le.comlaos.linde-le.comlaunchpad.linde-le.comlaunchpad.linde.comleconnect.linde.comlgree.motormonitoring-gui-prd.iot.linde-le.comlimang.linde.namelinde-brasil.com.brlinde.linex.iot.linde-le.comliquidos.linde.commylindemarket.linde.arns3.rewprint.linde.comorders.tmmgaswarehouse.linde.complantmonitoring.lhf.iot.linde-le.complantmonitoringapi.lhf.iot.linde-le.complantserv.linde-engineering.compresto.iot.linde-le.comprocorr.linde-le.comqa.launchpad.linde.comqa.leconnect.linde.comqa.procorr.linde-le.comreview.gdms.linde-le.comreview.gdmstest.linde-le.comruwais.lvf.iot.linde-le.comsbx.api.hchub.linde.comsbx.launchpad.linde.comscholven.lvf.iot.linde-le.comseclore.linde-le.comseclore2.linde-le.comsecloretest.linde-le.comservice.elgas.co.nzservice.elgas.com.ausubcontracting.linde-le.comsupplierconnect.linde-le.comtest-clientconnect.linde-le.comtest-launchpad.linde-le.comtest-supplierconnect.linde-le.comtickets.noxboxltd.comtimeseriesinsights.iot.linde-le.comtools.bocgases.co.uktools.bocgases.ietotalweld.com.autraining.vr-staging.linde.comtraining.vr.linde.comtst.api.lcrisp.linde.comtst.api.pricesmart.linde.comtst.tools.bocgases.co.uktst.tools.bocgases.ievr-staging.linde.comweb.cms.linde-le.comweldspot.com.auwvs.review.gdms.linde-le.comwvs.review.gdmstest.linde-le.comwww.cosec.linde-le.comwww.laos.linde-le.comwww.linde-brasil.com.brwww.totalweld.com.auwww.weldspot.com.au

Fingerprint:

9ac5264efba3cbc154c34908793f7dbdff6c5201848d4232548f68253137b519

CN:

cms.linde-le.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-19 03:47

Not after:

2026-03-19 03:47

Domain summary

vr-staging.linde.com 5 api.training.vr-staging.linde.com 5

2 recorded

IP summary

23.3.88.147 2 2.21.79.51 2 2.16.204.89 1

3 recorded