LeakIX - Host 13.69.68.12

Host 13.69.68.12

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: wrb-acceptatie.hanze.nl
Port: 443
URL: https://wrb-acceptatie.hanze.nl

First seen 2025-10-16 12:38
Last seen 2026-02-10 00:08
Open for 116 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-10 00:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d47888d0e1a54f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetIssuedExpired
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/HouseKeeping/MonitorBookingStates
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2026-01-16 10:20

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d47888dc6309ec

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2025-12-01 04:42

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d4788805cebc90

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetNotBookable
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2025-10-28 20:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000007-tst.pmcrm.nl
Port: 443
URL: https://8000007-tst.pmcrm.nl

First seen 2025-12-21 14:57
Last seen 2026-02-09 22:05
Open for 50 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 22:05

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2026-01-09 11:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000001-tst.pmcrm.nl
Port: 443
URL: https://8000001-tst.pmcrm.nl

First seen 2026-01-03 10:12
Last seen 2026-02-09 19:46
Open for 37 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 19:46
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: monitoring-api.czapp-dev.com
Port: 443
URL: https://monitoring-api.czapp-dev.com

First seen 2026-01-12 05:38
Last seen 2026-02-09 19:45
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4e788b41f9351df258c45aa94d074cfa56178cb96
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /jobs
GET /jobs-export
GET /jobs/{jobId}/history
GET /jobs/{jobId}/history/{historyId}
GET /jobs/{jobId}/history/{historyId}/results
GET /modules
GET /statuses
POST /RunAllJobsFunction
POST /RunSingleValidationFunction
```
  Found on 2026-02-09 19:45
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000003-tst.pmcrm.nl
Port: 443
URL: https://8000003-tst.pmcrm.nl

First seen 2025-12-11 10:13
Last seen 2026-02-09 19:43
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 19:43

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-26 16:40

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000012-tst.pmcrm.nl
Port: 443
URL: https://8000012-tst.pmcrm.nl

First seen 2025-12-21 14:01
Last seen 2026-02-09 19:21
Open for 50 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 19:21

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-25 06:16

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: webservice.tlinq.eu
Port: 80
URL: http://webservice.tlinq.eu

First seen 2026-01-11 01:55
Last seen 2026-02-09 18:19
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60720fc5dc12fa5031d63778233d3d49858e678c16

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/ListItems/Delete/{idCenter}/{id}
GET /api/AdditionalData/Blob/{type}/{uiMap}
GET /api/AdditionalData/Blobs/{type}/{idCenter}
GET /api/AdditionalData/Blobs/{type}/{idCenter}/{idUs}
GET /api/AdditionalData/Blobs/{type}/{key}
GET /api/AdditionalData/XmlAttachment/{type}/{idCenter}
GET /api/AdditionalData/XmlAttachment/{type}/{idCenter}/{idUs}
GET /api/AdditionalData/XmlAttachment/{type}/{key}
GET /api/Agenda/GetModelRepeatedSteps/{idModel}
GET /api/Agenda/GetModelVariables/{idModel}
GET /api/Agenda/GetModels
GET /api/Authentication/Logout/{id}
GET /api/Category/{idCenter}/{classification}
GET /api/Centers/CheckToken/{token}
GET /api/Centers/Token/{id}
GET /api/Centers/{id}
GET /api/Conversation
GET /api/Conversation/Event/{externalEventId}
GET /api/Conversation/Instance/{instanceId}
GET /api/Conversation/{key}
GET /api/Customers/{idCenter}/{idCustomer}
GET /api/Document/GetLastInstanceData/{idCenter}/{idModel}
GET /api/Document/Test
GET /api/Document/View
GET /api/Download/ProcessRequest
GET /api/Instance/Get
GET /api/Instance/Get/{uiInstance}
GET /api/Instance/get/Get
GET /api/Instance/get/Get/{uiInstance}
GET /api/ListItems/GetListById/{idCenter}/{id}
GET /api/ListItems/GetParents/{idCenter}
GET /api/ListItems/{idCenter}/{parentCode}
GET /api/Message
GET /api/PdfCreator/Pdf/{idInstance}/{timezoneId}/{culture}/{token}
GET /api/PdfCreator/Pdf/{uiInstance}/{idUs}
GET /api/PdfCreator/PdfByCenter/{uiInstance}/{idCenter}
GET /api/Users/{id}
POST /api/Agenda/Disable
POST /api/Agenda/GetAll/{idCenter}
POST /api/Agenda/Import
POST /api/Authentication/Login
POST /api/Authentication/LoginComplete
POST /api/Authentication/LoginRedirect
POST /api/Authentication/LoginUserCenter/{idCenter}/{userUiSync}
POST /api/Customers/Create/{idCenter}
POST /api/Customers/Disable
POST /api/Customers/GetAll/{idCenter}
POST /api/Customers/Import
POST /api/Customers/Import/{key}
POST /api/Document/Subscribe/{idCenter}/{idModel}
POST /api/Document/Unsubscribe/{idCenter}/{idModel}
POST /api/Document/XmlDocuments
POST /api/ListItems/Create/{idCenter}
POST /api/ListItems/Import
POST /api/Message/ConversationMessage
POST /api/PdfCreator/Pdf/{idUs}
POST /api/Products/Disable
POST /api/Products/GetAll/{idCenter}
POST /api/Products/Import
POST /api/ScheduleExecutions/CloseExecution
POST /api/ServicesConnectors/Notifications
POST /api/UserList/CheckIfBarcodeAlreadyExists/{idCenter}
POST /api/UserList/InsertOrUpdatePrimitiveUserList/{idCenter}
POST /api/UserList/InsertOrUpdatePrimitiveUserListBulk/{idCenter}
POST /api/UserPosition/{email}
POST /api/UserPosition/{id}
POST /api/Workflows/Execute/{idCenter}
PUT /api/ListItems/Update/{idCenter}

Found on 2026-02-09 18:19

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: hub.po02.ntifm.com
Port: 443
URL: https://hub.po02.ntifm.com

First seen 2026-01-08 13:35
Last seen 2026-02-09 18:06
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dfd78c375167ce5d12ae092ac8763f6f45907ad0

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/accounts
GET /api/accounts/{id}
GET /api/annualbudgetactivities
GET /api/annualbudgetactivities/{id}
GET /api/assets/categories
GET /api/distributionkeys
GET /api/distributionkeys/{id}
GET /api/facilities
GET /api/financialkeyfigures
GET /api/invoices
GET /api/invoices/{id}
GET /api/locationgroups
GET /api/locationgroups/{id}
GET /api/locations
GET /api/locations/{id}
GET /api/longtermplanactivities
GET /api/longtermplanactivities/{id}
GET /api/projectrequisitions
GET /api/projectrequisitions/{id}
GET /api/projects
GET /api/projects/types
GET /api/projects/{projectId}/constructionbudgetposts
GET /api/projects/{projectId}/fees
GET /api/requisitions
GET /api/requisitions/{id}
GET /api/suppliers
GET /api/suppliers/{id}
GET /api/tenancies
GET /api/tenancies/{id}
GET /api/userroles
GET /api/users
GET /api/users/teams
GET /api/users/{id}
GET /api/workorders
GET /api/workorders/templates
GET /api/workorders/types
GET /api/workorders/{id}
POST /api/locations/{id}/merge
PUT /api/financialkeyfigures/{id}
PUT /api/projectrequisitions/state
PUT /api/requisitions/state
PUT /api/users/{id}/locationaccess
PUT /api/users/{id}/roles

Found on 2026-02-09 18:06

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: noloshop.it
Port: 443
URL: https://noloshop.it

First seen 2025-11-11 03:21
Last seen 2026-02-09 16:25
Open for 90 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a4a4a1edc7334eb4b1bb8f61cf25ee48733ba5cb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Shop/{codiceNoleggio}/Transazioni/{id}
GET /api/Backend/Movimenti
GET /api/Backend/Occupazioni
GET /api/Backend/Transazioni
GET /api/Management/CurrentLog
GET /api/Management/GetLog/{data}
GET /api/Phoenix/{codNoleggio}/ack
GET /api/Phoenix/{codNoleggio}/nack
GET /api/Shop/{codiceNoleggio}/DatiNoleggio
GET /api/Shop/{codiceNoleggio}/Reparti
GET /api/Shop/{codiceNoleggio}/testperformance
GET /api/Sia/test
GET /api/Sia/{codScuola}/ack
GET /api/XPay/{lingua}/{codNoleggio}/esito
PATCH /api/Backend/Transazioni/{codTransazione}/conferma
POST /api/Axepta/{codScuola}/ack/{orderId}
POST /api/Backend/DatiCompleti
POST /api/Backend/Movimenti/Resync
POST /api/Shop/{codiceNoleggio}/Carrello
POST /api/XPay/confermamanuale
POST /api/XPay/{codNoleggio}/esito

Found on 2026-02-09 16:25

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a4a4a1edc7334eb4b1bb8f61cf25ee4831b5850c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Shop/{codiceNoleggio}/Transazioni/{id}
GET /api/Backend/Movimenti
GET /api/Backend/Occupazioni
GET /api/Backend/Transazioni
GET /api/Management/CurrentLog
GET /api/Management/GetLog/{data}
GET /api/Phoenix/{codNoleggio}/ack
GET /api/Phoenix/{codNoleggio}/nack
GET /api/Shop/{codiceNoleggio}/DatiNoleggio
GET /api/Shop/{codiceNoleggio}/Reparti
GET /api/Shop/{codiceNoleggio}/testperformance
GET /api/Sia/test
GET /api/Sia/{codScuola}/ack
GET /api/XPay/{lingua}/{codNoleggio}/esito
PATCH /api/Backend/Transazioni/{codTransazione}/conferma
POST /api/Backend/DatiCompleti
POST /api/Backend/Movimenti/Resync
POST /api/Shop/{codiceNoleggio}/Carrello
POST /api/XPay/confermamanuale
POST /api/XPay/{codNoleggio}/esito

Found on 2025-11-22 16:56

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000009-tst.pmcrm.nl
Port: 443
URL: https://8000009-tst.pmcrm.nl

First seen 2025-12-21 15:01
Last seen 2026-02-09 15:07
Open for 50 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 15:07

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-27 04:09

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000014-tst.pmcrm.nl
Port: 443
URL: https://8000014-tst.pmcrm.nl

First seen 2026-01-06 15:40
Last seen 2026-02-09 14:33
Open for 33 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 14:33
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: wrb-staging.hanze.nl
Port: 443
URL: https://wrb-staging.hanze.nl

First seen 2025-10-27 16:51
Last seen 2026-02-09 14:25
Open for 104 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354983a8954c3ea1cdfecc946dffb4e0c0e74eff157c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Attribute/Delete/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Booking/GetOwnPaged
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{hostKey}
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetNotBookable
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/CancelNotOwned
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/Item/FindByExternalIds
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2026-02-09 14:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000004-tst.pmcrm.nl
Port: 443
URL: https://8000004-tst.pmcrm.nl

First seen 2025-12-21 14:38
Last seen 2026-02-02 10:12
Open for 42 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 10:12

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-25 08:05

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 10000-tst.pmcrm.nl
Port: 443
URL: https://10000-tst.pmcrm.nl

First seen 2026-01-09 00:15
Last seen 2026-02-02 05:53
Open for 24 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 05:53

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2026-01-23 00:26

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: langeriethof.be
Port: 443
URL: https://langeriethof.be

First seen 2025-10-23 08:30
Last seen 2026-02-02 04:51
Open for 101 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549883a9631883a9631883a9631883a9631883a9631
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/Mollie
```
  Found on 2026-02-02 04:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 96000-tst.pmcrm.nl
Port: 443
URL: https://96000-tst.pmcrm.nl

First seen 2026-01-09 00:16
Last seen 2026-02-02 03:20
Open for 24 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 03:20
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: y-solopsdemo-slms-sql.syndev.dnv.com
Port: 443
URL: https://y-solopsdemo-slms-sql.syndev.dnv.com

First seen 2025-12-19 15:05
Last seen 2026-02-02 02:24
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035495633fd2cbb0dcc7ca45d420132f672ffbe3136de
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/account
GET /api/clientauthconfigs/{name}
GET /api/configurations
GET /api/configurations/mobile/zip
GET /api/configurations/{id}
GET /api/configurations/{id}/zip
GET /api/optionscollections/personsincharge
GET /api/optionscollections/usergroup
GET /api/optionscollections/usertype
GET /api/optionscollections/{id}
GET /api/reports
GET /api/version
POST /api/cases/att
```
  Found on 2026-02-02 02:24
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: wrb-test.hanze.nl
Port: 443
URL: https://wrb-test.hanze.nl

First seen 2025-10-16 12:31
Last seen 2026-02-02 00:37
Open for 108 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354983a8954c3ea1cdfe1c69a5c28fd45e9ec83a5793

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Attribute/Delete/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetOwn
GET /api/Booking/GetOwnPaged
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetNotBookable
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/UploadItemImage
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2026-02-02 00:37

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: wrb.hanze.nl
Port: 443
URL: https://wrb.hanze.nl

First seen 2025-10-20 21:43
Last seen 2026-02-01 22:01
Open for 104 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-01 22:01

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d47888d0e1a54f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetIssuedExpired
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/HouseKeeping/MonitorBookingStates
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2026-01-23 09:48

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d47888dc6309ec

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2025-12-13 18:06

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494f8538969019961d47f87e8ab0d4788805cebc90

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/AppSynchronization/Cleanup
DELETE /api/Attribute/Delete/{id}
DELETE /api/Booking/CancelNotOwned/{id}
DELETE /api/Course/Delete/{id}
DELETE /api/ExternalBooking/Delete/{id}
DELETE /api/ExternalBooking/DeleteBulk
DELETE /api/ExternalBooking/DeleteBulkByForeignId
DELETE /api/ExternalBooking/DeleteUnsyncedByBookingId/{id}
DELETE /api/Item/Delete/{id}
DELETE /api/ItemType/Delete/{id}
DELETE /api/OrganisationalUnit/Delete/{id}
DELETE /api/User/Delete/{id}
DELETE /api/Zone/Delete/{id}
GET /api/AppSettings/Get
GET /api/AppSynchronization/GetLatest
GET /api/Attribute/Get/{id}
GET /api/Attribute/GetActive
GET /api/Attribute/GetAll
GET /api/Attribute/GetByItemType
GET /api/Attribute/GetByRule
GET /api/Attribute/Search
GET /api/Booking/CanBeMoved/{bookingid}
GET /api/Booking/Get/{hostKey}
GET /api/Booking/Get/{id}
GET /api/Booking/GetForDisplay/{id}
GET /api/Booking/GetForItem/{id}
GET /api/Booking/GetForItems
GET /api/Booking/GetItemAvailableTimeSlots/{bookingid}
GET /api/Booking/GetNotOwned/{id}
GET /api/Booking/GetOwn
GET /api/Building/Get
GET /api/Building/Get/{id}
GET /api/Course/Get/{id}
GET /api/Course/GetActive
GET /api/Course/GetAll
GET /api/Course/GetForOU
GET /api/Course/Search
GET /api/ExternalBooking/Get/{id}
GET /api/Info/GetVersion
GET /api/Item/Get/{id}
GET /api/Item/GetActive
GET /api/Item/GetActiveSyncable
GET /api/Item/GetAll
GET /api/Item/GetCapacitiesByZoneAndItemType
GET /api/Item/GetNotBookable
GET /api/Item/GetRecent
GET /api/Item/Search
GET /api/Item/SearchByProperties
GET /api/Item/SearchOptionsFilter
GET /api/Item/SearchOptionsRoom
GET /api/ItemType/Get/{id}
GET /api/ItemType/GetActive
GET /api/ItemType/GetActiveItemSubTypes
GET /api/ItemType/GetAll
GET /api/ItemType/GetByRule
GET /api/ItemType/GetItemSubTypeByRule
GET /api/ItemType/Search
GET /api/OrganisationalUnit/Get/{id}
GET /api/OrganisationalUnit/GetActive
GET /api/OrganisationalUnit/GetAll
GET /api/OrganisationalUnit/Search
GET /api/Room/Get
GET /api/Room/Get/{id}
GET /api/User/Get/{id}
GET /api/User/GetActive
GET /api/User/GetAll
GET /api/User/Search
GET /api/Zone/Get/{id}
GET /api/Zone/GetActive
GET /api/Zone/GetAll
GET /api/Zone/GetByRule
GET /api/Zone/Search
GET /qr/Room
GET /qr/Room/authenticate/{id}
GET /qr/Room/authorized
GET /qr/Room/{id}
GET /qr/Room/{id}/live
PATCH /api/Booking/BookingState/{id}
PATCH /api/Booking/HostKey/{id}
PATCH /api/Item/ExternalId/{id}
PATCH /api/Item/UpdateBulk
POST /api/AppSynchronization/Create
POST /api/AppSynchronization/CreateAndQueue
POST /api/AppSynchronization/SetStatus/{id}
POST /api/AppSynchronization/StartSync/{id}
POST /api/Attribute/Store
POST /api/Attribute/Store/{id}
POST /api/Booking/Cancel/{id}
POST /api/Booking/FindAllNotOwned
POST /api/Booking/FindNotOwned
POST /api/Booking/GetOwnPaged
POST /api/Booking/Store
POST /api/Booking/Store/{id}
POST /api/Building/Find
POST /api/Building/Store
POST /api/Course/Store
POST /api/Course/Store/{id}
POST /api/ExternalBooking/Find
POST /api/ExternalBooking/FindByForeignIds
POST /api/ExternalBooking/FindByPrefix
POST /api/ExternalBooking/FindForeignIdsByPrefix
POST /api/ExternalBooking/Store
POST /api/ExternalBooking/StoreBulk
POST /api/Item/FindByExternalIds
POST /api/Item/FindByFunctionalKeys
POST /api/Item/SearchItems
POST /api/Item/Store
POST /api/Item/Store/{id}
POST /api/Item/StoreBulk
POST /api/Item/UploadItemImage
POST /api/ItemAvailability/OpeningHours
POST /api/ItemType/Store
POST /api/ItemType/Store/{id}
POST /api/OrganisationalUnit/Store
POST /api/OrganisationalUnit/Store/{id}
POST /api/Room/Find
POST /api/Room/Store
POST /api/SensorData/Store
POST /api/SensorData/StoreBulk
POST /api/User/Store
POST /api/User/Store/{id}
POST /api/Zone/Store
POST /api/Zone/Store/{id}
POST /api/Zone/StoreBulk
PUT /api/Building/Store/{id}
PUT /api/Course/ResetAll
PUT /api/Course/ResetSingle
PUT /api/ExternalBooking/Store/{id}
PUT /api/ExternalBooking/UpdateBulk
PUT /api/OrganisationalUnit/ResetAll
PUT /api/OrganisationalUnit/ResetSingle
PUT /api/Room/Store/{id}
PUT /api/User/ResetAll
PUT /api/User/ResetSingle

Found on 2025-10-26 10:05

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: test-public-api.qmspot.com
Port: 443
URL: https://test-public-api.qmspot.com

First seen 2026-01-13 11:54
Last seen 2026-01-23 11:23
Open for 9 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ac1745a2bba4765d00475941998d66165fca94eb

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/clients
GET /v1/clients/{clientId}/audit-areas
GET /v1/clients/{clientId}/audit-areas/{areaId}
GET /v1/clients/{clientId}/audit-areas/{areaId}/revisions
GET /v1/clients/{clientId}/audit-areas/{areaId}/revisions/{revisionId}
GET /v1/clients/{clientId}/audit-checklist-categories
GET /v1/clients/{clientId}/audit-checklist-categories/{categoryId}
GET /v1/clients/{clientId}/audit-checklists
GET /v1/clients/{clientId}/audit-checklists/{checklistId}
GET /v1/clients/{clientId}/audit-checklists/{checklistId}/revisions
GET /v1/clients/{clientId}/audit-checklists/{checklistId}/revisions/{revisionId}
GET /v1/clients/{clientId}/audit-checkpoint-categories
GET /v1/clients/{clientId}/audit-checkpoint-categories/{categoryId}
GET /v1/clients/{clientId}/audit-checkpoints
GET /v1/clients/{clientId}/audit-checkpoints/{checkpointId}
GET /v1/clients/{clientId}/audit-checkpoints/{checkpointId}/revisions
GET /v1/clients/{clientId}/audit-checkpoints/{checkpointId}/revisions/{revisionId}
GET /v1/clients/{clientId}/audits
GET /v1/clients/{clientId}/audits/{auditId}
GET /v1/clients/{clientId}/audits/{auditId}/revisions
GET /v1/clients/{clientId}/audits/{auditId}/revisions/{revisionId}
GET /v1/clients/{clientId}/completed-audits
GET /v1/clients/{clientId}/completed-audits-areas/{completedAuditAreaId}/checklists
GET /v1/clients/{clientId}/completed-audits-checklists/{completedAuditChecklistId}/checkpoints
GET /v1/clients/{clientId}/completed-audits/{completedAuditId}
GET /v1/clients/{clientId}/completed-audits/{completedAuditId}/areas
GET /v1/clients/{clientId}/cs-checklist-categories
GET /v1/clients/{clientId}/cs-checklist-categories/{categoryId}
GET /v1/clients/{clientId}/cs-checklists
GET /v1/clients/{clientId}/cs-checklists/{checklistId}
GET /v1/clients/{clientId}/cs-checklists/{checklistId}/revisions
GET /v1/clients/{clientId}/cs-checklists/{checklistId}/revisions/{revisionId}
GET /v1/clients/{clientId}/cs-checkpoint-categories
GET /v1/clients/{clientId}/cs-checkpoint-categories/{categoryId}
GET /v1/clients/{clientId}/cs-checkpoints
GET /v1/clients/{clientId}/cs-checkpoints/{checkpointId}
GET /v1/clients/{clientId}/cs-checkpoints/{checkpointId}/revisions
GET /v1/clients/{clientId}/cs-checkpoints/{checkpointId}/revisions/{revisionId}
GET /v1/clients/{clientId}/cs-completed-checklists
GET /v1/clients/{clientId}/cs-completed-checklists/{completedChecklistId}/checkpoints
GET /v1/clients/{clientId}/issue-categories
GET /v1/clients/{clientId}/issue-categories/{categoryId}
GET /v1/clients/{clientId}/issue-categories/{categoryId}/sub-category/{subcategoryId}
GET /v1/clients/{clientId}/issues
GET /v1/clients/{clientId}/issues/{issueId}
GET /v1/clients/{clientId}/location-categories
GET /v1/clients/{clientId}/location-categories/{categoryId}
GET /v1/clients/{clientId}/locations
GET /v1/clients/{clientId}/measurands/{measurandId}
GET /v1/clients/{clientId}/measurement-point-categories
GET /v1/clients/{clientId}/measurement-point-categories/{categoryId}
GET /v1/clients/{clientId}/measurement-points
GET /v1/clients/{clientId}/measurement-points/{measurementPointId}
GET /v1/clients/{clientId}/measurement-points/{measurementPointId}/measurands
GET /v1/clients/{clientId}/measurement-points/{measurementPointId}/measurements
GET /v1/clients/{clientId}/measurements
GET /v1/clients/{clientId}/task-categories
GET /v1/clients/{clientId}/task-categories/{categoryId}
GET /v1/clients/{clientId}/tasks-changed
GET /v1/clients/{clientId}/tasks-due
GET /v1/clients/{clientId}/tasks-no-due
GET /v1/clients/{clientId}/tasks/{taskId}
POST /v1/auth/login
POST /v1/clients/{clientId}/training-certificates

Found on 2026-01-23 11:23

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000010-tst.pmcrm.nl
Port: 443
URL: https://8000010-tst.pmcrm.nl

First seen 2025-12-21 15:04
Last seen 2026-01-23 08:43
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 08:43

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-27 04:34

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000008-tst.pmcrm.nl
Port: 443
URL: https://8000008-tst.pmcrm.nl

First seen 2025-12-21 14:48
Last seen 2026-01-23 08:14
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 08:14

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2025-12-23 09:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: foodoragateway.egretail.cloud
Port: 443
URL: https://foodoragateway.egretail.cloud

First seen 2026-01-11 17:12
Last seen 2026-01-23 01:16
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60acdd60efacdd60efacdd60efacdd60efacdd60ef
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
POST /api/CallBack
```
  Found on 2026-01-23 01:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: dataexchange.intelliops.online
Port: 443
URL: https://dataexchange.intelliops.online

First seen 2026-01-10 23:10
Last seen 2026-01-23 01:14
Open for 12 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495966199c39c6acfa0d64679912194badf07eaa72

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Groups/{groupId}/SerialNumbers/{serialNumberId}
DELETE /api/Groups/{groupId}/SerialNumbers/{serialNumberId}
GET /Groups
GET /Groups/{groupId}
GET /Groups/{groupId}/SerialNumbers
GET /Groups/{id}/Messages
GET /Groups/{id}/Messages/last
GET /Logs
GET /SerialNumbers
GET /SerialNumbers/{id}/Messages
GET /SerialNumbers/{id}/Messages/first
GET /SerialNumbers/{id}/Messages/last
GET /SerialNumbers/{serialNumberId}/Logs
GET /Time
GET /Version/API
GET /Version/NEN
GET /Version/Protocol
GET /api/Groups
GET /api/Groups/{groupId}
GET /api/Groups/{groupId}/SerialNumbers
GET /api/Groups/{id}/Messages
GET /api/Groups/{id}/Messages/last
GET /api/Logs
GET /api/SerialNumbers
GET /api/SerialNumbers/{id}/Messages
GET /api/SerialNumbers/{id}/Messages/first
GET /api/SerialNumbers/{id}/Messages/last
GET /api/SerialNumbers/{serialNumberId}/Logs
GET /api/Time
GET /api/Version/API
GET /api/Version/NEN
GET /api/Version/Protocol
POST /Messages
POST /api/Messages

Found on 2026-01-23 01:14

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000002-tst.pmcrm.nl
Port: 443
URL: https://8000002-tst.pmcrm.nl

First seen 2026-01-03 10:38
Last seen 2026-01-22 21:31
Open for 19 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-22 21:31

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b21d144b8a081880655d9d154c0ed40d0a9324c7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /_api/accounts/{accountId}/permissions/{accountPermissionId}/delete
DELETE /_api/web-hook-subscriptions/{webHookSubscriptionId}/delete
GET /_api/accounts
GET /_api/accounts/{accountId}
GET /_api/accounts/{accountId}/addresses
GET /_api/accounts/{accountId}/addresses/{accountAddressId}
GET /_api/accounts/{accountId}/contacts
GET /_api/accounts/{accountId}/contacts/{contactId}
GET /_api/accounts/{accountId}/permissions
GET /_api/accounts/{accountId}/permissions/{accountPermissionId}
GET /_api/activities/{subjectType}/{subjectId}
GET /_api/activities/{subjectType}/{subjectId}/{activityId}
GET /_api/attachments/{subjectType}/{subjectId}
GET /_api/attachments/{subjectType}/{subjectId}/{attachmentId}
GET /_api/data-service/extended-activity-hierarchy-by-activity-id
GET /_api/data-service/extended-participant-activity-hierarchy
GET /_api/data-service/subject-labels/{subjectType}
GET /_api/external-resources/{subjectType}/{subjectId}
GET /_api/external-resources/{subjectType}/{subjectId}/{externalResourceId}
GET /_api/labels
GET /_api/labels/{labelId}
GET /_api/labels/{subjectType}/{subjectId}
GET /_api/labels/{subjectType}/{subjectId}/{resourceLabelId}
GET /_api/masterdata/actions
GET /_api/masterdata/actions/{taskActivityActionId}
GET /_api/masterdata/departments
GET /_api/masterdata/departments/{contactDepartmentId}
GET /_api/masterdata/legalforms
GET /_api/masterdata/legalforms/{legalFormId}
GET /_api/masterdata/positions
GET /_api/masterdata/positions/{contactPositionId}
GET /_api/masterdata/relations
GET /_api/masterdata/relations/{personsRelationTypeId}
GET /_api/masterdata/salutations
GET /_api/masterdata/salutations/{salutationId}
GET /_api/masterdata/titlesafter
GET /_api/masterdata/titlesafter/{titlesAfterId}
GET /_api/masterdata/titlesbefore
GET /_api/masterdata/titlesbefore/{titlesBeforeId}
GET /_api/masterdata/types
GET /_api/masterdata/types/{taskActivityTypeId}
GET /_api/notes/{subjectType}/{subjectId}
GET /_api/notes/{subjectType}/{subjectId}/{noteId}
GET /_api/persons
GET /_api/persons/{personId}
GET /_api/roles
GET /_api/roles/{roleId}
GET /_api/search
GET /_api/search/accounts
GET /_api/search/activities
GET /_api/search/contacts
GET /_api/search/notes
GET /_api/search/persons
GET /_api/users
GET /_api/users/account-owners
GET /_api/users/person-owners
GET /_api/users/{userId}
GET /_api/web-hook-subscriptions
GET /_api/web-hook-subscriptions/{webHookSubscriptionId}

Found on 2026-01-15 19:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: webservice.tlinq.eu
Port: 443
URL: https://webservice.tlinq.eu

First seen 2026-01-11 01:55
Last seen 2026-01-16 15:00
Open for 5 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60720fc5dc12fa5031d63778233d3d49858e678c16

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/ListItems/Delete/{idCenter}/{id}
GET /api/AdditionalData/Blob/{type}/{uiMap}
GET /api/AdditionalData/Blobs/{type}/{idCenter}
GET /api/AdditionalData/Blobs/{type}/{idCenter}/{idUs}
GET /api/AdditionalData/Blobs/{type}/{key}
GET /api/AdditionalData/XmlAttachment/{type}/{idCenter}
GET /api/AdditionalData/XmlAttachment/{type}/{idCenter}/{idUs}
GET /api/AdditionalData/XmlAttachment/{type}/{key}
GET /api/Agenda/GetModelRepeatedSteps/{idModel}
GET /api/Agenda/GetModelVariables/{idModel}
GET /api/Agenda/GetModels
GET /api/Authentication/Logout/{id}
GET /api/Category/{idCenter}/{classification}
GET /api/Centers/CheckToken/{token}
GET /api/Centers/Token/{id}
GET /api/Centers/{id}
GET /api/Conversation
GET /api/Conversation/Event/{externalEventId}
GET /api/Conversation/Instance/{instanceId}
GET /api/Conversation/{key}
GET /api/Customers/{idCenter}/{idCustomer}
GET /api/Document/GetLastInstanceData/{idCenter}/{idModel}
GET /api/Document/Test
GET /api/Document/View
GET /api/Download/ProcessRequest
GET /api/Instance/Get
GET /api/Instance/Get/{uiInstance}
GET /api/Instance/get/Get
GET /api/Instance/get/Get/{uiInstance}
GET /api/ListItems/GetListById/{idCenter}/{id}
GET /api/ListItems/GetParents/{idCenter}
GET /api/ListItems/{idCenter}/{parentCode}
GET /api/Message
GET /api/PdfCreator/Pdf/{idInstance}/{timezoneId}/{culture}/{token}
GET /api/PdfCreator/Pdf/{uiInstance}/{idUs}
GET /api/PdfCreator/PdfByCenter/{uiInstance}/{idCenter}
GET /api/Users/{id}
POST /api/Agenda/Disable
POST /api/Agenda/GetAll/{idCenter}
POST /api/Agenda/Import
POST /api/Authentication/Login
POST /api/Authentication/LoginComplete
POST /api/Authentication/LoginRedirect
POST /api/Authentication/LoginUserCenter/{idCenter}/{userUiSync}
POST /api/Customers/Create/{idCenter}
POST /api/Customers/Disable
POST /api/Customers/GetAll/{idCenter}
POST /api/Customers/Import
POST /api/Customers/Import/{key}
POST /api/Document/Subscribe/{idCenter}/{idModel}
POST /api/Document/Unsubscribe/{idCenter}/{idModel}
POST /api/Document/XmlDocuments
POST /api/ListItems/Create/{idCenter}
POST /api/ListItems/Import
POST /api/Message/ConversationMessage
POST /api/PdfCreator/Pdf/{idUs}
POST /api/Products/Disable
POST /api/Products/GetAll/{idCenter}
POST /api/Products/Import
POST /api/ScheduleExecutions/CloseExecution
POST /api/ServicesConnectors/Notifications
POST /api/UserList/CheckIfBarcodeAlreadyExists/{idCenter}
POST /api/UserList/InsertOrUpdatePrimitiveUserList/{idCenter}
POST /api/UserList/InsertOrUpdatePrimitiveUserListBulk/{idCenter}
POST /api/UserPosition/{email}
POST /api/UserPosition/{id}
POST /api/Workflows/Execute/{idCenter}
PUT /api/ListItems/Update/{idCenter}

Found on 2026-01-16 15:00

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: 8000016-tst.pmcrm.nl
Port: 443
URL: https://8000016-tst.pmcrm.nl

First seen 2026-01-11 16:30
Last seen 2026-01-16 14:42
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:42
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.12
Domain: co2calculator.cp.com
Port: 443
URL: https://co2calculator.cp.com

First seen 2025-11-04 10:58
Last seen 2025-11-06 14:28
Open for 2 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549550f77ebdd1797965c0e8708eb17d4de26ffc6d5

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Calculate/export-excel
GET /MasterData/GetCompressorData
GET /MasterData/GetCountryData
GET /MasterData/GetIndustryData
GET /MasterData/GetMaterialToolData
GET /MasterData/GetSegmentData
GET /MasterData/GetToolData
GET /SaveTransformationTool/get
GET /ServiceMasterData/GetServiceAveragePCF
GET /ServiceMasterData/GetServiceCurrency
GET /ServiceMasterData/GetServiceDefaults
GET /ServiceMasterData/GetServiceEstimations
GET /ServiceMasterData/GetServiceIndustryAverages
GET /ServiceMasterData/GetServiceIndustryData
GET /ServiceMasterData/GetServiceProductType
GET /WeatherForecast
GET /api/AssignCountries/getListData
GET /api/LanguageTranslator/GetLanguages
GET /api/LanguageTranslator/GetResourcesByLanguage/{languageId}
GET /api/ProductMasterData/GetControllersData
GET /api/ProductMasterData/GetProductCountryData
GET /api/ProductMasterData/GetProductMarketData
GET /api/ProductMasterData/GetProductToolsData
GET /api/ServiceTab/usage-report
GET /report/download/{fileName}
PATCH /api/LanguageTranslator/EditLanguage/{Id}
PATCH /api/ServiceTab/UpdateInfo
POST /Calculate/4-panel-sps
POST /Calculate/PostData
POST /SaveTransformationTool/post
POST /UploadTemplate/PostMaterialnData
POST /UploadTemplate/PostProductData
POST /UploadTemplate/PostServiceData
POST /UploadTemplate/PostTransformationData
POST /UploadTemplate/PostTransformationToolsData
POST /api/AssignCountries/delete
POST /api/AssignCountries/getCountries
POST /api/AssignCountries/post
POST /api/AssignCountries/update
POST /api/LanguageTranslator/AddLanguage
POST /api/LanguageTranslator/AddResource
POST /api/ServiceTab/SaveInfo
POST /report/upload
PUT /Calculate/UpdateFields/{id}

Found on 2025-11-06 14:28

Create report

Open service 13.69.68.12:443 · beta-esilodigital.epsilonnet.gr

2026-02-02 01:08

HTTP/1.1 302 Found
Content-Length: 0
Connection: close
Date: Mon, 02 Feb 2026 01:08:45 GMT
Server: Microsoft-IIS/10.0
Location: https://beta-esilodigital.epsilonnet.gr/devlogin?ReturnUrl=%2F
Set-Cookie: ARRAffinity=5124579dac0b8f32606a263994c15ca79cffab6be2dc540fa98adbba34dca233;Path=/;HttpOnly;Secure;Domain=beta-esilodigital.epsilonnet.gr
Set-Cookie: ARRAffinitySameSite=5124579dac0b8f32606a263994c15ca79cffab6be2dc540fa98adbba34dca233;Path=/;HttpOnly;SameSite=None;Secure;Domain=beta-esilodigital.epsilonnet.gr
Strict-Transport-Security: max-age=2592000; includeSubDomains
Request-Context: appId=cid-v1:6ba34ca8-df42-431e-acb0-d7716c522723
Permissions-Policy: camera=(), microphone=(), geolocation=(), fullscreen=*, accelerometer=(), autoplay=(), encrypted-media=(), gyroscope=(), magnetometer=(), midi=(), picture-in-picture=(), usb=()
X-Powered-By: ASP.NET

Found 2026-02-02 by HttpPlugin