LeakIX - Host 13.69.68.45

Host 13.69.68.45

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Apache Apache

tcp/443 tcp/80

Kestrel Kestrel

tcp/443 tcp/80

gunicorn

tcp/443 tcp/80

nginx nginx 1.29.0

tcp/443

nginx nginx 1.28.0

tcp/443 tcp/80

nginx nginx 1.24.0

tcp/443

nginx nginx

tcp/443

nginx nginx 1.28.1

tcp/443

nginx nginx 1.23.4

tcp/443

nginx nginx 1.29.4

tcp/443 tcp/80

nginx nginx 1.29.3

tcp/443

nginx nginx 1.19.2

tcp/443

nginx nginx 1.21.6

tcp/443

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: insights.sdg-innovation-commons.org
Port: 443
URL: https://insights.sdg-innovation-commons.org

First seen 2025-12-24 02:37
Last seen 2026-02-09 22:54
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-02-09 22:54
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: api.dataportal.reconor.com
Port: 443
URL: https://api.dataportal.reconor.com

First seen 2025-11-21 09:20
Last seen 2026-02-09 20:34
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354906af09da06af09da06af09da06af09da06af09da
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/companies/norrecco/datasets/weighings
```
  Found on 2026-02-09 20:34
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035490ac9810c76de3ec376de3ec376de3ec376de3ec3
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/companies/citycontainer/datasets/co2
GET /api/companies/norrecco/datasets/weighings
```
  Found on 2025-11-30 12:58
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: siteapi.vorbestellservice.penny.at
Port: 443
URL: https://siteapi.vorbestellservice.penny.at

First seen 2025-12-09 10:00
Last seen 2026-02-09 19:15
Open for 62 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62fb4caa8ea
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Variant
POST /api/Checkout/SubmitOrder
POST /api/Newsletter/Subscribe
```
  Found on 2026-02-09 19:15
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: lti-api.ehbotest.nl
Port: 443
URL: https://lti-api.ehbotest.nl

First seen 2026-01-10 06:58
Last seen 2026-02-09 18:33
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549cc2cd2ffccdb637fde422a2665acdd3eab3c2afc
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Info
GET /api/Info/url
GET /api/Lti
GET /api/Lti/keys
POST /api/Lti/authorize
POST /api/Lti/grade
POST /api/Lti/launch
POST /api/Lti/login
```
  Found on 2026-02-09 18:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: ch-uat.hcp-locator.com
Port: 443
URL: https://ch-uat.hcp-locator.com

First seen 2026-01-10 14:41
Last seen 2026-02-09 18:30
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:30
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: adminapi.dev.vorbestellservice.penny.at
Port: 443
URL: https://adminapi.dev.vorbestellservice.penny.at

First seen 2026-01-10 16:17
Last seen 2026-02-09 18:29
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6030a309e221ca86b2579bfdb802b4ded826cda7eb
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Allergen
GET /api/Allergen/{id}
GET /api/Article
GET /api/Article/{id}
GET /api/Capacity
GET /api/Capacity/{id}
GET /api/Category
GET /api/Category/{id}
GET /api/GlobalOpeningTime
GET /api/GlobalOpeningTime/{id}
GET /api/Online
GET /api/Order
GET /api/Order/{id}
GET /api/OrderExport/detailedData
GET /api/OrderExport/overallData
GET /api/Shop
GET /api/Shop/getShopsFromApi
GET /api/Shop/{id}
GET /api/User
GET /api/User/{id}
GET /api/Variant
GET /api/Voucher
GET /api/Voucher/{id}
PATCH /api/Category/Order
PATCH /api/User/changePassword
PATCH /api/User/lockUnlock
POST /api/Image/{path}
POST /api/User/signIn
```
  Found on 2026-02-09 18:29
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: adminapi.dev.vorbestellservice.penny.at
Port: 80
URL: http://adminapi.dev.vorbestellservice.penny.at

First seen 2026-01-10 16:17
Last seen 2026-02-09 18:25
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6030a309e221ca86b2579bfdb802b4ded826cda7eb
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Allergen
GET /api/Allergen/{id}
GET /api/Article
GET /api/Article/{id}
GET /api/Capacity
GET /api/Capacity/{id}
GET /api/Category
GET /api/Category/{id}
GET /api/GlobalOpeningTime
GET /api/GlobalOpeningTime/{id}
GET /api/Online
GET /api/Order
GET /api/Order/{id}
GET /api/OrderExport/detailedData
GET /api/OrderExport/overallData
GET /api/Shop
GET /api/Shop/getShopsFromApi
GET /api/Shop/{id}
GET /api/User
GET /api/User/{id}
GET /api/Variant
GET /api/Voucher
GET /api/Voucher/{id}
PATCH /api/Category/Order
PATCH /api/User/changePassword
PATCH /api/User/lockUnlock
POST /api/Image/{path}
POST /api/User/signIn
```
  Found on 2026-02-09 18:25
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: siteapi.dev.vorbestellservice.penny.at
Port: 80
URL: http://siteapi.dev.vorbestellservice.penny.at

First seen 2026-01-10 16:43
Last seen 2026-02-09 18:25
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62fb4caa8ea
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Variant
POST /api/Checkout/SubmitOrder
POST /api/Newsletter/Subscribe
```
  Found on 2026-02-09 18:25
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: dev.api.capacit.redito.dk
Port: 443
URL: https://dev.api.capacit.redito.dk

First seen 2026-01-10 16:04
Last seen 2026-02-09 17:38
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c7f6264582f849098cb55d12b95d9e4281e48049

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/Department/{departmentId}/allocationTemplate/{templateId}
GET /api/v1/Allocation
GET /api/v1/Allocation/employee/{id}
GET /api/v1/Allocation/metadata
GET /api/v1/Allocation/search
GET /api/v1/Allocation/{id}
GET /api/v1/Allocation/{id}/bookings
GET /api/v1/AllocationOverview/available-meeting-types-for-invitation/journaled/{id}
GET /api/v1/AllocationOverview/available-meeting-types-for-invitation/{id}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation-and-department/journaled/{invitationId}/{departmentId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation-incl-shared-departments-tabular/journaled/{invitationId}/{departmentId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation-tabular/journaled/{invitationId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation-tabular/journaled/{invitationId}/{departmentId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation/journaled/{invitationId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation/journaled/{invitationId}/{meetingTypeId}
GET /api/v1/AllocationOverview/available-timeslots-for-invitation/{invitationId}/{meetingTypeId}
GET /api/v1/AllocationOverview/available-timeslots-for-meeting-type/{meetingTypeId}/{departmentId}
GET /api/v1/AllocationOverview/four-weeks
GET /api/v1/AllocationOverview/four-weeks/{invitationId}
GET /api/v1/AllocationOverview/get-timeslots-for-department-and-employee/{year}/{week}
GET /api/v1/AllocationOverview/get-timeslots-for-department/{year}/{week}
GET /api/v1/AllocationOverview/get-timeslots/{date}
GET /api/v1/AllocationOverview/get-timeslots/{year}/{week}
GET /api/v1/AllocationOverview/one-day
GET /api/v1/AllocationOverview/one-day/employee/{employeeId}
GET /api/v1/AllocationOverview/one-day/{invitationId}
GET /api/v1/AllocationOverview/one-week
GET /api/v1/AllocationOverview/time-interval/employee/{employeeId}
GET /api/v1/AllocationTemplateJob
GET /api/v1/ApiKey
GET /api/v1/ApiKey/{id}
GET /api/v1/Attendee/meetings
GET /api/v1/Attendee/meetings-by-memberId
GET /api/v1/Attendee/meetings-by-secret
GET /api/v1/Attendee/meetings/department/{departmentId}/date/{date}
GET /api/v1/Attendee/search
GET /api/v1/Attendee/validate-secret
GET /api/v1/Attendee/validate-secret/{email}/{secret}
GET /api/v1/Blocking/{id}
GET /api/v1/Bookings/search
GET /api/v1/Calendar
GET /api/v1/Calendar/Department
GET /api/v1/ChangeAudit/{id}
GET /api/v1/Config/attendee
GET /api/v1/Config/data-compliance
GET /api/v1/Config/exchange
GET /api/v1/Config/group-meeting
GET /api/v1/Config/holiday
GET /api/v1/Config/organization
GET /api/v1/Dashboard
GET /api/v1/Dashboard/{id}
GET /api/v1/Department
GET /api/v1/Department/ByForeignKey/{foreignKey}
GET /api/v1/Department/{id}
GET /api/v1/Employee
GET /api/v1/Employee/{id}
GET /api/v1/Forecast
GET /api/v1/Forecast/day
GET /api/v1/Forecast/period
GET /api/v1/Forecast/week
GET /api/v1/GroupMeeting
GET /api/v1/GroupMeeting/by-allocation/{id}
GET /api/v1/GroupMeeting/{id}
GET /api/v1/Idam/permissions
GET /api/v1/Idam/permissions/{id}
GET /api/v1/Idam/roles
GET /api/v1/Idam/roles/{id}
GET /api/v1/Idam/users
GET /api/v1/Idam/users/search
GET /api/v1/Idam/users/{id}
GET /api/v1/Invitation
GET /api/v1/Invitation/actual
GET /api/v1/Invitation/memberId/{memberId}
GET /api/v1/Invitation/search
GET /api/v1/Invitation/{id}
GET /api/v1/Location
GET /api/v1/Location/{id}
GET /api/v1/Meeting
GET /api/v1/Meeting/by-attendeeId/{attendeeId}
GET /api/v1/Meeting/{id}
GET /api/v1/MeetingMerit
GET /api/v1/MeetingMerit/{id}
GET /api/v1/MeetingType
GET /api/v1/MeetingType/voluntary
GET /api/v1/MeetingType/{id}
GET /api/v1/Report/booking
PATCH /api/v1/ApiKey/{id}/enabled/{enabled}
PATCH /api/v1/Department/{id}/locations
PATCH /api/v1/Employee/{id}/default-location
PATCH /api/v1/Employee/{id}/departments
PATCH /api/v1/Employee/{id}/meeting-types
PATCH /api/v1/GroupMeeting/{id}/activate
PATCH /api/v1/Idam/role/{id}
PATCH /api/v1/Idam/roles/{id}/foreign-key
PATCH /api/v1/Idam/roles/{id}/permissions
PATCH /api/v1/Idam/users/{id}/chosenDashboard
PATCH /api/v1/Idam/users/{id}/customDashboards
PATCH /api/v1/Idam/users/{id}/enabled/{enabled}
PATCH /api/v1/Idam/users/{id}/roles
PATCH /api/v1/MeetingMerit/{id}/meeting-types
PATCH /api/v1/MeetingType/{id}/employees
PATCH /api/v1/MeetingType/{id}/meeting-forms
PATCH /api/v1/MeetingType/{id}/meeting-merits
PATCH /api/v1/MeetingType/{id}/sort-index
POST /api/v1/Allocation/FromTemplate/{allocationTemplateId}
POST /api/v1/AllocationTemplateJob/{allocationTemplateId}
POST /api/v1/Attendee/registration/group-meeting/{id}
POST /api/v1/Blocking
POST /api/v1/ChangeAudit/rebooking-confirmation
POST /api/v1/Department/{departmentId}/allocationTemplate
POST /api/v1/GroupMeeting/{id}/registration
POST /api/v1/Idam/initialize
PUT /api/v1/Allocation/update-active/{active}
PUT /api/v1/Allocation/update-active/{departmentId}/{active}
PUT /api/v1/Attendee/registration/group-meeting/{id}/attendee/{attendeeId}
PUT /api/v1/GroupMeeting/rebook
PUT /api/v1/Meeting/rebook
PUT /api/v1/Meeting/rebook-from-group-meeting
PUT /api/v1/Meeting/rebook-to-group-meeting

Found on 2026-02-09 17:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: siteapi.dev.vorbestellservice.penny.at
Port: 443
URL: https://siteapi.dev.vorbestellservice.penny.at

First seen 2026-01-10 16:43
Last seen 2026-02-09 17:37
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62fb4caa8ea
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Variant
POST /api/Checkout/SubmitOrder
POST /api/Newsletter/Subscribe
```
  Found on 2026-02-09 17:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: api.dataportal.reconor.com
Port: 80
URL: http://api.dataportal.reconor.com

First seen 2025-11-21 09:20
Last seen 2026-02-09 16:06
Open for 80 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354906af09da06af09da06af09da06af09da06af09da
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/companies/norrecco/datasets/weighings
```
  Found on 2026-02-09 16:06
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035490ac9810c76de3ec376de3ec376de3ec376de3ec3
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/companies/citycontainer/datasets/co2
GET /api/companies/norrecco/datasets/weighings
```
  Found on 2025-11-30 14:32
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: registry.apps.union-investment.de
Port: 443
URL: https://registry.apps.union-investment.de

First seen 2025-11-25 20:28
Last seen 2026-02-09 15:53
Open for 75 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff439a214f49d4fc60f6bf88078c54c334ad67dbd969

Public Swagger UI/API detected at path: /swagger.json - sample paths:
DELETE /chartrepo/{repo}/charts/{name}/{version}/labels/{id}
GET /chartrepo/{repo}/charts/{name}/{version}/labels
GET /configurations
GET /health
GET /labels
GET /labels/{id}
GET /ldap/groups/search
GET /ldap/users/search
GET /projects
GET /projects/{project_id}
GET /projects/{project_id}/immutabletagrules
GET /projects/{project_id}/members
GET /projects/{project_id}/members/{mid}
GET /projects/{project_id}/metadatas
GET /projects/{project_id}/metadatas/{meta_name}
GET /projects/{project_id}/robots
GET /projects/{project_id}/robots/{robot_id}
GET /projects/{project_id}/scanner
GET /projects/{project_id}/scanner/candidates
GET /projects/{project_id}/summary
GET /projects/{project_id}/webhook/events
GET /projects/{project_id}/webhook/jobs
GET /projects/{project_id}/webhook/lasttrigger
GET /projects/{project_id}/webhook/policies
GET /projects/{project_id}/webhook/policies/{policy_id}
GET /quotas
GET /quotas/{id}
GET /registries
GET /registries/{id}
GET /registries/{id}/info
GET /registries/{id}/namespace
GET /replication/adapters
GET /replication/executions
GET /replication/executions/{id}
GET /replication/executions/{id}/tasks
GET /replication/executions/{id}/tasks/{task_id}/log
GET /replication/policies
GET /replication/policies/{id}
GET /retentions/metadatas
GET /retentions/{id}
GET /retentions/{id}/executions
GET /retentions/{id}/executions/{eid}/tasks
GET /retentions/{id}/executions/{eid}/tasks/{tid}
GET /scanners
GET /scanners/{registration_id}
GET /scanners/{registration_id}/metadata
GET /scans/all/metrics
GET /scans/schedule/metrics
GET /search
GET /statistics
GET /system/CVEWhitelist
GET /system/gc
GET /system/gc/schedule
GET /system/gc/{id}
GET /system/gc/{id}/log
GET /system/scanAll/schedule
GET /systeminfo
GET /systeminfo/getcert
GET /systeminfo/volumes
GET /usergroups
GET /usergroups/{group_id}
GET /users
GET /users/current
GET /users/current/permissions
GET /users/search
GET /users/{user_id}
PATCH /retentions/{id}/executions/{eid}
POST /email/ping
POST /ldap/ping
POST /ldap/users/import
POST /projects/{project_id}/webhook/policies/test
POST /registries/ping
POST /retentions
POST /scanners/ping
POST /system/oidc/ping
PUT /projects/{project_id}/immutabletagrules/{id}
PUT /users/{user_id}/cli_secret
PUT /users/{user_id}/password
PUT /users/{user_id}/sysadmin

Found on 2026-02-09 15:53

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: blh-bs-oad.q-plant.com
Port: 443
URL: https://blh-bs-oad.q-plant.com

First seen 2025-12-07 04:34
Last seen 2026-02-09 15:48
Open for 64 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 15:48
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: portal.stego-connect.de
Port: 443
URL: https://portal.stego-connect.de

First seen 2025-12-30 02:31
Last seen 2026-02-09 15:34
Open for 41 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 15:34

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499aa1f2a111e62b09ea0a9e38e72d3d27fb1c52ee

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables/{workflowVariableId}
DELETE /{__tenant__}/api/tenant/groups/{groupId}/users/{userId}
DELETE /{__tenant__}/api/users/invites/{userInviteId}
DELETE /{__tenant__}/api/users/{userId}
GET /api/admin/tenants
GET /api/tenants
GET /{__tenant__}/api/admin/remoteMaintenance
GET /{__tenant__}/api/alerts
GET /{__tenant__}/api/alerts/getEvents
GET /{__tenant__}/api/alerts/getLimits
GET /{__tenant__}/api/alerts/{alertId}
GET /{__tenant__}/api/alerts/{alertId}/actions
GET /{__tenant__}/api/alerts/{alertId}/actions/{actionId}
GET /{__tenant__}/api/alerts/{alertId}/conditions
GET /{__tenant__}/api/alerts/{alertId}/conditions/{conditionId}
GET /{__tenant__}/api/analytics/all
GET /{__tenant__}/api/assetgroups
GET /{__tenant__}/api/assetgroups/{assetGroupId}
GET /{__tenant__}/api/assetgroups/{assetGroupId}/assets
GET /{__tenant__}/api/assets
GET /{__tenant__}/api/assets/all
GET /{__tenant__}/api/dashboards
GET /{__tenant__}/api/dashboards/widgetTypes
GET /{__tenant__}/api/dashboards/{dashboardId}
GET /{__tenant__}/api/dataExports
GET /{__tenant__}/api/devices
GET /{__tenant__}/api/devices/all
GET /{__tenant__}/api/devices/{deviceId}
GET /{__tenant__}/api/devices/{deviceId}/analytics
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/states
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/periodicAggregatedTelemetry
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/customerDefinitions
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/events
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/metadata
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties/{name}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValues
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/periodicAggregatedTelemetry
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/userInterface
GET /{__tenant__}/api/devices/{deviceId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/events
GET /{__tenant__}/api/devices/{deviceId}/map
GET /{__tenant__}/api/devices/{deviceId}/masters/testConnectivity
GET /{__tenant__}/api/devices/{deviceId}/workflows
GET /{__tenant__}/api/devices/{deviceId}/workflows/nodeTypes
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables
GET /{__tenant__}/api/events
GET /{__tenant__}/api/map
GET /{__tenant__}/api/notifications
GET /{__tenant__}/api/notifications/types
GET /{__tenant__}/api/productionOrders
GET /{__tenant__}/api/productionOrders/{productionOrderId}/detail
GET /{__tenant__}/api/search
GET /{__tenant__}/api/telemetryGroups
GET /{__tenant__}/api/telemetryGroups/all
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}/telemetry
GET /{__tenant__}/api/tenant
GET /{__tenant__}/api/tenant/auditHistory
GET /{__tenant__}/api/tenant/group/{groupId}
GET /{__tenant__}/api/tenant/groups
GET /{__tenant__}/api/tenant/groups/{groupId}/users
GET /{__tenant__}/api/tenant/logo
GET /{__tenant__}/api/tenant/stylesheet
GET /{__tenant__}/api/users
GET /{__tenant__}/api/users/invites
GET /{__tenant__}/api/users/me
GET /{__tenant__}/api/workflows
GET /{__tenant__}/api/workflows/modules
GET /{__tenant__}/api/workflows/modules/nodeTypes
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}/versions
POST /{__tenant__}/api/admin/remoteMaintenance/{deviceId}
POST /{__tenant__}/api/ai
POST /{__tenant__}/api/dashboards/{dashboardId}/widgets
POST /{__tenant__}/api/dataExports/{id}/retry
POST /{__tenant__}/api/devices/{deviceId}/analytics/completions
POST /{__tenant__}/api/devices/{deviceId}/analytics/quickinfo
POST /{__tenant__}/api/devices/{deviceId}/analytics/signatures
POST /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/commands
POST /{__tenant__}/api/devices/{deviceId}/liveData
POST /{__tenant__}/api/devices/{deviceId}/masters/add
POST /{__tenant__}/api/devices/{deviceId}/workflows/data
POST /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/simulate
POST /{__tenant__}/api/users/invite
PUT /{__tenant__}/api/dashboards/{dashboardId}/widgets/{widgetId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/input/{inputId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/metaData
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/resume
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/disable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/enable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/resume
PUT /{__tenant__}/api/notifications/readAll
PUT /{__tenant__}/api/notifications/{notificationId}/read
PUT /{__tenant__}/api/productionOrders/{productionOrderId}
PUT /{__tenant__}/api/productionOrders/{productionOrderId}/update

Found on 2026-02-01 20:13

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499aa1f2a111e62b09ea0a9e38e72d3d274c9591d7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables/{workflowVariableId}
DELETE /{__tenant__}/api/tenant/groups/{groupId}/users/{userId}
DELETE /{__tenant__}/api/users/invites/{userInviteId}
DELETE /{__tenant__}/api/users/{userId}
GET /api/admin/tenants
GET /api/tenants
GET /{__tenant__}/api/admin/remoteMaintenance
GET /{__tenant__}/api/alerts
GET /{__tenant__}/api/alerts/getEvents
GET /{__tenant__}/api/alerts/getLimits
GET /{__tenant__}/api/alerts/{alertId}
GET /{__tenant__}/api/alerts/{alertId}/actions
GET /{__tenant__}/api/alerts/{alertId}/actions/{actionId}
GET /{__tenant__}/api/alerts/{alertId}/conditions
GET /{__tenant__}/api/alerts/{alertId}/conditions/{conditionId}
GET /{__tenant__}/api/analytics/all
GET /{__tenant__}/api/assetgroups
GET /{__tenant__}/api/assetgroups/{assetGroupId}
GET /{__tenant__}/api/assetgroups/{assetGroupId}/assets
GET /{__tenant__}/api/assets
GET /{__tenant__}/api/assets/all
GET /{__tenant__}/api/dashboards
GET /{__tenant__}/api/dashboards/widgetTypes
GET /{__tenant__}/api/dashboards/{dashboardId}
GET /{__tenant__}/api/dataExports
GET /{__tenant__}/api/devices
GET /{__tenant__}/api/devices/all
GET /{__tenant__}/api/devices/{deviceId}
GET /{__tenant__}/api/devices/{deviceId}/analytics
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/states
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/customerDefinitions
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/events
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/metadata
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties/{name}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValues
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/userInterface
GET /{__tenant__}/api/devices/{deviceId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/events
GET /{__tenant__}/api/devices/{deviceId}/map
GET /{__tenant__}/api/devices/{deviceId}/masters/testConnectivity
GET /{__tenant__}/api/devices/{deviceId}/workflows
GET /{__tenant__}/api/devices/{deviceId}/workflows/nodeTypes
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables
GET /{__tenant__}/api/events
GET /{__tenant__}/api/map
GET /{__tenant__}/api/notifications
GET /{__tenant__}/api/notifications/types
GET /{__tenant__}/api/productionOrders
GET /{__tenant__}/api/productionOrders/{productionOrderId}/detail
GET /{__tenant__}/api/search
GET /{__tenant__}/api/telemetryGroups
GET /{__tenant__}/api/telemetryGroups/all
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}/telemetry
GET /{__tenant__}/api/tenant
GET /{__tenant__}/api/tenant/auditHistory
GET /{__tenant__}/api/tenant/group/{groupId}
GET /{__tenant__}/api/tenant/groups
GET /{__tenant__}/api/tenant/groups/{groupId}/users
GET /{__tenant__}/api/tenant/logo
GET /{__tenant__}/api/tenant/stylesheet
GET /{__tenant__}/api/users
GET /{__tenant__}/api/users/invites
GET /{__tenant__}/api/users/me
GET /{__tenant__}/api/workflows
GET /{__tenant__}/api/workflows/modules
GET /{__tenant__}/api/workflows/modules/nodeTypes
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}/versions
POST /{__tenant__}/api/admin/remoteMaintenance/{deviceId}
POST /{__tenant__}/api/ai
POST /{__tenant__}/api/dashboards/{dashboardId}/widgets
POST /{__tenant__}/api/dataExports/{id}/retry
POST /{__tenant__}/api/devices/{deviceId}/analytics/completions
POST /{__tenant__}/api/devices/{deviceId}/analytics/quickinfo
POST /{__tenant__}/api/devices/{deviceId}/analytics/signatures
POST /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/commands
POST /{__tenant__}/api/devices/{deviceId}/liveData
POST /{__tenant__}/api/devices/{deviceId}/masters/add
POST /{__tenant__}/api/devices/{deviceId}/workflows/data
POST /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/simulate
POST /{__tenant__}/api/users/invite
PUT /{__tenant__}/api/dashboards/{dashboardId}/widgets/{widgetId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/input/{inputId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/metaData
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/resume
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/disable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/enable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/resume
PUT /{__tenant__}/api/notifications/readAll
PUT /{__tenant__}/api/notifications/{notificationId}/read
PUT /{__tenant__}/api/productionOrders/{productionOrderId}
PUT /{__tenant__}/api/productionOrders/{productionOrderId}/update

Found on 2026-01-08 20:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: lopareporting.emob-release-enbw.com
Port: 443
URL: https://lopareporting.emob-release-enbw.com

First seen 2025-12-26 11:05
Last seen 2026-02-09 14:52
Open for 45 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-09 14:52
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: iot.achtbytes.com
Port: 443
URL: https://iot.achtbytes.com

First seen 2025-12-29 12:25
Last seen 2026-02-09 14:27
Open for 42 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 14:27

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499aa1f2a111e62b09ea0a9e38e72d3d274c9591d7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables/{workflowVariableId}
DELETE /{__tenant__}/api/tenant/groups/{groupId}/users/{userId}
DELETE /{__tenant__}/api/users/invites/{userInviteId}
DELETE /{__tenant__}/api/users/{userId}
GET /api/admin/tenants
GET /api/tenants
GET /{__tenant__}/api/admin/remoteMaintenance
GET /{__tenant__}/api/alerts
GET /{__tenant__}/api/alerts/getEvents
GET /{__tenant__}/api/alerts/getLimits
GET /{__tenant__}/api/alerts/{alertId}
GET /{__tenant__}/api/alerts/{alertId}/actions
GET /{__tenant__}/api/alerts/{alertId}/actions/{actionId}
GET /{__tenant__}/api/alerts/{alertId}/conditions
GET /{__tenant__}/api/alerts/{alertId}/conditions/{conditionId}
GET /{__tenant__}/api/analytics/all
GET /{__tenant__}/api/assetgroups
GET /{__tenant__}/api/assetgroups/{assetGroupId}
GET /{__tenant__}/api/assetgroups/{assetGroupId}/assets
GET /{__tenant__}/api/assets
GET /{__tenant__}/api/assets/all
GET /{__tenant__}/api/dashboards
GET /{__tenant__}/api/dashboards/widgetTypes
GET /{__tenant__}/api/dashboards/{dashboardId}
GET /{__tenant__}/api/dataExports
GET /{__tenant__}/api/devices
GET /{__tenant__}/api/devices/all
GET /{__tenant__}/api/devices/{deviceId}
GET /{__tenant__}/api/devices/{deviceId}/analytics
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/states
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/capabilityModel
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/customerDefinitions
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/events
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/metadata
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/properties/{name}
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValue
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/lastValues
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/telemetry/timeline
GET /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/userInterface
GET /{__tenant__}/api/devices/{deviceId}/auditHistory
GET /{__tenant__}/api/devices/{deviceId}/events
GET /{__tenant__}/api/devices/{deviceId}/map
GET /{__tenant__}/api/devices/{deviceId}/masters/testConnectivity
GET /{__tenant__}/api/devices/{deviceId}/workflows
GET /{__tenant__}/api/devices/{deviceId}/workflows/nodeTypes
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory
GET /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/variables
GET /{__tenant__}/api/events
GET /{__tenant__}/api/map
GET /{__tenant__}/api/notifications
GET /{__tenant__}/api/notifications/types
GET /{__tenant__}/api/productionOrders
GET /{__tenant__}/api/productionOrders/{productionOrderId}/detail
GET /{__tenant__}/api/search
GET /{__tenant__}/api/telemetryGroups
GET /{__tenant__}/api/telemetryGroups/all
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}
GET /{__tenant__}/api/telemetryGroups/{telemetryGroupId}/telemetry
GET /{__tenant__}/api/tenant
GET /{__tenant__}/api/tenant/auditHistory
GET /{__tenant__}/api/tenant/group/{groupId}
GET /{__tenant__}/api/tenant/groups
GET /{__tenant__}/api/tenant/groups/{groupId}/users
GET /{__tenant__}/api/tenant/logo
GET /{__tenant__}/api/tenant/stylesheet
GET /{__tenant__}/api/users
GET /{__tenant__}/api/users/invites
GET /{__tenant__}/api/users/me
GET /{__tenant__}/api/workflows
GET /{__tenant__}/api/workflows/modules
GET /{__tenant__}/api/workflows/modules/nodeTypes
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}
GET /{__tenant__}/api/workflows/modules/{workflowModuleId}/versions
POST /{__tenant__}/api/admin/remoteMaintenance/{deviceId}
POST /{__tenant__}/api/ai
POST /{__tenant__}/api/dashboards/{dashboardId}/widgets
POST /{__tenant__}/api/dataExports/{id}/retry
POST /{__tenant__}/api/devices/{deviceId}/analytics/completions
POST /{__tenant__}/api/devices/{deviceId}/analytics/quickinfo
POST /{__tenant__}/api/devices/{deviceId}/analytics/signatures
POST /{__tenant__}/api/devices/{deviceId}/assets/{assetId}/commands
POST /{__tenant__}/api/devices/{deviceId}/liveData
POST /{__tenant__}/api/devices/{deviceId}/masters/add
POST /{__tenant__}/api/devices/{deviceId}/workflows/data
POST /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/simulate
POST /{__tenant__}/api/users/invite
PUT /{__tenant__}/api/dashboards/{dashboardId}/widgets/{widgetId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/input/{inputId}
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/metaData
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/analytics/{analyticsId}/resume
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/disable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/executionHistory/enable
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/pause
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/publish
PUT /{__tenant__}/api/devices/{deviceId}/workflows/{workflowId}/resume
PUT /{__tenant__}/api/notifications/readAll
PUT /{__tenant__}/api/notifications/{notificationId}/read
PUT /{__tenant__}/api/productionOrders/{productionOrderId}
PUT /{__tenant__}/api/productionOrders/{productionOrderId}/update

Found on 2026-01-09 11:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: blh.q-plant.com
Port: 443
URL: https://blh.q-plant.com

First seen 2025-12-07 04:35
Last seen 2026-02-09 14:15
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354931fecb4701c26d0e2a5027231e123a67365cf065

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/auth/login
GET /api/directoriesxvehicles/{vehicleRegistrationNumber}
GET /api/directoriesxvehicles/{vehicleRegistrationNumber}/presence
GET /api/onboardings/mobiledevice/{phoneNumber}/status
GET /api/pip/devices/{deviceid}/messagetypes/{messagetype}
GET /api/pip/devices/{deviceid}/messagetypes/{messagetype}/dates/{datetime}
GET /api/pip/devices/{deviceid}/messagetypes/{messagetype}/years/{year}
GET /api/secrets/googleanalyticskey
GET /api/secrets/googlemapskey
GET /api/secrets/webpushpublickey
GET /api/users/supportuser/profileimage
GET /api/users/{userId}/profileimage
GET /api/users/{userId}/profileimagedefault
GET /api/vehicles/truckBuddyAppEnabled
GET /api/vehicles/truckBuddyAppEnabledByIdentifiers
GET /signup/begin
POST /signup/finish
PUT /api/vehicles/{id}/startonboarding

Found on 2026-02-09 14:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: test.energiebelastingteruggaaf.chippr.dev
Port: 80
URL: http://test.energiebelastingteruggaaf.chippr.dev

First seen 2026-01-11 14:19
Last seen 2026-02-09 09:15
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496141b312fafd072f092944a9c7ad6fd7d8152ab3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/accounts/{accountId}/financialDetails/{financialDetailsId}
DELETE /api/accounts/{accountId}/managerAccounts/{managerId}
DELETE /api/batch/item/{batchItemId}
GET /api/accounts
GET /api/accounts/{accountId}
GET /api/accounts/{accountId}/files
GET /api/activities
GET /api/activities/{activityId}
GET /api/batch/items
GET /api/batch/items/{batchItemId}
GET /api/batch/{batchId}
GET /api/boxes
GET /api/boxes/{boxId}
GET /api/complexes
GET /api/complexes/{complexId}
GET /api/complexes/{complexId}/accounts/powersOfAttorney
GET /api/customerInvoice/{invoiceId}
GET /api/documents/termsAndConditions
GET /api/eanCodes
GET /api/exports/monthly
GET /api/files/{fileId}
GET /api/financialDetails
GET /api/financialDetails/{financialDetailsId}
GET /api/invoices/{invoiceId}
GET /api/mail/contactperson
GET /api/mail/powersOfAttorney/template
GET /api/mail/taxAuthorityDecision/template
GET /api/mailingAddresses
GET /api/periods
GET /api/periods/{periodId}
GET /api/periods/{periodId}/accounts/powersOfAttorney
GET /api/periods/{periodId}/ebtCalculation
GET /api/powersOfAttorney/{powerOfAttorneyId}
GET /api/stats/statuses
GET /api/users
GET /api/users/current
GET /api/users/{userId}
PATCH /api/identity/password
POST /api/accounts/send/reminder-mail
POST /api/accounts/{accountId}/managerAccounts
POST /api/accounts/{accountId}/powersOfAttorney
POST /api/batch
POST /api/complexes/letters
POST /api/complexes/{complexId}/address
POST /api/complexes/{complexId}/files
POST /api/complexes/{complexId}/periods
POST /api/customerInvoice
POST /api/documents/powersOfAttorney
POST /api/exports/accounts
POST /api/exports/letters
POST /api/exports/payments
POST /api/exports/periods
POST /api/identity/password/reset/confirm
POST /api/identity/password/reset/request
POST /api/invoices/{invoiceId}/files
POST /api/mail/powersOfAttorney
POST /api/mail/reminder
POST /api/mail/signatures
POST /api/mail/taxAuthorityDecision
POST /api/periods/recalculate
POST /api/periods/{periodId}/calculationPdf
POST /api/periods/{periodId}/electricityInvoices
POST /api/periods/{periodId}/files
POST /api/periods/{periodId}/gasInvoices
POST /api/powersOfAttorney/{powerOfAttorneyId}/files
POST /oauth2/token
PUT /api/accounts/{accountId}/complexes/{complexId}
PUT /api/accounts/{accountId}/users/{userId}
PUT /api/batch/item
PUT /api/complexAddresses/{complexAddressId}
PUT /api/complexes/{complexId}/users/{userId}
PUT /api/mailingAddresses/{mailingAddressId}

Found on 2026-02-09 09:15

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496141b312fafd072f092944a9c7ad6fd795728032

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/accounts/{accountId}/financialDetails/{financialDetailsId}
DELETE /api/accounts/{accountId}/managerAccounts/{managerId}
DELETE /api/batch/item/{batchItemId}
GET /api/accounts
GET /api/accounts/{accountId}
GET /api/accounts/{accountId}/files
GET /api/activities
GET /api/activities/{activityId}
GET /api/batch/items
GET /api/batch/items/{batchItemId}
GET /api/batch/{batchId}
GET /api/boxes
GET /api/boxes/{boxId}
GET /api/complexes
GET /api/complexes/{complexId}
GET /api/complexes/{complexId}/accounts/powersOfAttorney
GET /api/customerInvoice/{invoiceId}
GET /api/documents/termsAndConditions
GET /api/eanCodes
GET /api/exports/monthly
GET /api/files/{fileId}
GET /api/financialDetails
GET /api/financialDetails/{financialDetailsId}
GET /api/invoices/{invoiceId}
GET /api/mail/contactperson
GET /api/mail/powersOfAttorney/template
GET /api/mail/taxAuthorityDecision/template
GET /api/mailingAddresses
GET /api/periods
GET /api/periods/{periodId}
GET /api/periods/{periodId}/accounts/powersOfAttorney
GET /api/periods/{periodId}/ebtCalculation
GET /api/powersOfAttorney/{powerOfAttorneyId}
GET /api/stats/statuses
GET /api/users
GET /api/users/current
GET /api/users/{userId}
PATCH /api/identity/password
POST /api/accounts/send/reminder-mail
POST /api/accounts/{accountId}/managerAccounts
POST /api/accounts/{accountId}/powersOfAttorney
POST /api/batch
POST /api/complexes/letters
POST /api/complexes/{complexId}/address
POST /api/complexes/{complexId}/files
POST /api/complexes/{complexId}/periods
POST /api/customerInvoice
POST /api/documents/powersOfAttorney
POST /api/exports/accounts
POST /api/exports/letters
POST /api/exports/payments
POST /api/exports/periods
POST /api/identity/password/reset/confirm
POST /api/identity/password/reset/request
POST /api/invoices/{invoiceId}/files
POST /api/mail/powersOfAttorney
POST /api/mail/reminder
POST /api/mail/signatures
POST /api/mail/taxAuthorityDecision
POST /api/periods/recalculate
POST /api/periods/{periodId}/electricityInvoices
POST /api/periods/{periodId}/files
POST /api/periods/{periodId}/gasInvoices
POST /api/powersOfAttorney/{powerOfAttorneyId}/files
POST /oauth2/token
PUT /api/accounts/{accountId}/complexes/{complexId}
PUT /api/accounts/{accountId}/users/{userId}
PUT /api/batch/item
PUT /api/complexAddresses/{complexAddressId}
PUT /api/complexes/{complexId}/users/{userId}
PUT /api/mailingAddresses/{mailingAddressId}

Found on 2026-01-11 14:19

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: backend.scottmakesyoumove.com
Port: 80
URL: http://backend.scottmakesyoumove.com

First seen 2026-01-13 09:25
Last seen 2026-02-09 07:17
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-09 07:17
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e5a50942d86891d4e824d2020dc06eae6b1033d1b7
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/account
GET /api/v1/account/{accountId}/biometrics
GET /api/v1/account/{accountId}/healthindex
GET /api/v1/account/{accountId}/mobilities
GET /api/v1/account/{accountId}/sessions
GET /api/v1/account/{accountId}/sessions/{sessionId}
GET /api/v1/leaderboard
GET /api/v1/leaderboard/recent-winner
POST /api/v1/chatbot/initiate
POST /api/v1/chunks/search
POST /api/v1/chunks/upload
POST /api/v1/chunks/upload/batch
POST /api/v1/files/sync
```
  Found on 2026-01-16 23:03
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: mvp.develop.chippr.dev
Port: 80
URL: http://mvp.develop.chippr.dev

First seen 2025-12-10 05:33
Last seen 2026-02-09 04:12
Open for 60 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f5193dd7b4ae9a34cbe7ee842cf4dfc24ddf0c79

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/outings/{outingId}/gallery/{imageId}
DELETE /api/teams/current/users/{userId}
GET /api/competitions
GET /api/competitions/current
GET /api/competitions/{competitionId}
GET /api/competitions/{competitionId}/previous
GET /api/competitions/{competitionId}/upcoming
GET /api/events
GET /api/events/{eventId}
GET /api/files/{fileId}
GET /api/files/{fileId}/download
GET /api/knhb/club/{clubId}/teams
GET /api/knhb/clubs
GET /api/knhb/clubs/{clubId}
GET /api/knhb/matches/current
GET /api/knhb/matches/upcoming
GET /api/knhb/matches/{matchId}
GET /api/knhb/standing/current
GET /api/knhb/teams/current/competitions/{competitionId}
GET /api/knhb/teams/current/competitions/{competitionId}/standings
GET /api/knhb/teams/{knhbTeamId}/competitions/{competitionId}
GET /api/knhb/teams/{teamId}
GET /api/ledgers
GET /api/ledgers/{ledgerId}
GET /api/matches
GET /api/matches/knhb/{knhbMatchId}
GET /api/matches/{matchId}
GET /api/matches/{matchId}/previous
GET /api/outings
GET /api/outings/{outingId}
GET /api/teams/current
GET /api/teams/current/matches
GET /api/teams/current/ranks
GET /api/teams/{teamId}
GET /api/tokens/{token}/team
GET /api/transactions/{transactionId}
GET /api/users
GET /api/users/current
PATCH /api/teams/current/token
POST /api/events/{eventId}/EventResponses
POST /api/events/{eventId}/Image
POST /api/identity/password/resetToken
POST /api/ledgers/{ledgerId}/transactions
POST /api/outings/{outingId}/background
POST /api/outings/{outingId}/gallery
POST /api/outings/{outingId}/logo
POST /api/users/current/avatar
POST /oauth2/tokens
PUT /api/events/{eventId}/EventResponses/{eventResponseId}
PUT /api/events/{eventId}/Rankings
PUT /api/identity/password
PUT /api/matches/{matchId}/goals
PUT /api/matches/{matchId}/rankings
PUT /api/matches/{matchId}/statistics

Found on 2026-02-09 04:12

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: backend.scottmakesyoumove.com
Port: 443
URL: https://backend.scottmakesyoumove.com

First seen 2026-01-13 09:25
Last seen 2026-02-02 05:32
Open for 19 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-02 05:32
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e5a50942d86891d4e824d2020dc06eae6b1033d1b7
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/account
GET /api/v1/account/{accountId}/biometrics
GET /api/v1/account/{accountId}/healthindex
GET /api/v1/account/{accountId}/mobilities
GET /api/v1/account/{accountId}/sessions
GET /api/v1/account/{accountId}/sessions/{sessionId}
GET /api/v1/leaderboard
GET /api/v1/leaderboard/recent-winner
POST /api/v1/chatbot/initiate
POST /api/v1/chunks/search
POST /api/v1/chunks/upload
POST /api/v1/chunks/upload/batch
POST /api/v1/files/sync
```
  Found on 2026-01-17 01:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: adminapi.vorbestellservice.penny.at
Port: 443
URL: https://adminapi.vorbestellservice.penny.at

First seen 2025-12-09 10:02
Last seen 2026-02-02 02:51
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6030a309e221ca86b2579bfdb802b4ded826cda7eb
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Allergen
GET /api/Allergen/{id}
GET /api/Article
GET /api/Article/{id}
GET /api/Capacity
GET /api/Capacity/{id}
GET /api/Category
GET /api/Category/{id}
GET /api/GlobalOpeningTime
GET /api/GlobalOpeningTime/{id}
GET /api/Online
GET /api/Order
GET /api/Order/{id}
GET /api/OrderExport/detailedData
GET /api/OrderExport/overallData
GET /api/Shop
GET /api/Shop/getShopsFromApi
GET /api/Shop/{id}
GET /api/User
GET /api/User/{id}
GET /api/Variant
GET /api/Voucher
GET /api/Voucher/{id}
PATCH /api/Category/Order
PATCH /api/User/changePassword
PATCH /api/User/lockUnlock
POST /api/Image/{path}
POST /api/User/signIn
```
  Found on 2026-02-02 02:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: kems.dev.visualcomponents.com
Port: 443
URL: https://kems.dev.visualcomponents.com

First seen 2026-01-05 10:51
Last seen 2026-02-02 02:37
Open for 27 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d036d80feb791976cec5175aae2c7d3f01bd05d6

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Account/GetAvailableProductsOtherThanSubscriptionWithBucketId
GET /api/Account/GetAvailableProductsSubscriptionWithBucketId
GET /api/Account/GetAvailableProductsWithBucketId
GET /api/Account/GetCompanies
GET /api/Account/ProductEntitlementsList
GET /api/CRM
GET /api/Company/GetCompanyLicenseAdminsWithBucketId
GET /api/Company/GetCompanyLicenseUsageWithBucketId
GET /api/Company/GetCompanyUsersWithBucketId
GET /api/Document/GetLatestReleaseNotes
GET /api/Product/FreeProducts
GET /api/Product/GetByBucketId/{productBucketId}
GET /api/Product/ProductEntitlementsListByBucketId
GET /api/Product/ProductEntitlementsListSubscriptionByBucketId
GET /api/Product/ProductList
GET /api/Product/ProductListNoSubscription
GET /api/Product/ProductListSubscription
GET /api/User/GetCurrentAccountsUser
GET /api/User/GetCurrentUser
GET /api/User/GetCurrentUserCompany
GET /api/User/GetCurrentUserComputers
GET /api/User/GetCurrentUserName
GET /api/User/GetCurrentUserNonSubscriptionProducts
GET /api/User/GetCurrentUserProducts
GET /api/User/GetCurrentUserRole
GET /api/User/GetCurrentUserRoles
GET /api/User/GetCurrentUserSubscriptionProducts
GET /api/User/GetUserByBucketId
GET /api/User/GetUserCompanies
GET /api/User/GetUsersSimple
GET /api/User/SearchUsersWithoutCompanyAdminsWithBucketId
POST /api/Account/AddEntitlements
POST /api/Account/AddEntitlementsSubscription
POST /api/Account/AddEntitlementsToUsers
POST /api/Account/AddEntitlementsToUsersSubscription
POST /api/Account/GetAvailableAddOns
POST /api/Account/GetAvailableAddOnsOtherThanSubscription
POST /api/Account/GetAvailableAddOnsSubscription
POST /api/Account/Search
POST /api/Account/SearchCompanyUsers
POST /api/Company/search
POST /api/Entitlement/ActivateEntitlements
POST /api/Entitlement/DeactivateEntitlements
POST /api/Entitlement/GetProductKeys
POST /api/MyLicense/AssignLicense
POST /api/MyLicense/AssignLicenses
POST /api/MyLicense/CreateLicense
POST /api/MyLicense/CreateLicenseForUser
POST /api/MyLicense/CreateLicenses
POST /api/MyLicense/CreateLicensesForUser
POST /api/MyLicense/GetLicenseStatus
POST /api/MyLicense/GetLicenseStatuses
POST /api/MyLicense/GetUserLicenseData
POST /api/MyLicense/GetUserLicensesData
POST /api/MyLicense/ReassignLicense
POST /api/MyLicense/ReassignLicenses
POST /api/MyLicense/UpdateExpirationDate
POST /api/MyLicense/UpdateExpirationDates
POST /api/Product/ProductListNoSubscriptionSeats
POST /api/Product/ProductListNoSubscriptionSeatsWithCompanyBucketId
POST /api/Product/ProductListSubscriptionSeats
POST /api/Product/ProductListSubscriptionSeatsWithCompanyBucketId
POST /api/Product/RemoveEntitlements
POST /api/Product/RemoveEntitlementsFromUsers
POST /api/Product/RemoveSubscriptions
POST /api/Product/RemoveSubscriptionsFromUsers
POST /api/Product/getProductInfo
POST /api/Product/getProductInfoOtherThanSubscription
POST /api/Product/getProductInfoSubscrption
POST /api/Product/searchUnassignedSubscriptionUsers
POST /api/Product/searchassigned
POST /api/Product/searchassignedOtherThanSubscription
POST /api/Product/searchassignedSubscription
POST /api/User/Activate
POST /api/User/AddUsers
POST /api/User/CreateCompanyAdmin
POST /api/User/CreateUser
POST /api/User/Deactivate
POST /api/User/DeleteUsers
POST /api/User/DemoteUsersFromCompanyAdmin
POST /api/User/FindUsersWithoutCompanyAdmins
POST /api/User/GetCurrentUserComputerDetails
POST /api/User/GetCurrentUserProductKeyInfo
POST /api/User/GetCurrentUserProductKeys
POST /api/User/GetUserProductsByBucketId
POST /api/User/PromoteUsersToCompanyAdmin
POST /api/User/SearchUser

Found on 2026-02-02 02:37

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-09 19:05

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: mein-vitatherm.at
Port: 443
URL: https://mein-vitatherm.at

First seen 2022-07-12 14:25
Last seen 2026-02-02 02:04
Open for 1300 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-02 02:04
  
  380 Bytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: api.t-rexservices.be
Port: 443
URL: https://api.t-rexservices.be

First seen 2026-01-11 09:35
Last seen 2026-02-02 00:52
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354908b4028a25e7ef38c981561eefd8d274ccc365af
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Networks/{networkId}/files/{fileId}
GET /Networks
GET /Networks/{networkId}
GET /Networks/{networkId}/files
GET /POI
GET /RoadWorks
GET /Routes/{networkId}
POST /Osm/import
POST /Osm/snap
POST /RoadWorks/import
```
  Found on 2026-02-02 00:52
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: course-backoffice-api.ehbotest.nl
Port: 443
URL: https://course-backoffice-api.ehbotest.nl

First seen 2025-12-28 06:27
Last seen 2026-02-01 22:21
Open for 35 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549ff2b3396d73fb87754b3e48e979bf98c67cbe177
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Course/delete/{courseId}
DELETE /api/CourseGroup/delete/{courseGroupId}
DELETE /api/Lms/delete/{lmsId}
GET /api/Course/list
GET /api/Course/{courseId}
GET /api/Course/{courseId}/status
GET /api/CourseGroup/list
GET /api/CourseGroup/{courseGroupId}
GET /api/Lms/generatetoken/{lmsId}
GET /api/Lms/list
GET /api/Lms/{lmsId}
POST /api/Course/create
POST /api/Course/upload/{courseId}
POST /api/CourseGroup/create
POST /api/Lms/create
POST /connect/authorize
POST /connect/token
PUT /api/Course/update
PUT /api/CourseGroup/update
PUT /api/Lms/coupletocourses
PUT /api/Lms/update
```
  Found on 2026-02-01 22:21
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: www.mein-vitatherm.at
Port: 443
URL: https://www.mein-vitatherm.at

First seen 2022-07-12 14:29
Last seen 2026-02-01 18:13
Open for 1300 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-01 18:13
  
  380 Bytes
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: develop.phase2.chippr.dev
Port: 80
URL: http://develop.phase2.chippr.dev

First seen 2026-01-10 17:46
Last seen 2026-01-23 14:01
Open for 12 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354963043ef98574c6a143977fd9a9a2571028353577

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/account/{userId}/rejectAccount
DELETE /api/clients/{clientId}/documents/{documentId}
DELETE /api/clients/{clientId}/medications/{medicationId}
DELETE /api/organizations/current/references/{referenceId}
DELETE /api/treatment-plans/{id}/documents/{documentId}
GET /api/Practitioners/{practitionerId}/careRelationships/clients
GET /api/account/confirmEmail
GET /api/account/manage/info
GET /api/antiforgery/token
GET /api/clients
GET /api/clients/signals
GET /api/clients/{clientId}
GET /api/clients/{clientId}/careRelationships
GET /api/clients/{clientId}/contactPersons
GET /api/clients/{clientId}/documents
GET /api/clients/{clientId}/events
GET /api/clients/{clientId}/financings
GET /api/clients/{clientId}/generalPractitioner
GET /api/clients/{clientId}/logs
GET /api/clients/{clientId}/notes
GET /api/clients/{clientId}/reports
GET /api/clients/{clientId}/requiredDocuments
GET /api/clients/{clientId}/tasks
GET /api/events/{eventId}
GET /api/organizations/current
GET /api/organizations/current/appointmentTypes
GET /api/organizations/current/careTrajectories
GET /api/organizations/current/documentLabels
GET /api/organizations/current/locations
GET /api/organizations/current/references
GET /api/organizations/current/resources
GET /api/organizations/current/teams
GET /api/organizations/current/users
GET /api/reports/{reportId}
GET /api/resources/{resourceId}/events
GET /api/tasks/current
GET /api/tasks/{taskId}
GET /api/tasktriggers/current
GET /api/tasktriggers/{triggerId}
GET /api/teams/current
GET /api/teams/{teamId}
GET /api/transcriptions
GET /api/transcriptions/prompt
GET /api/treatment-plans
GET /api/treatment-plans/{id}
GET /api/users/current
GET /api/users/current/clients
GET /api/users/current/events
GET /api/users/{userId}
GET /api/users/{userId}/clients
GET /api/users/{userId}/events
PATCH /api/clients/{clientId}/documents/{documentId}/documentLabel
POST /api/account/acceptAccount
POST /api/account/forgotPassword
POST /api/account/invite
POST /api/account/login
POST /api/account/logout
POST /api/account/manage/2fa
POST /api/account/refresh
POST /api/account/register
POST /api/account/request
POST /api/account/resendConfirmationEmail
POST /api/account/resetPassword
POST /api/clients/{clientId}/careRelationships/teams/{teamId}
POST /api/clients/{clientId}/careRelationships/{practitionerId}
POST /api/events
POST /api/events/weekly
POST /api/reports/appointment/{appointmentId}
POST /api/reports/client/{clientId}
POST /api/tasks
POST /api/tasktriggers
POST /api/teams
POST /api/transcriptions/appointment
POST /api/transcriptions/client
POST /api/transcriptions/upload
POST /api/transcriptions/{transcriptionId}/summary
POST /api/treatment-plans/{id}/documents
POST /api/treatment-plans/{id}/tasks
POST /api/users/current/picture
PUT /api/Practitioners/current
PUT /api/clients/{clientId}/financings/{financingId}
PUT /api/clients/{clientId}/medications
PUT /api/organizations/current/appointmentTypes/{appointmentTypeId}
PUT /api/organizations/current/prompts
PUT /api/reports/{reportId}/regenerate
PUT /api/treatment-plans/{id}/tasks/{taskId}

Found on 2026-01-23 14:01

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-16 22:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: product.suitapi.com
Port: 443
URL: https://product.suitapi.com

First seen 2026-01-03 12:35
Last seen 2026-01-23 13:17
Open for 20 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d68d7c993ba43e0b2bd92917ef5ac66f2ff18b83

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/CommercialDescription/GetCommercialDescriptionByItemCode
GET /api/v1/CommercialDescription/GetCommercialDescriptions
GET /api/v1/CommercialDescription/GetCommercialDescriptionsByItemCodes
GET /api/v1/Division/GetCategoriesByDepartmentId
GET /api/v1/Division/GetCategoryById
GET /api/v1/Division/GetDepartmentById
GET /api/v1/Division/GetDepartmentsByDivisionId
GET /api/v1/Division/GetDivisionById
GET /api/v1/Division/GetDivisions
GET /api/v1/Item/GetItemByItemCode
GET /api/v1/Item/GetItemDetails
GET /api/v1/Item/GetItemDetailsByEanCodes
GET /api/v1/Item/GetItemDetailsByItemCodes
GET /api/v1/Item/GetItemDetailsByItemDetailCodes
GET /api/v1/Item/GetItems
GET /api/v1/Item/GetItemsByCategoryId
GET /api/v1/ItemCode/GetItemCodesByItemClassCode
GET /api/v1/ItemCode/GetItemCodesByItemClassId
GET /api/v1/ItemCode/GetItemCodesByItemDetailCodes
GET /api/v1/ItemCode/GetItemCodesByItemIds
GET /api/v1/ItemCode/GetItemDetailCodeByEanCode
GET /api/v1/ItemDetailWebsite/GetItemDetailWebsitesByItemCode
GET /api/v1/ItemDetailWebsite/GetItemDetailWebsitesByItemDetailCode
GET /api/v1/ItemDetailWebsite/GetOnlineItemDetailWebsites
GET /api/v1/OriginItem/GetItemDetailsByOriginItemCode
GET /api/v1/OriginItem/GetOriginItemByItemCode
GET /api/v1/OriginItem/GetOriginItemDetails
GET /api/v1/OriginItem/GetOriginItemDetailsByItemDetailCodes
GET /api/v1/OriginItem/GetOriginItems
GET /api/v1/ParentChild/GetParentChildRecordsByStyleCode
GET /api/v1/Price/GetCurrentPriceByItemCodeAndRegionId
GET /api/v1/Price/GetCurrentPricesByItemCode
POST /api/v1/Item/FindItemDetails
POST /api/v1/Item/GetItemsByItemCodes

Found on 2026-01-23 13:17

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: develop.wastewarrior.chippr.dev
Port: 443
URL: https://develop.wastewarrior.chippr.dev

First seen 2025-12-10 05:32
Last seen 2026-01-23 12:56
Open for 44 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 12:56

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd959595c8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/daily-counts
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2026-01-02 23:45

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd9c264625

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2025-12-16 22:34

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: blh-as-ap.q-plant.com
Port: 443
URL: https://blh-as-ap.q-plant.com

First seen 2025-12-07 04:34
Last seen 2026-01-23 04:18
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549010cc3cabbafb480236ceb44d562708cd5e196d3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v{version}/apikeys
GET /api/v{version}/apikeys/{apiKeyId}
GET /api/v{version}/clientrelationspermonth
GET /api/v{version}/crm-report
GET /api/v{version}/customerdeliverydata
GET /api/v{version}/deliverydata
GET /api/v{version}/features
GET /api/v{version}/landing-page-images
GET /api/v{version}/landing-page-images/{fileName}
GET /api/v{version}/masterdatasets
GET /api/v{version}/navigation
GET /api/v{version}/plants
GET /api/v{version}/settings
GET /api/v{version}/settings/subscriptionplan
GET /api/v{version}/settings/supportuserallowed
GET /api/v{version}/tbadeliverydata
GET /api/v{version}/users/communicationinformation
GET /apiinfos
POST /api/v{version}/apikeys/synchronizeRevoked
POST /api/v{version}/bi/startreorg
POST /api/v{version}/invitations/invitesupportuser

Found on 2026-01-23 04:18

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: blh-api.q-plant.com
Port: 443
URL: https://blh-api.q-plant.com

First seen 2025-12-07 04:36
Last seen 2026-01-23 04:18
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 04:18
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: course-api.ehbotest.nl
Port: 443
URL: https://course-api.ehbotest.nl

First seen 2025-12-22 04:12
Last seen 2026-01-23 00:29
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b84afd05e16f71aa76aacb694d6e57bdad58357b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/ScormData/courseparticipation/{courseParticipationId}
GET /api/Authentication/contentaccess/{courseId}
GET /api/Authentication/courseparticipation
GET /api/Authentication/login
GET /api/Authentication/token/access
GET /api/Authentication/token/refresh
GET /api/Course/info/{courseId}
GET /api/Info
GET /api/Lms
GET /api/Lms/id/{id}
GET /api/ScormData/available
GET /api/ScormData/latestcourseparticipation
GET /api/ScormData/results
GET /api/User
GET /api/User/existing
POST /api/Authentication/registeruser
POST /api/Lms/webhook
POST /api/ScormData/courseparticipation
POST /api/ScormData/reset
POST /api/ScormData/startcourse
POST /api/Webinar/addtocourse
POST /api/Webinar/removefromcourse
PUT /api/ScormData

Found on 2026-01-23 00:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: develop.fullcharge.chippr.dev
Port: 443
URL: https://develop.fullcharge.chippr.dev

First seen 2025-12-02 07:16
Last seen 2026-01-22 22:29
Open for 51 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499b42d70588bacebd55b247f7794a3ed336deb0e4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Invitations/{invitationId}
DELETE /api/Participants/{participantId}
DELETE /api/Questions/{questionid}
DELETE /api/Subscriptions/{subscriptionId}/schedules/{scheduleId}
DELETE /api/programs/{themeId}/options/{optionId}
GET /api/Activities
GET /api/Activities/{activityId}
GET /api/ActivityExecutions/coach/{coachUserId}
GET /api/ActivityExecutions/company/{companyId}
GET /api/ActivityExecutions/picked
GET /api/ActivityExecutions/previous
GET /api/Challenges
GET /api/Challenges/activities/{challengeActivityId}
GET /api/Challenges/{challengeId}
GET /api/Challenges/{challengeId}/popups
GET /api/Challenges/{challengeId}/popups/{day}
GET /api/Coaches
GET /api/Coaches/current
GET /api/Coaches/current/participants
GET /api/Coaches/current/participants/executions
GET /api/Companies
GET /api/Companies/inactive
GET /api/Companies/{companyId}
GET /api/Companies/{companyId}/activities
GET /api/Companies/{companyId}/activities/{activityId}/executions
GET /api/Companies/{companyId}/participants
GET /api/Companies/{companyId}/subscriptionPrograms
GET /api/Companies/{companyId}/subscriptionPrograms/programs
GET /api/Invitations
GET /api/Options/{optionId}/optionchallenges
GET /api/Participants/current
GET /api/Participants/current/challenge/popups/today
GET /api/Participants/current/checklist
GET /api/Participants/current/coach
GET /api/Participants/current/journey
GET /api/Participants/current/profile
GET /api/Participants/individuals
GET /api/Participants/{participantId}/activityExecutions
GET /api/Participants/{participantId}/challengeBacklog
GET /api/Participants/{participantId}/journey
GET /api/Participants/{participantId}/notes
GET /api/Participants/{participantId}/profile
GET /api/Participants/{participantId}/subscriptionPrograms/programs
GET /api/ParticipationCodes/companies/{companyId}
GET /api/Subscriptions
GET /api/Subscriptions/program/available
GET /api/Subscriptions/{subscriptionId}
GET /api/Subscriptions/{subscriptionId}/schedules
GET /api/Topics
GET /api/programs
GET /api/programs/types
GET /api/programs/{themeId}
GET /api/programs/{themeId}/challenge
GET /api/programs/{themeId}/types
GET /options/available
PATCH /api/Coaches/current/introduction
PATCH /api/Companies/{companyId}/participationCodes/{participationCodeId}
PATCH /api/Options/{optionId}
PATCH /api/Participants/current/challenge
PATCH /api/Participants/current/firebase/token
PATCH /api/Participants/current/onboarding
PATCH /api/ParticipationCodes/usages
PATCH /api/Popups/{popupId}
PATCH /api/Questions
POST /api/Activities/{activityId}/questions
POST /api/ActivityExecutions
POST /api/ActivityExecutions/{activityExecutionId}/feedback
POST /api/ActivityExecutions/{activityExecutionId}/processed
POST /api/Challenges/{challengeId}/activities/{activityId}
POST /api/Companies/{companyId}/participationCodes
POST /api/Invitations/resend
POST /api/Invitations/users
POST /api/Options/{optionId}/challenges/{challengeId}
POST /api/Questions/{questionId}
POST /api/Subscriptions/{subscriptionId}/programs/{programId}
POST /api/programs/{themeId}/options
POST /api/programs/{themeId}/options/{optionId}/challenges/{challengeId}
PUT /api/ActivityExecutions/{activityId}/challengeExecutions

Found on 2026-01-22 22:29

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-11 11:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: fortanademo-be.grapetest.xyz
Port: 443
URL: https://fortanademo-be.grapetest.xyz

First seen 2026-01-01 00:47
Last seen 2026-01-22 20:58
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-22 20:58
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: develop.phase2.chippr.dev
Port: 443
URL: https://develop.phase2.chippr.dev

First seen 2026-01-10 17:46
Last seen 2026-01-16 15:11
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 15:11
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: test.energiebelastingteruggaaf.chippr.dev
Port: 443
URL: https://test.energiebelastingteruggaaf.chippr.dev

First seen 2026-01-11 14:19
Last seen 2026-01-16 14:43
Open for 5 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496141b312fafd072f092944a9c7ad6fd7d8152ab3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/accounts/{accountId}/financialDetails/{financialDetailsId}
DELETE /api/accounts/{accountId}/managerAccounts/{managerId}
DELETE /api/batch/item/{batchItemId}
GET /api/accounts
GET /api/accounts/{accountId}
GET /api/accounts/{accountId}/files
GET /api/activities
GET /api/activities/{activityId}
GET /api/batch/items
GET /api/batch/items/{batchItemId}
GET /api/batch/{batchId}
GET /api/boxes
GET /api/boxes/{boxId}
GET /api/complexes
GET /api/complexes/{complexId}
GET /api/complexes/{complexId}/accounts/powersOfAttorney
GET /api/customerInvoice/{invoiceId}
GET /api/documents/termsAndConditions
GET /api/eanCodes
GET /api/exports/monthly
GET /api/files/{fileId}
GET /api/financialDetails
GET /api/financialDetails/{financialDetailsId}
GET /api/invoices/{invoiceId}
GET /api/mail/contactperson
GET /api/mail/powersOfAttorney/template
GET /api/mail/taxAuthorityDecision/template
GET /api/mailingAddresses
GET /api/periods
GET /api/periods/{periodId}
GET /api/periods/{periodId}/accounts/powersOfAttorney
GET /api/periods/{periodId}/ebtCalculation
GET /api/powersOfAttorney/{powerOfAttorneyId}
GET /api/stats/statuses
GET /api/users
GET /api/users/current
GET /api/users/{userId}
PATCH /api/identity/password
POST /api/accounts/send/reminder-mail
POST /api/accounts/{accountId}/managerAccounts
POST /api/accounts/{accountId}/powersOfAttorney
POST /api/batch
POST /api/complexes/letters
POST /api/complexes/{complexId}/address
POST /api/complexes/{complexId}/files
POST /api/complexes/{complexId}/periods
POST /api/customerInvoice
POST /api/documents/powersOfAttorney
POST /api/exports/accounts
POST /api/exports/letters
POST /api/exports/payments
POST /api/exports/periods
POST /api/identity/password/reset/confirm
POST /api/identity/password/reset/request
POST /api/invoices/{invoiceId}/files
POST /api/mail/powersOfAttorney
POST /api/mail/reminder
POST /api/mail/signatures
POST /api/mail/taxAuthorityDecision
POST /api/periods/recalculate
POST /api/periods/{periodId}/calculationPdf
POST /api/periods/{periodId}/electricityInvoices
POST /api/periods/{periodId}/files
POST /api/periods/{periodId}/gasInvoices
POST /api/powersOfAttorney/{powerOfAttorneyId}/files
POST /oauth2/token
PUT /api/accounts/{accountId}/complexes/{complexId}
PUT /api/accounts/{accountId}/users/{userId}
PUT /api/batch/item
PUT /api/complexAddresses/{complexAddressId}
PUT /api/complexes/{complexId}/users/{userId}
PUT /api/mailingAddresses/{mailingAddressId}

Found on 2026-01-16 14:43

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496141b312fafd072f092944a9c7ad6fd795728032

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/accounts/{accountId}/financialDetails/{financialDetailsId}
DELETE /api/accounts/{accountId}/managerAccounts/{managerId}
DELETE /api/batch/item/{batchItemId}
GET /api/accounts
GET /api/accounts/{accountId}
GET /api/accounts/{accountId}/files
GET /api/activities
GET /api/activities/{activityId}
GET /api/batch/items
GET /api/batch/items/{batchItemId}
GET /api/batch/{batchId}
GET /api/boxes
GET /api/boxes/{boxId}
GET /api/complexes
GET /api/complexes/{complexId}
GET /api/complexes/{complexId}/accounts/powersOfAttorney
GET /api/customerInvoice/{invoiceId}
GET /api/documents/termsAndConditions
GET /api/eanCodes
GET /api/exports/monthly
GET /api/files/{fileId}
GET /api/financialDetails
GET /api/financialDetails/{financialDetailsId}
GET /api/invoices/{invoiceId}
GET /api/mail/contactperson
GET /api/mail/powersOfAttorney/template
GET /api/mail/taxAuthorityDecision/template
GET /api/mailingAddresses
GET /api/periods
GET /api/periods/{periodId}
GET /api/periods/{periodId}/accounts/powersOfAttorney
GET /api/periods/{periodId}/ebtCalculation
GET /api/powersOfAttorney/{powerOfAttorneyId}
GET /api/stats/statuses
GET /api/users
GET /api/users/current
GET /api/users/{userId}
PATCH /api/identity/password
POST /api/accounts/send/reminder-mail
POST /api/accounts/{accountId}/managerAccounts
POST /api/accounts/{accountId}/powersOfAttorney
POST /api/batch
POST /api/complexes/letters
POST /api/complexes/{complexId}/address
POST /api/complexes/{complexId}/files
POST /api/complexes/{complexId}/periods
POST /api/customerInvoice
POST /api/documents/powersOfAttorney
POST /api/exports/accounts
POST /api/exports/letters
POST /api/exports/payments
POST /api/exports/periods
POST /api/identity/password/reset/confirm
POST /api/identity/password/reset/request
POST /api/invoices/{invoiceId}/files
POST /api/mail/powersOfAttorney
POST /api/mail/reminder
POST /api/mail/signatures
POST /api/mail/taxAuthorityDecision
POST /api/periods/recalculate
POST /api/periods/{periodId}/electricityInvoices
POST /api/periods/{periodId}/files
POST /api/periods/{periodId}/gasInvoices
POST /api/powersOfAttorney/{powerOfAttorneyId}/files
POST /oauth2/token
PUT /api/accounts/{accountId}/complexes/{complexId}
PUT /api/accounts/{accountId}/users/{userId}
PUT /api/batch/item
PUT /api/complexAddresses/{complexAddressId}
PUT /api/complexes/{complexId}/users/{userId}
PUT /api/mailingAddresses/{mailingAddressId}

Found on 2026-01-11 14:19

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: product.acc.suitapi.com
Port: 443
URL: https://product.acc.suitapi.com

First seen 2026-01-06 17:50
Last seen 2026-01-16 13:50
Open for 9 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d68d7c993ba43e0b2bd92917ef5ac66f2ff18b83

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/CommercialDescription/GetCommercialDescriptionByItemCode
GET /api/v1/CommercialDescription/GetCommercialDescriptions
GET /api/v1/CommercialDescription/GetCommercialDescriptionsByItemCodes
GET /api/v1/Division/GetCategoriesByDepartmentId
GET /api/v1/Division/GetCategoryById
GET /api/v1/Division/GetDepartmentById
GET /api/v1/Division/GetDepartmentsByDivisionId
GET /api/v1/Division/GetDivisionById
GET /api/v1/Division/GetDivisions
GET /api/v1/Item/GetItemByItemCode
GET /api/v1/Item/GetItemDetails
GET /api/v1/Item/GetItemDetailsByEanCodes
GET /api/v1/Item/GetItemDetailsByItemCodes
GET /api/v1/Item/GetItemDetailsByItemDetailCodes
GET /api/v1/Item/GetItems
GET /api/v1/Item/GetItemsByCategoryId
GET /api/v1/ItemCode/GetItemCodesByItemClassCode
GET /api/v1/ItemCode/GetItemCodesByItemClassId
GET /api/v1/ItemCode/GetItemCodesByItemDetailCodes
GET /api/v1/ItemCode/GetItemCodesByItemIds
GET /api/v1/ItemCode/GetItemDetailCodeByEanCode
GET /api/v1/ItemDetailWebsite/GetItemDetailWebsitesByItemCode
GET /api/v1/ItemDetailWebsite/GetItemDetailWebsitesByItemDetailCode
GET /api/v1/ItemDetailWebsite/GetOnlineItemDetailWebsites
GET /api/v1/OriginItem/GetItemDetailsByOriginItemCode
GET /api/v1/OriginItem/GetOriginItemByItemCode
GET /api/v1/OriginItem/GetOriginItemDetails
GET /api/v1/OriginItem/GetOriginItemDetailsByItemDetailCodes
GET /api/v1/OriginItem/GetOriginItems
GET /api/v1/ParentChild/GetParentChildRecordsByStyleCode
GET /api/v1/Price/GetCurrentPriceByItemCodeAndRegionId
GET /api/v1/Price/GetCurrentPricesByItemCode
POST /api/v1/Item/FindItemDetails
POST /api/v1/Item/GetItemsByItemCodes

Found on 2026-01-16 13:50

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: developer.metacert.com
Port: 443
URL: https://developer.metacert.com

First seen 2025-09-24 23:51
Last seen 2026-01-16 11:19
Open for 113 days
- Severity: high
  Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522b1c8b58f
```
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://metacert@dev.azure.com/metacert/MetaCore/_git/developer
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1
```
  Found on 2026-01-16 11:19
  
  322 Bytes
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: mvp.develop.chippr.dev
Port: 443
URL: https://mvp.develop.chippr.dev

First seen 2025-12-10 05:33
Last seen 2026-01-16 08:33
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f5193dd7b4ae9a34cbe7ee842cf4dfc24ddf0c79

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/outings/{outingId}/gallery/{imageId}
DELETE /api/teams/current/users/{userId}
GET /api/competitions
GET /api/competitions/current
GET /api/competitions/{competitionId}
GET /api/competitions/{competitionId}/previous
GET /api/competitions/{competitionId}/upcoming
GET /api/events
GET /api/events/{eventId}
GET /api/files/{fileId}
GET /api/files/{fileId}/download
GET /api/knhb/club/{clubId}/teams
GET /api/knhb/clubs
GET /api/knhb/clubs/{clubId}
GET /api/knhb/matches/current
GET /api/knhb/matches/upcoming
GET /api/knhb/matches/{matchId}
GET /api/knhb/standing/current
GET /api/knhb/teams/current/competitions/{competitionId}
GET /api/knhb/teams/current/competitions/{competitionId}/standings
GET /api/knhb/teams/{knhbTeamId}/competitions/{competitionId}
GET /api/knhb/teams/{teamId}
GET /api/ledgers
GET /api/ledgers/{ledgerId}
GET /api/matches
GET /api/matches/knhb/{knhbMatchId}
GET /api/matches/{matchId}
GET /api/matches/{matchId}/previous
GET /api/outings
GET /api/outings/{outingId}
GET /api/teams/current
GET /api/teams/current/matches
GET /api/teams/current/ranks
GET /api/teams/{teamId}
GET /api/tokens/{token}/team
GET /api/transactions/{transactionId}
GET /api/users
GET /api/users/current
PATCH /api/teams/current/token
POST /api/events/{eventId}/EventResponses
POST /api/events/{eventId}/Image
POST /api/identity/password/resetToken
POST /api/ledgers/{ledgerId}/transactions
POST /api/outings/{outingId}/background
POST /api/outings/{outingId}/gallery
POST /api/outings/{outingId}/logo
POST /api/users/current/avatar
POST /oauth2/tokens
PUT /api/events/{eventId}/EventResponses/{eventResponseId}
PUT /api/events/{eventId}/Rankings
PUT /api/identity/password
PUT /api/matches/{matchId}/goals
PUT /api/matches/{matchId}/rankings
PUT /api/matches/{matchId}/statistics

Found on 2026-01-16 08:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: wastewarrior.develop.chippr.dev
Port: 443
URL: https://wastewarrior.develop.chippr.dev

First seen 2025-12-10 05:32
Last seen 2026-01-16 05:46
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd9c264625

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2026-01-16 05:46

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-09 04:01

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd959595c8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/daily-counts
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2025-12-26 19:57

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: wastewarrior.develop.chippr.dev
Port: 80
URL: http://wastewarrior.develop.chippr.dev

First seen 2025-12-10 05:32
Last seen 2026-01-15 23:08
Open for 36 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd9c264625

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2026-01-15 23:08

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-08 23:28

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd959595c8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/daily-counts
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2025-12-26 05:10

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.69.68.45
Domain: develop.wastewarrior.chippr.dev
Port: 80
URL: http://develop.wastewarrior.chippr.dev

First seen 2025-12-10 05:32
Last seen 2026-01-15 23:08
Open for 36 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd9c264625

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2026-01-15 23:08

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-08 23:28

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493bab7fec675f5d1a868cd52b83fb27dd959595c8

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Courses/{id}
DELETE /api/Organization/{organizationId}/members/{userId}
DELETE /api/Products/{id}
GET /api/Courses
GET /api/DiningSections
GET /api/DiningSections/{id}
GET /api/Organization/{organizationId}
GET /api/Organization/{organizationId}/members
GET /api/Products
GET /api/Reservations/public/{token}/reservations
GET /api/Restaurant/{restaurantId}/calendar
GET /api/Restaurant/{restaurantId}/calendar/daterange
GET /api/Restaurant/{restaurantId}/calendar/{calendarItemId}
GET /api/Restaurant/{restaurantId}/dining-table-groups
GET /api/Restaurant/{restaurantId}/dining-table-groups/{id}
GET /api/Restaurant/{restaurantId}/dining-tables
GET /api/Restaurant/{restaurantId}/dining-tables/{id}
GET /api/Restaurant/{restaurantId}/members
GET /api/Restaurant/{restaurantId}/menus
GET /api/Restaurant/{restaurantId}/menus/{id}
GET /api/Restaurant/{restaurantId}/operatingdays
GET /api/Restaurant/{restaurantId}/operatinghours
GET /api/Restaurant/{restaurantId}/reservations
GET /api/Restaurant/{restaurantId}/reservations/daily-counts
GET /api/Restaurant/{restaurantId}/reservations/reaction-totals
GET /api/Restaurant/{restaurantId}/reservations/table-availability
GET /api/Restaurant/{restaurantId}/reservations/time-availability
GET /api/Restaurant/{restaurantId}/rooms
GET /api/Restaurant/{restaurantId}/rooms/{id}
GET /api/Restaurant/{restaurantId}/settings
GET /api/Restaurant/{restaurantId}/stats/mcm
GET /api/User/current
GET /api/Widget/closed-dates/{restaurantId}
GET /api/Widget/open-dates/{restaurantId}
GET /api/Widget/script
GET /webhooks/Whatsapp
PATCH /api/Message/{messageTrackingId}/opened-at
PATCH /api/Restaurant/{restaurantId}
PATCH /api/Restaurant/{restaurantId}/settings/mcm
PATCH /api/Restaurant/{restaurantId}/settings/notifications
PATCH /api/Restaurant/{restaurantId}/settings/reservations
PATCH /api/Restaurant/{restaurantId}/status
POST /api/Oauth2
POST /api/Oauth2/forgot-password
POST /api/Oauth2/reset-password
POST /api/Organization/{organizationId}/members/user
POST /api/Reservations/public/{token}/reactions
POST /api/Restaurant/{restaurantId}/members/user
POST /api/Restaurant/{restaurantId}/reservations/guest
POST /webhooks/Formitable
PUT /api/Reservations/public/{token}/reactions/{reactionId}
PUT /api/Reservations/public/{token}/reservations/{reservationId}
PUT /api/Restaurant/{restaurantId}/dining-tables/displayorder
PUT /api/Restaurant/{restaurantId}/members/{userId}
PUT /api/Restaurant/{restaurantId}/reservations/{id}

Found on 2025-12-26 05:10

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: cyborg-sports.com
Port: 443
URL: https://cyborg-sports.com/.git/config

First seen 2021-11-01 13:37
Last seen 2025-05-13 01:04
Open for 1288 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2025-05-13 01:04
  
  380 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: selch-ejendomme.dk
Port: 443
URL: https://selch-ejendomme.dk

First seen 2022-07-05 21:12
Last seen 2022-11-04 21:13
Open for 122 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2022-07-05 21:12
  
  380 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 13.69.68.45
Domain: www.selch-ejendomme.dk
Port: 443
URL: https://www.selch-ejendomme.dk

First seen 2022-09-10 08:00
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2022-09-10 08:00
  
  380 Bytes
Create report

Open service 13.69.68.45:80 · bris-linkmanager.trafficmanager.net

2026-02-12 09:48

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Thu, 12 Feb 2026 09:49:00 GMT
Location: https://bris-linkmanager.trafficmanager.net/

Found one day ago by HttpPlugin

Host 13.69.68.45

The Netherlands

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed