LeakIX - Host 13.69.68.14

Host 13.69.68.14

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443 tcp/80

N A

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: flow-demo.archee.arc-consulting.pl
Port: 443
URL: https://flow-demo.archee.arc-consulting.pl

First seen 2025-12-21 02:04
Last seen 2026-02-09 22:54
Open for 50 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 22:54
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: signage-rossmann-ds.soviaretail.de
Port: 443
URL: https://signage-rossmann-ds.soviaretail.de

First seen 2026-01-09 02:44
Last seen 2026-02-09 19:04
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495d296d1d354bf9e39f497c3572994f0679584f45

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /flicApi/instructions/{serial}
GET /signageDeviceProviderApi/cacheSize
GET /signageDeviceProviderApi/cacheState
GET /signageDeviceProviderApi/fullCacheStateForDevices
POST /flicApi/assignbutton
POST /flicApi/buttonclicked
POST /flicApi/hubDetails
POST /flicApi/message
POST /flicApi/setmode/{serial}/{mode}
POST /forecast/GetPromotionForecast
POST /forecast/GetPromotionRangeForecast
POST /microAppRenderer/RenderMicroApp
POST /promotionCacheLoadTesting/ClearCache
POST /promotionCacheLoadTesting/GetCacheInfos
POST /promotionCacheLoadTesting/GetOverTimeProgress
POST /promotionCacheLoadTesting/GetRenderPromotionsWithNewLogicStatus
POST /promotionCacheLoadTesting/GetRenderPromotionsWithOldLogicStatus
POST /promotionCacheLoadTesting/IsPromotionInCache
POST /promotionCacheLoadTesting/LoadPromotionToCache
POST /promotionCacheLoadTesting/LoadPromotionsToCache
POST /promotionCacheLoadTesting/LoadPromotionsToCacheOverTime
POST /promotionCacheLoadTesting/MeasureGetSignageDeviceTime
POST /promotionCacheLoadTesting/MeasureGetSignageDeviceTimeStatus
POST /promotionCacheLoadTesting/RenderAllCachedPromotionsWithNewLogic
POST /promotionCacheLoadTesting/RenderAllCachedPromotionsWithOldLogic
POST /promotionCacheLoadTesting/RenderListOfPromotionsWithNewLogic
POST /promotionCacheLoadTesting/RenderListOfPromotionsWithOldLogic
POST /promotionRenderer/RenderContainerPromotionForDeviceHost
POST /promotionRenderer/RenderPromotion
POST /signageDeviceProviderApi/clearCache
POST /signageDeviceProviderApi/forceCacheRefreshForDevice/{deviceId}

Found on 2026-02-09 19:04

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: account-services-api.axco.co.uk
Port: 443
URL: https://account-services-api.axco.co.uk

First seen 2025-11-06 12:29
Last seen 2026-02-09 16:05
Open for 95 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-02-09 16:05
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: rossmann-ds.soviaretail.de
Port: 443
URL: https://rossmann-ds.soviaretail.de

First seen 2026-01-09 02:44
Last seen 2026-02-02 06:01
Open for 24 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 06:01

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b2a64f8bde7340e2a0bde6fe25a59ced3db5602f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /DOOHInventory/Inventory
GET /barc/barcode.png
GET /barc/qr_code.png
GET /ds/ctrl/getmaxversion
GET /ds/ctrl/getminversion
GET /ds/ctrl/status
GET /ds/ctrl/v1/devices
GET /ds/ctrl/v1/devices/bydevicetype/{id}
GET /ds/ctrl/v1/devices/byhotspot/{id}
GET /ds/ctrl/v1/devices/byorgunit/{id}/{option}
GET /ds/ctrl/v1/devices/bytags/{option}/{tags}
GET /ds/ctrl/v1/devices/device/{id}
GET /ds/ctrl/v1/devices/pagination
GET /ds/ctrl/v1/displays
GET /ds/ctrl/v1/displays/display/{id}
GET /ds/ctrl/v1/hotspots
GET /ds/ctrl/v1/hotspots/hotspot/{id}
GET /ds/ctrl/v1/media/containers
GET /ds/ctrl/v1/media/containers/container/{id}
GET /ds/ctrl/v1/media/containers/container/{id}/elements
GET /ds/ctrl/v1/media/elements/element/{id}
GET /ds/ctrl/v1/orgUnits
GET /ds/ctrl/v1/orgUnits/bytype/{id}
GET /ds/ctrl/v1/orgUnits/orgUnit/{id}
GET /ds/ctrl/v1/orgUnits/orgUnit/{id}/isopened/{datetime}
GET /ds/ctrl/v1/orgUnits/types
GET /ds/ctrl/v1/promotions
GET /ds/ctrl/v1/promotions/bydevice/{id}
GET /ds/ctrl/v1/promotions/promotion/{id}
GET /ds/ctrl/v1/promotions/promotion/{id}/assignments
GET /ds/ctrl/v1/promotions/promotion/{id}/assignments/device
GET /ds/ctrl/v1/promotions/promotion/{id}/assignments/hotspot
GET /ds/ctrl/v1/promotions/promotion/{id}/assignments/orgunit
GET /ds/ctrl/v1/promotions/promotion/{id}/assignments/orgunithotspot
GET /ds/ctrl/v1/screendefinitions
GET /ds/ctrl/v1/screendefinitions/screendefinition/{id}
GET /ds/rmt/v1/devices
GET /ds/rmt/v1/devices/{id}
GET /ds/rmt/v1/orgunits
GET /ds/rmt/v1/search
GET /ds/rmt/v2/apps
GET /ds/rmt/v2/devices
GET /ds/rmt/v2/devices/device/search
GET /ds/rmt/v2/devices/{id}
GET /ds/rmt/v2/orgunits
GET /ds/rmt/v2/search
GET /ds/rmt/v2/serviceHistory/search/{deviceId}
GET /ds/rmt/v2/serviceHistory/{deviceId}
GET /ds/rmt/v2/tenantOrgUnitTypeId
GET /ds/rmt/version
GET /fileprovider/Download
GET /soviainstagram/register
GET /sse
GET /temporaryStorage/read
POST /clientPrintServiceResponse/result
POST /ds/ctrl/v1/displays/display
POST /ds/ctrl/v1/hotspots/hotspot
POST /ds/ctrl/v1/media/containers/container
POST /ds/ctrl/v1/media/elements/element/addexternalaudio
POST /ds/ctrl/v1/media/elements/element/addexternalimage
POST /ds/ctrl/v1/media/elements/element/addexternalmediaelement
POST /ds/ctrl/v1/media/elements/element/addexternalvideo
POST /ds/ctrl/v1/media/elements/element/uploadformfile/{containerid}
POST /ds/ctrl/v1/media/elements/element/uploadfromurl
POST /ds/ctrl/v1/media/elements/element/uploadstream/{containerid}/{filename}
POST /ds/ctrl/v1/orgUnits/orgUnit
POST /ds/ctrl/v1/promotions/promotion
POST /ds/ctrl/v1/promotions/promotion/{id}/assignments/device/{deviceid}
POST /ds/ctrl/v1/promotions/promotion/{id}/assignments/hotspot/{hotspotid}
POST /ds/ctrl/v1/promotions/promotion/{id}/assignments/orgunit/{orgunitid}
POST /ds/ctrl/v1/promotions/promotion/{id}/assignments/orgunithotspot/{orgunitid}/{hotspotid}
POST /ds/ctrl/v1/screendefinitions/screendefinition
POST /ds/rmt/v1/devices/{id}/upload/{fileName}/system/{systemName}/{schema}
POST /ds/rmt/v2/devices/{id}/upload/{fileName}/system/{systemName}/{schema}
POST /ds/rmt/v2/hotspots
POST /ds/rmt/v2/screens
POST /ds/rmt/v2/serviceHistory
POST /fileProvider/upload
POST /loadTest/WriteLoadTestInformation
POST /temporaryStorage/write
PUT /ds/ctrl/v1/devices/device/{id}/removehotspot
PUT /ds/ctrl/v1/devices/device/{id}/removescreendefinition
PUT /ds/ctrl/v1/devices/device/{id}/sethotspot/{hotspotid}
PUT /ds/ctrl/v1/devices/device/{id}/setorgunit/{orgunitid}
PUT /ds/ctrl/v1/devices/device/{id}/setscreendefinition/{screendefid}
PUT /ds/ctrl/v1/media/elements/element/{id}/updatetimestamp
PUT /ds/ctrl/v1/media/elements/element/{mediaelementid}/replace/uploadstream/{filename}
PUT /ds/ctrl/v1/notify
PUT /ds/ctrl/v1/remotes/forcerefresh/{targetdevice}
PUT /ds/ctrl/v1/remotes/movenext/{targetdevice}
PUT /ds/ctrl/v1/remotes/moveprevious/{targetdevice}
PUT /ds/ctrl/v1/remotes/pushmediaelement/{targetdevice}/{mediaelementid}
PUT /ds/ctrl/v1/remotes/pushpromotion/{targetdevice}/{promotionid}/{numberofruns}
PUT /ds/ctrl/v1/remotes/resetpromotion/{targetdevice}
PUT /ds/ctrl/v1/remotes/showplayerinfo/{targetdevice}
PUT /ds/rmt/v1/devices/{id}/command
PUT /ds/rmt/v1/orgunits/{id}/command
PUT /ds/rmt/v2/devices/{id}/command
PUT /ds/rmt/v2/orgunits/{id}/command
PUT /ds/rmt/v2/servicehistory/{historyEntryId}

Found on 2026-01-16 02:59

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: promineo-portal.promineo.no
Port: 443
URL: https://promineo-portal.promineo.no

First seen 2025-10-30 09:52
Last seen 2026-01-23 12:36
Open for 85 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354969f9313b0c08520e4bdb5461687bc252fed3e048

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/AccessControl/createsastoken/{tenantId}/{serviceId}/{validForHours}
GET /api/Authentication/Providers
GET /api/Authentication/Providers/{id}
GET /api/Authentications
GET /api/Authentications/AuthenticationList/{tenantId}
GET /api/Authentications/LatestByEmail/{email}
GET /api/Authentications/{id}
GET /api/Client
GET /api/ClientVersions
GET /api/ClientVersions/{id}
GET /api/Community
GET /api/Community/{communityId}/Dashboard/{dashboardId}
GET /api/Community/{communityId}/Dashboards
GET /api/Community/{communityId}/DataSources
GET /api/Community/{communityId}/Fields
GET /api/Community/{id}
GET /api/PortalAdmins
GET /api/PortalAdmins/{id}
GET /api/PostProcessors
GET /api/ServiceAccounts
GET /api/ServiceAccounts/ServiceAccountList/{tenantId}
GET /api/ServiceAccounts/{id}
GET /api/TenantUsers
GET /api/TenantUsers/UserList/{tenantId}
GET /api/TenantUsers/{id}
GET /api/Tenants
GET /api/Tenants/{id}
GET /api/Tenants/{tenantId}/getconnectionstring
GET /portalAdminLevel
GET /serviceType
GET /tenantAdminLevel
POST /api/Community/Structure
POST /api/Community/{communityId}/Dashboard
POST /api/Community/{communityId}/DataSource
POST /api/Community/{communityId}/Field

Found on 2026-01-23 12:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: messaging-rossmann-ds.soviaretail.de
Port: 443
URL: https://messaging-rossmann-ds.soviaretail.de

First seen 2026-01-09 03:25
Last seen 2026-01-23 01:55
Open for 13 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496947203c6947203c6947203c6947203c6947203c
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /push
```
  Found on 2026-01-23 01:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: remoting-rossmann-ds.soviaretail.de
Port: 443
URL: https://remoting-rossmann-ds.soviaretail.de

First seen 2026-01-09 02:44
Last seen 2026-01-21 01:53
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-21 01:53
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: staging.app.taxiszamla.hu
Port: 443
URL: https://staging.app.taxiszamla.hu

First seen 2026-01-11 01:44
Last seen 2026-01-16 15:00
Open for 5 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493a59cb32cc4ebae256268f72c85e3e2936843030

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/accountantLink/{id}
DELETE /api/employee/{existingIdParam}/{unconfirmedIdParam}
GET /api/accountantLink
GET /api/billing/getInvoiceExcelExport/{from}/{to}
GET /api/billing/getInvoiceExport/{from}/{to}
GET /api/billing/getInvoicePdfArtifact/{invoiceId}
GET /api/billing/getInvoicePosArtifact/{invoiceId}/{posPrinterFormat}
GET /api/billing/getInvoiceStats/{from}/{to}
GET /api/billing/getMyInvoiceInfoList/{from}/{to}/{pageIndex}/{pageSize}
GET /api/billing/taxPayerInfo/external/{systemName}
GET /api/billing/taxPayerInfo/name/{search}
GET /api/billing/taxPayerInfo/taxNumber/{search}
GET /api/billing/taxPayerInfo/wellKnown
GET /api/company
GET /api/company/info
GET /api/company/isExists/{taxNumber}
GET /api/employee
GET /api/employee/verify-email/{email}
GET /api/invoiceBook
GET /api/mobileApp/settings/printerTestData/{posPrinterType}
GET /api/navReport/getMyNavInvoiceReport/{id}
GET /api/navReport/getMyNavInvoiceReportList/{undoneOnly}/{from}/{to}/{pageIndex}/{pageSize}
GET /api/offlineNavReport/dateRange/{from}/{to}
GET /api/offlineNavReport/invoiceNumberRange/{invoiceBookId}/{from}/{to}
GET /api/passengerInvoiceData
GET /api/passengerInvoiceData/{id}
GET /api/posPrinter
GET /api/status
GET /api/subscription
GET /api/subscription/payments/{page}/{pageSize}
GET /api/subscription/pendingPidProviderRegistration
GET /api/subscription/pidProviders
GET /api/wellKnownCusomer
GET /licence
GET /pdf-invoice/{token}
GET /userManual
POST /api/accountantLink/accept/{id}
POST /api/accountantLink/refuse/{id}
POST /api/billing/invoice
POST /api/billing/modify-invoice
POST /api/billing/pdfInvoiceEmail/{invoiceId}/{emailAddress}
POST /api/billing/pdfInvoiceQrLink/{invoiceId}
POST /api/billing/storno-and-new-invoice
POST /api/billing/storno-invoice
POST /api/diagnostics/deviceLog
POST /api/employee/assign
POST /api/employee/confirm/{token}
POST /api/identity/resetPassword/begin
POST /api/identity/resetPassword/end
POST /api/invoiceBook/enableAutoYearChange/{token}
POST /api/navReport/settings-are-correct
POST /api/status/change-year
POST /api/status/maintenance
POST /api/status/retry-nav-report
POST /api/status/subscription-job
POST /api/subscription/registerToPidProvider/{systemName}
POST /api/subscription/registerToPidProvider2/{systemName}
POST /api/subscription/verifyPidProviderRegistration
PUT /api/wellKnownCusomer/{id}

Found on 2026-01-16 15:00

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: ocpi.longship.io
Port: 443
URL: https://ocpi.longship.io

First seen 2025-12-20 07:23
Last seen 2025-12-27 00:16
Open for 6 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff4357046d607418a9e1c9f2d7a8ee6b4e0eca8300c7
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /api/v1/connectionoufilters/{id}
GET /api/v1/connections
GET /api/v1/connections/{id}
GET /api/v1/custommodules
GET /api/v1/custommodules/{id}
GET /api/v1/sharedconnections
POST /api/v1/connections/copy
POST /api/v1/connections/receiver
POST /api/v1/connections/sender
POST /api/v1/connections/{id}/connectivitytest
POST /api/v1/connections/{id}/handshake
PUT /api/v1/connections/{id}/roamingpriority
```
  Found on 2025-12-27 00:16
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: api.portal.raily.eu
Port: 443
URL: https://api.portal.raily.eu

First seen 2025-11-19 14:25
Last seen 2025-11-23 21:07
Open for 4 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-11-23 21:07

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549bccc5624ca13f20ad36136d454ff81d478b44d03

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /delivery-notes/documents/{fileId}
GET /Assets/damage-reports
GET /Assets/list/search
GET /Assets/replacements/{assetTemplateId}
GET /Assets/structures/technical
GET /Assets/{assetId}/Documents
GET /Assets/{assetId}/checklists
GET /Assets/{assetId}/checklists/{assetChecklistId}
GET /Assets/{assetId}/damage-reports
GET /Assets/{assetId}/header
GET /Assets/{assetId}/maintenance-orders
GET /Assets/{assetId}/structure
GET /Assets/{assetId}/train-compositions
GET /Assets/{assetTemplateId}/operations
GET /Assets/{id}/checklist/{checklistId}/generate-form
GET /Attributes
GET /Attributes/Dictionaries
GET /Attributes/Dictionaries/{id}
GET /Attributes/Units
GET /Attributes/Units/{unit}
GET /Attributes/{id}
GET /Companies
GET /Companies/{id}
GET /Companies/{id}/documents
GET /Contracts/available-assets
GET /Contracts/customers
GET /Contracts/kam
GET /Contracts/lease
GET /Contracts/lease/{id}
GET /Contracts/lease/{id}/billing/details
GET /Contracts/lease/{id}/documents
GET /Countries
GET /Currencies
GET /DocumentTypes
GET /DocumentTypes/{id}
GET /Elements
GET /Elements/{id}
GET /Elements/{id}/attributes
GET /Files/Resources/{resourceId}/Files/{id}/SignedUrl
GET /Health
GET /Item-Groups
GET /Item-Groups/{id}
GET /ItemTemplates
GET /ItemTemplates/{id}
GET /Maintenance/Contractors
GET /Maintenance/Jobs
GET /Maintenance/Jobs/{id}
GET /Maintenance/Orders
GET /Maintenance/Orders/Templates
GET /Maintenance/Orders/Templates/{id}
GET /Maintenance/Orders/{id}
GET /Maintenance/Orders/{orderId}/checklists
GET /Maintenance/Orders/{orderId}/documents/order
GET /Maintenance/Plans
GET /Maintenance/Plans/{id}
GET /Maintenance/Steps
GET /Maintenance/Steps/element/{tag}
GET /Maintenance/Steps/{id}
GET /Organisations
GET /Organisations/My
GET /Organisations/My/Features/Permissions
GET /Organisations/My/roles
GET /Organisations/My/roles/{roleId}
GET /Organisations/My/tenancies
GET /Organisations/My/tenants
GET /Organisations/{id}
GET /Organisations/{id}/Tenancies
GET /Organisations/{id}/Tenants
GET /Rics/Companies
GET /Rics/Companies/Search
GET /Stations/Search
GET /Stock-Items
GET /Stock-Items/Lot-Serial
GET /Stock-Items/Lot-Serial/{id}
GET /Stock-Items/{id}/lot-serial
GET /Warehouses
GET /Warehouses/{id}
GET /assets/custom-tables
GET /assets/custom-tables/{id}
GET /assets/templates
GET /assets/templates/components/{tag}
GET /assets/templates/{id}
GET /assets/templates/{id}/roots
GET /assets/templates/{id}/tree
GET /assets/templates/{id}/tree/elements
GET /attributes/DateFormats
GET /delivery-notes
GET /delivery-notes/{id}
GET /delivery-notes/{id}/document
GET /delivery-notes/{id}/documents
GET /delivery-notes/{id}/signing
GET /finances/CostCenters
GET /finances/CostCenters/{internalId}
GET /itss
GET /itss/locations
GET /material-movements
GET /material-movements/lines
GET /material-movements/sources
GET /material-movements/{id}
GET /material-movements/{id}/document
GET /material-movements/{id}/lines
GET /organisations/my/users
GET /organisations/my/users/self
GET /organisations/my/users/{userId}
GET /train-compositions
GET /train-compositions/conductors
GET /train-compositions/data/locomotive
GET /train-compositions/data/wagon
GET /train-compositions/dispatchers
GET /train-compositions/{id}
GET /train-compositions/{id}/report
GET /wdr
GET /wdr/codes
GET /wdr/codes/search
GET /wdr/{id}
GET /wdr/{id}/report
PATCH /Attributes/{id}/status
PATCH /Elements/{id}/status
PATCH /Maintenance/Orders/{orderId}
PATCH /Organisations/My/Users/{userId}/Roles
POST /Assets
POST /Assets/advanced-search
POST /Assets/filter-dashboard/{id}
POST /Assets/list
POST /Assets/operational-dashboard/{elementTag}
POST /Assets/search
POST /Assets/{assetId}/Documents/{documentId}/Archive
POST /Assets/{assetId}/checklists/{checklistId}/Complete
POST /Assets/{assetId}/structure/measurements
POST /Assets/{assetId}/structure/measurements/search
POST /Assets/{assetId}/structure/replace
POST /Assets/{assetId}/structure/replace/component
POST /Auth/login
POST /Auth/password
POST /Auth/reset-password
POST /Contracts/lease/{id}/assets
POST /Contracts/lease/{id}/comments
POST /Contracts/lease/{id}/end-rental
POST /Contracts/lease/{id}/start-rental
POST /Contracts/lease/{id}/status
POST /DocumentTypes/{id}/templates
POST /Finances/costs
POST /Finances/dashboard
POST /ItemTemplates/{sparePartId}/Documents
POST /Maintenance/Orders/mass-create
POST /Maintenance/Orders/{orderId}/Files
POST /Maintenance/Orders/{orderId}/ReleaseToOperations
POST /Maintenance/Steps/{id}/Documents
POST /Organisations/trial
POST /Seed
POST /Seed/AssetTemplates
POST /Seed/Attributes
POST /Seed/Companies
POST /Seed/Damage-Codes
POST /Seed/Elements
POST /Seed/Organisations
POST /Seed/Stations
POST /Users
POST /assets/templates/{id}/duplicate
POST /itss/1.4/event
POST /itss/1.4/mileage
POST /material-movements/{id}/cancel
POST /material-movements/{id}/confirm-shipment
POST /material-movements/{id}/delivery-note
POST /material-movements/{id}/shipment-arrived
PUT /Maintenance/Orders/{orderId}/Status
PUT /Organisations/My/logo

Found on 2025-11-19 14:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.14
Domain: api.prod.raily.eu
Port: 443
URL: https://api.prod.raily.eu

First seen 2025-11-19 12:14
Last seen 2025-11-23 21:05
Open for 4 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-11-23 21:05

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549bccc5624ca13f20ad36136d454ff81d478b44d03

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /delivery-notes/documents/{fileId}
GET /Assets/damage-reports
GET /Assets/list/search
GET /Assets/replacements/{assetTemplateId}
GET /Assets/structures/technical
GET /Assets/{assetId}/Documents
GET /Assets/{assetId}/checklists
GET /Assets/{assetId}/checklists/{assetChecklistId}
GET /Assets/{assetId}/damage-reports
GET /Assets/{assetId}/header
GET /Assets/{assetId}/maintenance-orders
GET /Assets/{assetId}/structure
GET /Assets/{assetId}/train-compositions
GET /Assets/{assetTemplateId}/operations
GET /Assets/{id}/checklist/{checklistId}/generate-form
GET /Attributes
GET /Attributes/Dictionaries
GET /Attributes/Dictionaries/{id}
GET /Attributes/Units
GET /Attributes/Units/{unit}
GET /Attributes/{id}
GET /Companies
GET /Companies/{id}
GET /Companies/{id}/documents
GET /Contracts/available-assets
GET /Contracts/customers
GET /Contracts/kam
GET /Contracts/lease
GET /Contracts/lease/{id}
GET /Contracts/lease/{id}/billing/details
GET /Contracts/lease/{id}/documents
GET /Countries
GET /Currencies
GET /DocumentTypes
GET /DocumentTypes/{id}
GET /Elements
GET /Elements/{id}
GET /Elements/{id}/attributes
GET /Files/Resources/{resourceId}/Files/{id}/SignedUrl
GET /Health
GET /Item-Groups
GET /Item-Groups/{id}
GET /ItemTemplates
GET /ItemTemplates/{id}
GET /Maintenance/Contractors
GET /Maintenance/Jobs
GET /Maintenance/Jobs/{id}
GET /Maintenance/Orders
GET /Maintenance/Orders/Templates
GET /Maintenance/Orders/Templates/{id}
GET /Maintenance/Orders/{id}
GET /Maintenance/Orders/{orderId}/checklists
GET /Maintenance/Orders/{orderId}/documents/order
GET /Maintenance/Plans
GET /Maintenance/Plans/{id}
GET /Maintenance/Steps
GET /Maintenance/Steps/element/{tag}
GET /Maintenance/Steps/{id}
GET /Organisations
GET /Organisations/My
GET /Organisations/My/Features/Permissions
GET /Organisations/My/roles
GET /Organisations/My/roles/{roleId}
GET /Organisations/My/tenancies
GET /Organisations/My/tenants
GET /Organisations/{id}
GET /Organisations/{id}/Tenancies
GET /Organisations/{id}/Tenants
GET /Rics/Companies
GET /Rics/Companies/Search
GET /Stations/Search
GET /Stock-Items
GET /Stock-Items/Lot-Serial
GET /Stock-Items/Lot-Serial/{id}
GET /Stock-Items/{id}/lot-serial
GET /Warehouses
GET /Warehouses/{id}
GET /assets/custom-tables
GET /assets/custom-tables/{id}
GET /assets/templates
GET /assets/templates/components/{tag}
GET /assets/templates/{id}
GET /assets/templates/{id}/roots
GET /assets/templates/{id}/tree
GET /assets/templates/{id}/tree/elements
GET /attributes/DateFormats
GET /delivery-notes
GET /delivery-notes/{id}
GET /delivery-notes/{id}/document
GET /delivery-notes/{id}/documents
GET /delivery-notes/{id}/signing
GET /finances/CostCenters
GET /finances/CostCenters/{internalId}
GET /itss
GET /itss/locations
GET /material-movements
GET /material-movements/lines
GET /material-movements/sources
GET /material-movements/{id}
GET /material-movements/{id}/document
GET /material-movements/{id}/lines
GET /organisations/my/users
GET /organisations/my/users/self
GET /organisations/my/users/{userId}
GET /train-compositions
GET /train-compositions/conductors
GET /train-compositions/data/locomotive
GET /train-compositions/data/wagon
GET /train-compositions/dispatchers
GET /train-compositions/{id}
GET /train-compositions/{id}/report
GET /wdr
GET /wdr/codes
GET /wdr/codes/search
GET /wdr/{id}
GET /wdr/{id}/report
PATCH /Attributes/{id}/status
PATCH /Elements/{id}/status
PATCH /Maintenance/Orders/{orderId}
PATCH /Organisations/My/Users/{userId}/Roles
POST /Assets
POST /Assets/advanced-search
POST /Assets/filter-dashboard/{id}
POST /Assets/list
POST /Assets/operational-dashboard/{elementTag}
POST /Assets/search
POST /Assets/{assetId}/Documents/{documentId}/Archive
POST /Assets/{assetId}/checklists/{checklistId}/Complete
POST /Assets/{assetId}/structure/measurements
POST /Assets/{assetId}/structure/measurements/search
POST /Assets/{assetId}/structure/replace
POST /Assets/{assetId}/structure/replace/component
POST /Auth/login
POST /Auth/password
POST /Auth/reset-password
POST /Contracts/lease/{id}/assets
POST /Contracts/lease/{id}/comments
POST /Contracts/lease/{id}/end-rental
POST /Contracts/lease/{id}/start-rental
POST /Contracts/lease/{id}/status
POST /DocumentTypes/{id}/templates
POST /Finances/costs
POST /Finances/dashboard
POST /ItemTemplates/{sparePartId}/Documents
POST /Maintenance/Orders/mass-create
POST /Maintenance/Orders/{orderId}/Files
POST /Maintenance/Orders/{orderId}/ReleaseToOperations
POST /Maintenance/Steps/{id}/Documents
POST /Organisations/trial
POST /Seed
POST /Seed/AssetTemplates
POST /Seed/Attributes
POST /Seed/Companies
POST /Seed/Damage-Codes
POST /Seed/Elements
POST /Seed/Organisations
POST /Seed/Stations
POST /Users
POST /assets/templates/{id}/duplicate
POST /itss/1.4/event
POST /itss/1.4/mileage
POST /material-movements/{id}/cancel
POST /material-movements/{id}/confirm-shipment
POST /material-movements/{id}/delivery-note
POST /material-movements/{id}/shipment-arrived
PUT /Maintenance/Orders/{orderId}/Status
PUT /Organisations/My/logo

Found on 2025-11-19 12:14

Create report

Open service 13.69.68.14:443 · waws-prod-am2-279.api.azurewebsites.windows.net

2026-01-24 09:59

HTTP/1.1 404 Site Not Found
Content-Length: 2667
Connection: close
Content-Type: text/html
Date: Sat, 24 Jan 2026 09:59:41 GMT

Page title: Microsoft Azure Web App - Error 404

<!DOCTYPE html>
<html>
<head>
    <title>Microsoft Azure Web App - Error 404</title>
    <style type="text/css">
        html {
            height: 100%;
            width: 100%;
        }

        #feature {
            width: 960px;
            margin: 75px auto 0 auto;
            overflow: auto;
        }

        #content {
            font-family: "Segoe UI";
            font-weight: normal;
            font-size: 22px;
            color: #ffffff;
            float: left;
            margin-top: 68px;
            margin-left: 0px;
            vertical-align: middle;
        }

            #content h1 {
                font-family: "Segoe UI Light";
                color: #ffffff;
                font-weight: normal;
                font-size: 60px;
                line-height: 48pt;
                width: 800px;
            }

        a, a:visited, a:active, a:hover {
            color: #ffffff;
        }

        #content a.button {
            background: #0DBCF2;
            border: 1px solid #FFFFFF;
            color: #FFFFFF;
            display: inline-block;
            font-family: Segoe UI;
            font-size: 24px;
            line-height: 46px;
            margin-top: 10px;
            padding: 0 15px 3px;
            text-decoration: none;
        }

            #content a.button img {
                float: right;
                padding: 10px 0 0 15px;
            }

            #content a.button:hover {
                background: #1C75BC;
            }
    </style>
    <script type="text/javascript">
        function toggle_visibility(id) {
            var e = document.getElementById(id);
            if (e.style.display == 'block')
                e.style.display = 'none';
            else
                e.style.display = 'block';
        }
    </script>
</head>
<body bgcolor="#00abec">
    <div id="feature">
        <div id="content">
            <h1>404 Web Site not found.</h1>
            <p>You may be seeing this error due to one of the reasons listed below :</p>
            <ul>
                <li>Custom domain has not been configured inside Azure. See <a href="https://go.microsoft.com/fwlink/?linkid=2194614">how to map an existing domain</a> to resolve this.</li>
                <li>Client cache is still pointing the domain to old IP address. Clear the cache by running the command <i>ipconfig/flushdns.</i></li>
            </ul>
            <p>Checkout <a href="https://go.microsoft.com/fwlink/?linkid=2194451">App Service Domain FAQ</a> for more questions.</p>
        </div>
     </div>
</body>
</html>

Found 2026-01-24 by HttpPlugin