LeakIX - Host 20.105.232.48

Host 20.105.232.48

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Debian

Software information

Apache Apache 2.4.54

tcp/443

Apache Apache 2.4.38

tcp/443

Apache Apache

tcp/443

Caddy

tcp/443 tcp/80

Jetty(10.0.25)

tcp/443

Kestrel Kestrel

tcp/443 tcp/80

Microsoft-IIS 10.0

tcp/443

gunicorn

tcp/443 tcp/80

nginx nginx 1.28.0

tcp/443

nginx nginx 1.29.4

tcp/443

nginx nginx 1.17.9

tcp/443

nginx nginx 1.27.5

tcp/443

nginx nginx

tcp/443 tcp/80

uvicorn

tcp/443

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: ecu-technik.de
Port: 443
URL: https://ecu-technik.de

First seen 2024-04-23 13:51
Last seen 2026-02-09 22:30
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 22:30

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-03 00:08

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: openbanking.filbo.ro
Port: 443
URL: https://openbanking.filbo.ro

First seen 2025-12-24 03:58
Last seen 2026-02-09 21:15
Open for 47 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60ce2696398389abec085f1326aac323774048a010
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account-consent/{id}
GET /accounts
GET /accounts/{accountId}/transactions
GET /payment-consents/{consentId}
GET /payments/{paymentId}
POST /account-consent
POST /auth/token
POST /payment-consents
POST /payments
```
  Found on 2026-02-09 21:15
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.at
Port: 443
URL: https://actronics.at

First seen 2024-04-23 13:36
Last seen 2026-02-09 19:27
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 19:27

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 04:06

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: ractronicos.com
Port: 443
URL: https://ractronicos.com

First seen 2024-04-23 13:53
Last seen 2026-02-09 19:05
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 19:05

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 16:31

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.us
Port: 443
URL: https://actronics.us

First seen 2024-04-23 12:58
Last seen 2026-02-09 18:50
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 18:50

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 08:14

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.ee
Port: 443
URL: https://actronics.ee

First seen 2024-04-23 13:43
Last seen 2026-02-09 18:50
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 18:50

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 08:15

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: dev.api.sinatec.2digits.dev
Port: 443
URL: https://dev.api.sinatec.2digits.dev

First seen 2026-01-09 02:08
Last seen 2026-02-09 18:46
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 18:46

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497e2d5e86cb25b78f40388e170a4c4036026e79e2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /orders/lines/backorder
GET /Misc/franco
GET /Prepr/productgroups
GET /Prepr/products
GET /Products/id/{slug}
GET /Products/{id}
GET /me
GET /me/company
GET /me/company/orderlists
GET /me/company/orderlists/{id}
GET /me/company/orders
GET /me/company/orders/backorder
GET /me/company/orders/recent
GET /me/company/quotations
GET /me/company/roles/custom
GET /me/company/users/{id}
GET /me/session
GET /orders
GET /orders/{id}
POST /Misc/ktype/by/cartype
POST /Misc/ktype/by/licenseplate
POST /Registration
POST /Registration/complete
POST /Registration/validate
POST /auth/forgot
POST /auth/login
POST /auth/logout
POST /auth/reset
POST /auth/reset/validate
POST /me/company/reports
POST /me/company/reports/search
POST /me/company/users
POST /me/verify
POST /orders/import
POST /orders/import/orderlist
POST /orders/lines
POST /orders/payment
POST /orders/payment/webhook
POST /orders/save
POST /quotations/externalquotation
PUT /me/company/orderlists/{id}/items/{itemId}
PUT /me/password
PUT /orders/lines/{id}

Found on 2026-01-23 12:18

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: quickpay-staging-epsilonpay.epsilonnet.gr
Port: 443
URL: https://quickpay-staging-epsilonpay.epsilonnet.gr

First seen 2026-01-02 13:50
Last seen 2026-02-09 18:29
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549228ca85fc90311b4aaec49cc30254cd9bb02bc61
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/QuickPay/v1/ConsentStatus
GET /api/QuickPay/v1/GetIrisPaymentStatus
GET /api/QuickPay/v1/GetRfDetails
GET /api/QuickPay/v1/GetTransactions
GET /api/QuickPay/v1/GetTransactionsByEpoch
GET /api/Webhooks/v1/WhatIsMyIp
POST /api/QuickPay/v1/CreateConsent
POST /api/QuickPay/v1/CreateOrUpdateRfCodeMessage
POST /api/QuickPay/v1/IssueRfCode
POST /api/QuickPay/v1/ProduceIrisPayment
POST /api/QuickPay/v1/RefundPayment/{paymentId}
POST /api/QuickPay/v1/UpdateRfCodeStatus
POST /api/Webhooks/v1/Register
```
  Found on 2026-02-09 18:29
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: billpayments-staging-epsilonpay.epsilonnet.gr
Port: 443
URL: https://billpayments-staging-epsilonpay.epsilonnet.gr

First seen 2026-01-02 13:50
Last seen 2026-02-09 18:25
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549be63e48bf8002f61e1ce62678f58020013c17ee4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/BillPayments/v1/GetOrganizationByRfCode/{rfCode}
GET /api/BillPayments/v1/GetOrganizationCategoryList
GET /api/BillPayments/v1/GetOrganizationDetails/{id}
GET /api/BillPayments/v1/GetOrganizations
GET /api/BillPayments/v1/GetOrganizationsByCategory
GET /api/BillPayments/v1/GetOrganizationsWithExtraInputFields
GET /api/BillPayments/v1/GetPaymentDetails/{instructionId}
GET /api/BillPayments/v1/GetPaymentExtraInputFields/{organizationId}
GET /api/BillPayments/v1/GetPayments
GET /api/BillPayments/v1/GetPaymentsByEpoch/{epoch}
GET /api/BillPayments/v1/GetPreProcessSteps/{organizationId}
GET /api/BillPayments/v1/GetTopPaymentOrganizations/{userToken}
GET /api/BillPayments/v1/GetUserBankAccounts/{userToken}
GET /api/BillPayments/v1/IsLoggedIn
GET /api/BillPaymentsServices/v1/GetBillPaymentsLocalization
POST /api/BillPayments/v1/ExecutePayment
POST /api/BillPayments/v1/ExecutePaymentForOtp
POST /api/BillPayments/v1/ExecutePreProcessStep
POST /api/BillPayments/v1/GetCommission
POST /api/BillPayments/v1/GetPaymentStatus

Found on 2026-02-09 18:25

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.remodan.dk
Port: 443
URL: https://www.remodan.dk

First seen 2024-04-23 13:02
Last seen 2026-02-09 18:22
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 18:22

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 22:05

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: acc.api.sinatec.2digits.dev
Port: 443
URL: https://acc.api.sinatec.2digits.dev

First seen 2026-01-11 14:38
Last seen 2026-02-09 18:11
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 18:11

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497e2d5e86cb25b78f40388e170a4c4036026e79e2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /orders/lines/backorder
GET /Misc/franco
GET /Prepr/productgroups
GET /Prepr/products
GET /Products/id/{slug}
GET /Products/{id}
GET /me
GET /me/company
GET /me/company/orderlists
GET /me/company/orderlists/{id}
GET /me/company/orders
GET /me/company/orders/backorder
GET /me/company/orders/recent
GET /me/company/quotations
GET /me/company/roles/custom
GET /me/company/users/{id}
GET /me/session
GET /orders
GET /orders/{id}
POST /Misc/ktype/by/cartype
POST /Misc/ktype/by/licenseplate
POST /Registration
POST /Registration/complete
POST /Registration/validate
POST /auth/forgot
POST /auth/login
POST /auth/logout
POST /auth/reset
POST /auth/reset/validate
POST /me/company/reports
POST /me/company/reports/search
POST /me/company/users
POST /me/verify
POST /orders/import
POST /orders/import/orderlist
POST /orders/lines
POST /orders/payment
POST /orders/payment/webhook
POST /orders/save
POST /quotations/externalquotation
PUT /me/company/orderlists/{id}/items/{itemId}
PUT /me/password
PUT /orders/lines/{id}

Found on 2026-01-11 14:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: assets.test.semco.assetintegrityhub.com
Port: 443
URL: https://assets.test.semco.assetintegrityhub.com

First seen 2026-01-11 15:23
Last seen 2026-02-09 18:11
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:11
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: signals.test.semco.assetintegrityhub.com
Port: 443
URL: https://signals.test.semco.assetintegrityhub.com

First seen 2026-01-11 15:36
Last seen 2026-02-09 18:11
Open for 29 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 18:11
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronicsgmbh.de
Port: 443
URL: https://actronicsgmbh.de

First seen 2024-04-23 13:28
Last seen 2026-02-09 16:55
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 16:55

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-03 01:04

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.ee
Port: 443
URL: https://www.actronics.ee

First seen 2024-04-23 13:43
Last seen 2026-02-09 16:51
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 16:51

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:33

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.pl
Port: 443
URL: https://www.actronics.pl

First seen 2024-04-23 13:57
Last seen 2026-02-09 16:51
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 16:51

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:35

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.ch
Port: 443
URL: https://www.actronics.ch

First seen 2024-04-23 13:39
Last seen 2026-02-09 16:51
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 16:51

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:36

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.ie
Port: 443
URL: https://www.actronics.ie

First seen 2024-04-23 13:55
Last seen 2026-02-09 14:39
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:39

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:34

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.ractronicos.com
Port: 443
URL: https://www.ractronicos.com

First seen 2024-04-23 13:53
Last seen 2026-02-09 14:38
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:38

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:31

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.be
Port: 443
URL: https://www.actronics.be

First seen 2024-04-23 13:35
Last seen 2026-02-09 14:38
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:38

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:05

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: mail.actronics.nl
Port: 443
URL: https://mail.actronics.nl

First seen 2024-04-19 16:19
Last seen 2026-02-09 14:38
Open for 660 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:38

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:27

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics-ab.se
Port: 443
URL: https://www.actronics-ab.se

First seen 2024-04-23 13:45
Last seen 2026-02-09 14:38
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:38

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:09

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: remodan.dk
Port: 443
URL: https://remodan.dk

First seen 2022-09-23 05:45
Last seen 2026-02-09 14:08
Open for 1235 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:08

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 09:55

294 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522a770fd5b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2024-04-18 22:24

276 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronicsgmbh.de
Port: 443
URL: https://www.actronicsgmbh.de

First seen 2024-04-23 13:27
Last seen 2026-02-09 14:00
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:00

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:33

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.ecu-technik.de
Port: 443
URL: https://www.ecu-technik.de

First seen 2024-04-23 13:50
Last seen 2026-02-09 14:00
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:00

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:27

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.uk
Port: 443
URL: https://www.actronics.uk

First seen 2024-04-23 14:03
Last seen 2026-02-09 14:00
Open for 656 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:00

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:05

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.lu
Port: 443
URL: https://www.actronics.lu

First seen 2024-04-23 13:59
Last seen 2026-02-09 14:00
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 14:00

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 20:36

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.ch
Port: 443
URL: https://actronics.ch

First seen 2024-04-23 13:40
Last seen 2026-02-09 13:56
Open for 657 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-09 13:56

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 20:44

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: contractmanagement-api-test.deheus-apps.com
Port: 80
URL: http://contractmanagement-api-test.deheus-apps.com

First seen 2025-11-26 17:38
Last seen 2026-02-09 00:08
Open for 74 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f2a8324a18

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PUT /api/Contracts/volume-distributions/{id}

Found on 2026-02-09 00:08

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f21b7cd6e9

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-statuses
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PATCH /api/Contracts/volume-distributions/{id}/status
PATCH /api/Contracts/{id}/status
PUT /api/Contracts/volume-distributions/{id}

Found on 2025-12-24 10:43

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-01 09:16

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: kyc-public-api-fp.filbo.ro
Port: 443
URL: https://kyc-public-api-fp.filbo.ro

First seen 2026-01-05 15:15
Last seen 2026-02-02 12:56
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354973f7da8ff615dcadc8d362372808ce2585b197b2
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /kyc/v1/session/rapid
POST /consent/v1/email
POST /consent/v1/phone
POST /contact/v1/email/register
POST /contact/v1/email/validate
POST /contact/v1/kyc/send-url
POST /contact/v1/phone/register
POST /contact/v1/phone/validate
POST /contact/v1/session
POST /kyc/v1/session
```
  Found on 2026-02-02 12:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: test.api.sinatec.2digits.dev
Port: 443
URL: https://test.api.sinatec.2digits.dev

First seen 2026-01-04 12:47
Last seen 2026-02-02 12:42
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 12:42

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035497e2d5e86cb25b78f40388e170a4c4036026e79e2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /orders/lines/backorder
GET /Misc/franco
GET /Prepr/productgroups
GET /Prepr/products
GET /Products/id/{slug}
GET /Products/{id}
GET /me
GET /me/company
GET /me/company/orderlists
GET /me/company/orderlists/{id}
GET /me/company/orders
GET /me/company/orders/backorder
GET /me/company/orders/recent
GET /me/company/quotations
GET /me/company/roles/custom
GET /me/company/users/{id}
GET /me/session
GET /orders
GET /orders/{id}
POST /Misc/ktype/by/cartype
POST /Misc/ktype/by/licenseplate
POST /Registration
POST /Registration/complete
POST /Registration/validate
POST /auth/forgot
POST /auth/login
POST /auth/logout
POST /auth/reset
POST /auth/reset/validate
POST /me/company/reports
POST /me/company/reports/search
POST /me/company/users
POST /me/verify
POST /orders/import
POST /orders/import/orderlist
POST /orders/lines
POST /orders/payment
POST /orders/payment/webhook
POST /orders/save
POST /quotations/externalquotation
PUT /me/company/orderlists/{id}/items/{itemId}
PUT /me/password
PUT /orders/lines/{id}

Found on 2026-01-17 01:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: staging-epsilonpay.epsilonnet.gr
Port: 443
URL: https://staging-epsilonpay.epsilonnet.gr

First seen 2025-12-09 00:34
Last seen 2026-02-02 08:07
Open for 55 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ee37eb7ee488d773902cf07563f14fa4670834ed

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Announcements/v1/Get
GET /api/Announcements/v1/GetByEpoch
GET /api/Messaging/v1/GetMessageDetails
GET /api/Messaging/v1/GetMessageTemplates
GET /api/Messaging/v1/GetMessageTemplatesDetails
GET /api/Messaging/v1/GetMessageVariables
GET /api/Notifications/v1/Get/{userToken}
GET /api/Notifications/v1/GetByEpoch/{userToken}
GET /api/Notifications/v1/GetCount/{userToken}
POST /api/Messaging/v1/CreateMessageTemplate
POST /api/Messaging/v1/EditMessageTemplate
POST /api/Messaging/v1/SetDefaultMessageTemplate
POST /api/Modules/v1/AuthorizeAccount
POST /api/Modules/v1/CreateAccount
POST /api/Modules/v1/GetAccountId
POST /api/Modules/v1/GetActiveUserTokens
POST /api/Modules/v1/GetModules
POST /api/Modules/v1/GetUserToken
POST /api/Modules/v1/IsModuleActive
POST /api/Modules/v1/IsUserAuthorizedForModule
POST /api/Notifications/v1/MarkAllRead/{userToken}
POST /api/Notifications/v1/MarkRead/{userToken}

Found on 2026-02-02 08:07

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.lu
Port: 443
URL: https://actronics.lu

First seen 2024-04-23 14:00
Last seen 2026-02-02 07:34
Open for 649 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-02 07:34

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 19:36

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.eu
Port: 443
URL: https://actronics.eu

First seen 2024-05-02 06:41
Last seen 2026-02-02 07:33
Open for 641 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-02 07:33

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 21:30

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.uk
Port: 443
URL: https://actronics.uk

First seen 2024-04-23 14:03
Last seen 2026-02-02 06:56
Open for 649 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-02 06:56

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 12:42

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.ie
Port: 443
URL: https://actronics.ie

First seen 2024-04-23 13:56
Last seen 2026-02-02 03:08
Open for 649 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-02 03:08

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-01 23:49

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: hbno-api-test.datareceiver.no
Port: 443
URL: https://hbno-api-test.datareceiver.no

First seen 2026-01-11 15:18
Last seen 2026-02-02 00:51
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354943ac87ae43ac87ae43ac87ae43ac87ae43ac87ae
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
POST /api/eqhub
```
  Found on 2026-02-02 00:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: files.test.semco.assetintegrityhub.com
Port: 443
URL: https://files.test.semco.assetintegrityhub.com

First seen 2026-01-11 14:29
Last seen 2026-02-02 00:23
Open for 21 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 00:23
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.48
Domain: admin.f5mag.cz
Port: 443
URL: https://admin.f5mag.cz

First seen 2026-01-05 12:23
Last seen 2026-02-02 00:02
Open for 27 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa320291cf8e5c6aa1c9a1bd41a954b377cf6913e16

GraphQL introspection enabled at /graphql
Types: 204 (by kind: ENUM: 10, INPUT_OBJECT: 54, OBJECT: 119, SCALAR: 15, UNION: 6)
Operations:
- Query: Query | fields: i18NLocale, uploadFile, uploadFiles, uploadFolder, uploadFolders
- Mutation: Mutation | fields: createUploadFile, createUploadFolder, deleteUploadFile, updateUploadFile, updateUploadFolder
Directives: deprecated, include, skip, specifiedBy (total: 4)

Found on 2026-02-02 00:02

237.3 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: productrequest-public-api.filbo.ro
Port: 443
URL: https://productrequest-public-api.filbo.ro

First seen 2026-01-05 15:42
Last seen 2026-02-01 23:28
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 23:28
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: api.co-lawyer.be
Port: 443
URL: https://api.co-lawyer.be

First seen 2026-01-01 02:32
Last seen 2026-02-01 23:14
Open for 31 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496162874744fb27bd09d5f60538f09df8969f64cb
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Matching/MatchingCases
POST /api/Auth/login
POST /api/BatchProcessing/process-sample-cases
POST /api/Excel/upload
POST /api/Matching/AddVerifiedCase
POST /api/advice
POST /api/getJudgments
POST /api/getLawTextAndTotalCount
POST /api/getMatchingCases
POST /api/getTableMatchingCases
POST /api/pleanote
POST /api/requestStatistics
POST /api/stream
```
  Found on 2026-02-01 23:14
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.48
Domain: document-service.credion.eu
Port: 443
URL: https://document-service.credion.eu

First seen 2025-12-05 06:09
Last seen 2026-02-01 22:41
Open for 58 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa38911a5c755ece3f5a35962228e542b126189d1be
```
GraphQL introspection enabled at /graphql
Types: 20 (by kind: ENUM: 5, INPUT_OBJECT: 1, OBJECT: 11, SCALAR: 3)
Operations:
- Query: DocumentQuery | fields: _schemaDefinition, trackDocumentBundles
- Mutation: DocumentMutation | fields: removeDocument
Directives: include, skip (total: 2)
```
  Found on 2026-02-01 22:41
  
  23.8 kBytes
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: contractmanagement-api-test.deheus-apps.com
Port: 443
URL: https://contractmanagement-api-test.deheus-apps.com

First seen 2025-11-26 17:38
Last seen 2026-02-01 22:11
Open for 67 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f2a8324a18

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PUT /api/Contracts/volume-distributions/{id}

Found on 2026-02-01 22:11

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 09:36

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354913b4e305cb6b1d3be5964df10d7ff1f21b7cd6e9

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Contracts/documents/{documentId}
GET /GetByIdString/{id}
GET /api/Auth/claims
GET /api/Auth/health
GET /api/Auth/me
GET /api/BusinessUnits
GET /api/BusinessUnits/{id}
GET /api/Contracts
GET /api/Contracts/documents/{documentId}/download
GET /api/Contracts/{id}
GET /api/Contracts/{id}/documents
GET /api/Enums/business-unit-modes
GET /api/Enums/contract-statuses
GET /api/Enums/contract-types
GET /api/Enums/currencies
GET /api/Enums/incoterms
GET /api/Home/userinfo
GET /api/Role
GET /api/Role/check-name
GET /api/Role/{id}
GET /api/ToDo
GET /api/User
GET /api/User/check-email
GET /api/User/current
GET /api/User/{id}
GET /getByInt/{id}
GET /getMenuList
PATCH /api/Contracts/volume-distributions/{id}/status
PATCH /api/Contracts/{id}/status
PUT /api/Contracts/volume-distributions/{id}

Found on 2025-12-25 05:25

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics-lda.pt
Port: 443
URL: https://actronics-lda.pt

First seen 2024-04-23 13:48
Last seen 2026-02-01 21:55
Open for 649 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-02-01 21:55

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-01 21:56

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: idsvr.test.semco.assetintegrityhub.com
Port: 443
URL: https://idsvr.test.semco.assetintegrityhub.com

First seen 2026-01-13 11:24
Last seen 2026-01-23 11:32
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 11:32
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: api.tradeservicing.cz
Port: 443
URL: https://api.tradeservicing.cz

First seen 2025-11-26 15:42
Last seen 2026-01-23 08:58
Open for 57 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 08:58
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: find.emp.emob-release-enbw.com
Port: 443
URL: https://find.emp.emob-release-enbw.com

First seen 2025-11-09 12:29
Last seen 2026-01-23 08:28
Open for 74 days

Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
Found on 2026-01-23 08:28

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5130fe5c507cd7d81ae7fb04b9483162d666922b3

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/charging-locations/{chargingLocationId}/pictures
GET /app/charging-location/static-data
GET /app/charging-location/{location_reference}/pictures
GET /app/charging-locations/{locationReferenceId}/pointsofinterest
GET /app/charginglocations/{id}/chargingpoints/realtime-data
GET /app/details/static-data
GET /app/favorites
GET /app/user/operator-filter
POST /api/v1/routing/distances
POST /app/charging-location/static-data/_query
POST /app/charging-locations/recommendations/_query
POST /app/charging-locations/routes/_query
POST /app/v2/routes/chargestations
POST /app/v3/details/static-data
POST /app/v3/mapsearch/static-data
POST /app/v3/realtime-data/byid
POST /app/v3/recommendation/static-data
POST /app/v3/routes/static-data
PUT /app/favorites/{reference-id}

Found on 2026-01-09 11:57

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5130fe5c507cd7d81ae7fb04bb8aa44e163cb3906

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/charging-locations/{chargingLocationId}/pictures
GET /app/charging-location/static-data
GET /app/charging-location/{location_reference}/pictures
GET /app/charginglocations/{id}/chargingpoints/realtime-data
GET /app/details/static-data
GET /app/favorites
GET /app/user/operator-filter
GET /app/v3/chargestations/{locationReferenceId}/pointsofinterest
POST /api/v1/routing/distances
POST /app/charging-location/static-data/_query
POST /app/charging-locations/recommendations/_query
POST /app/v2/routes/chargestations
POST /app/v3/details/static-data
POST /app/v3/mapsearch/static-data
POST /app/v3/realtime-data/byid
POST /app/v3/recommendation/static-data
POST /app/v3/routes/static-data
PUT /app/favorites/{reference-id}

Found on 2025-11-16 19:53

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e5130fe5c507cd7d81ae7fb04bb8aa44e1dafb474e

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/charging-locations/{chargingLocationId}/pictures
GET /app/charging-location/static-data
GET /app/charging-location/{location_reference}/pictures
GET /app/charginglocations/{id}/chargingpoints/realtime-data
GET /app/details/static-data
GET /app/favorites
GET /app/user/operator-filter
GET /app/v3/chargestations/{locationReferenceId}/pointsofinterest
POST /api/v1/routing/distances
POST /app/charging-location/static-data/_query
POST /app/v2/routes/chargestations
POST /app/v3/details/static-data
POST /app/v3/mapsearch/static-data
POST /app/v3/realtime-data/byid
POST /app/v3/recommendation/static-data
POST /app/v3/routes/static-data
PUT /app/favorites/{reference-id}

Found on 2025-11-12 18:45

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: id-api.kolumbus.no
Port: 443
URL: https://id-api.kolumbus.no

First seen 2025-12-08 08:02
Last seen 2026-01-23 01:55
Open for 45 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b656d0ff3897145eb7247a27e3e75a514243198a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Users/Providers
GET /api/ApiResources
GET /api/ApiResources/CanInsertApiResource
GET /api/ApiResources/CanInsertApiResourceProperty
GET /api/ApiResources/Properties/{propertyId}
GET /api/ApiResources/Secrets/{secretId}
GET /api/ApiResources/{id}
GET /api/ApiResources/{id}/Properties
GET /api/ApiResources/{id}/Secrets
GET /api/ApiScopes
GET /api/ApiScopes/CanInsertApiScope
GET /api/ApiScopes/CanInsertApiScopeProperty
GET /api/ApiScopes/Properties/{propertyId}
GET /api/ApiScopes/{id}
GET /api/ApiScopes/{id}/Properties
GET /api/Clients
GET /api/Clients/CanInsertClient
GET /api/Clients/Claims/{claimId}
GET /api/Clients/GetAccessTokenTypes
GET /api/Clients/GetDPoPValidationModes
GET /api/Clients/GetGrantTypes
GET /api/Clients/GetHashTypes
GET /api/Clients/GetProtocolTypes
GET /api/Clients/GetScopes
GET /api/Clients/GetSecretTypes
GET /api/Clients/GetSigningAlgorithms
GET /api/Clients/GetStandardClaims
GET /api/Clients/GetTokenExpirations
GET /api/Clients/GetTokenUsage
GET /api/Clients/Properties/{propertyId}
GET /api/Clients/Secrets/{secretId}
GET /api/Clients/{id}
GET /api/Clients/{id}/Claims
GET /api/Clients/{id}/Properties
GET /api/Clients/{id}/Secrets
GET /api/Dashboard/GetDashboardIdentity
GET /api/Dashboard/GetDashboardIdentityServer
GET /api/IdentityProviders
GET /api/IdentityProviders/CanInsertIdentityProvider
GET /api/IdentityProviders/{id}
GET /api/IdentityResources
GET /api/IdentityResources/CanInsertIdentityResource
GET /api/IdentityResources/CanInsertIdentityResourceProperty
GET /api/IdentityResources/Properties/{propertyId}
GET /api/IdentityResources/{id}
GET /api/IdentityResources/{id}/Properties
GET /api/Keys
GET /api/Keys/{id}
GET /api/PersistedGrants/Subjects
GET /api/PersistedGrants/Subjects/{subjectId}
GET /api/PersistedGrants/{id}
GET /api/ResetPassword/{id}/url
GET /api/Roles
GET /api/Roles/{id}
GET /api/Roles/{id}/Claims
GET /api/Roles/{id}/Users
GET /api/Users
GET /api/Users/ClaimType/{claimType}
GET /api/Users/ClaimType/{claimType}/ClaimValue/{claimValue}
GET /api/Users/{id}
GET /api/Users/{id}/Claims
GET /api/Users/{id}/Providers
GET /api/Users/{id}/RoleClaims
GET /api/Users/{id}/Roles
GET /api/users/unconfirmed
POST /api/Clients/Clone
POST /api/Roles/Claims
POST /api/Users/ChangePassword
POST /api/Users/Claims
POST /api/Users/Roles
POST /api/Users/{id}/ConfirmEmail
POST /api/Users/{id}/ForgotPassword
POST /api/users/credentials

Found on 2026-01-23 01:55

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: eu.estar.smart2.tech
Port: 443
URL: https://eu.estar.smart2.tech

First seen 2026-01-11 17:54
Last seen 2026-01-23 01:16
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4b970d29474b894086ec398f94a84dada1139b7ff
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /admin/sites/
GET /database/database
GET /geocode
GET /measurements/schemas
GET /measurements/schemas/structure
GET /measurements/schemas/structure/{measurement_name}
POST /admin/sites/geocode
PUT /admin/sites/{site_id}
```
  Found on 2026-01-23 01:16
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics-lda.pt
Port: 443
URL: https://www.actronics-lda.pt

First seen 2024-04-23 13:48
Last seen 2026-01-23 01:04
Open for 639 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 01:04

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:35

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.us
Port: 443
URL: https://www.actronics.us

First seen 2024-04-23 12:58
Last seen 2026-01-23 01:04
Open for 639 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 01:04

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:32

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.eu
Port: 443
URL: https://www.actronics.eu

First seen 2024-04-19 16:10
Last seen 2026-01-23 01:04
Open for 643 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 01:04

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:26

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: jobs.actronics.nl
Port: 443
URL: https://jobs.actronics.nl

First seen 2024-04-19 16:17
Last seen 2026-01-23 01:04
Open for 643 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 01:04

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:32

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: werkenbij.actronics.nl
Port: 443
URL: https://werkenbij.actronics.nl

First seen 2024-04-19 16:18
Last seen 2026-01-23 01:04
Open for 643 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 01:04

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:29

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.be
Port: 443
URL: https://actronics.be

First seen 2024-04-23 13:34
Last seen 2026-01-23 00:41
Open for 639 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-23 00:41

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 04:38

294 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.105.232.48
Domain: hirehut.cirruslabs.io
Port: 443
URL: https://hirehut.cirruslabs.io

First seen 2025-10-27 09:44
Last seen 2026-01-23 00:22
Open for 87 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c47dfe71947dfe719e65ff230215920056db6c59996efb6c2
```
Found 16 files trough .DS_Store spidering:

/characters
/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-border.png
/logo-c.png
/logo-m.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2026-01-23 00:22
- Severity: low
  Fingerprint: 5f32cf5d6962f09cc169dbbec169dbbeaf0b22d3be1a61d33d10b8170687dd98
```
Found 15 files trough .DS_Store spidering:

/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-border.png
/logo-c.png
/logo-m.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2026-01-02 01:42
- Severity: low
  Fingerprint: 5f32cf5d6962f09cc169dbbec169dbbeaf0b22d3be1a61d33d10b817628cc3d4
```
Found 15 files trough .DS_Store spidering:

/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-c.png
/logo-m.png
/logo-no-border.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2025-11-08 15:44
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf17642a63ae5df916fcc18916fcc18916fcc18
```
Found 2 files trough .DS_Store spidering:

/favicon
/images
```
  Found on 2025-11-07 02:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: zu-api.blueml.explorance.ai
Port: 443
URL: https://zu-api.blueml.explorance.ai

First seen 2026-01-11 01:47
Last seen 2026-01-22 23:13
Open for 11 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-22 23:13
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: www.actronics.at
Port: 443
URL: https://www.actronics.at

First seen 2024-04-23 13:31
Last seen 2026-01-22 22:43
Open for 639 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-22 22:43

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-04 19:33

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: monitors.test.semco.assetintegrityhub.com
Port: 443
URL: https://monitors.test.semco.assetintegrityhub.com

First seen 2026-01-11 14:34
Last seen 2026-01-16 14:43
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: process.test.semco.assetintegrityhub.com
Port: 443
URL: https://process.test.semco.assetintegrityhub.com

First seen 2026-01-11 14:58
Last seen 2026-01-16 14:43
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: designations.test.semco.assetintegrityhub.com
Port: 443
URL: https://designations.test.semco.assetintegrityhub.com

First seen 2026-01-11 17:24
Last seen 2026-01-16 14:41
Open for 4 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:41
Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics-ab.se
Port: 443
URL: https://actronics-ab.se

First seen 2024-04-23 13:46
Last seen 2026-01-16 11:17
Open for 632 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-16 11:17

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 07:27

294 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.105.232.48
Domain: actronics.pl
Port: 443
URL: https://actronics.pl

First seen 2024-04-23 13:59
Last seen 2026-01-16 07:22
Open for 632 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652204539553

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/website-app/_git/redirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[extensions]
	worktreeConfig = true
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-16 07:22

327 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522971aa35b

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
	longpaths = true
[remote "origin"]
	url = https://actronics@dev.azure.com/actronics/acwebsite-v2/_git/acredirects
	fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
	auto = 0
[http]
	version = HTTP/1.1

Found on 2026-01-02 08:03

294 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: car-selector.emp.emob-release-enbw.com
Port: 443
URL: https://car-selector.emp.emob-release-enbw.com

First seen 2025-10-15 14:06
Last seen 2026-01-16 02:50
Open for 92 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-16 02:50
- Severity: info
  Fingerprint: 5733ddf49ff49cd1a8bcc6e52d147b8ef5a9a2edc28a0c96c28a0c96c28a0c96
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /api/v1/cars
GET /api/v1/cars/{id}
GET /health
```
  Found on 2026-01-09 02:33
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.48
Domain: facturi.filbo.ro
Port: 443
URL: https://facturi.filbo.ro

First seen 2025-12-24 04:29
Last seen 2026-01-16 02:36
Open for 22 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549523cbcd8a78d3757ce18d8b3693aa251c892e924
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/mobile/v1/party/{partyNuid}/anaf-connection-status
GET /api/mobile/v1/party/{partyNuid}/received-invoices
GET /{code}
POST /api/mobile/v1/party/{partyNuid}/initiate-anaf-connection
POST /api/partners/v1/anaf-tokens
```
  Found on 2026-01-16 02:36
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.105.232.48
Domain: hirehut.cirruslabs.io
Port: 80
URL: http://hirehut.cirruslabs.io

First seen 2025-10-27 09:44
Last seen 2026-01-15 22:29
Open for 80 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c47dfe71947dfe719e65ff230215920056db6c59996efb6c2
```
Found 16 files trough .DS_Store spidering:

/characters
/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-border.png
/logo-c.png
/logo-m.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2026-01-15 22:29
- Severity: low
  Fingerprint: 5f32cf5d6962f09cc169dbbec169dbbeaf0b22d3be1a61d33d10b8170687dd98
```
Found 15 files trough .DS_Store spidering:

/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-border.png
/logo-c.png
/logo-m.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2026-01-01 22:05
- Severity: low
  Fingerprint: 5f32cf5d6962f09cc169dbbec169dbbeaf0b22d3be1a61d33d10b817628cc3d4
```
Found 15 files trough .DS_Store spidering:

/favicon
/favicon.ico
/Hire.png
/hirehutdemo.mp4
/images
/index.html
/logo-c.png
/logo-m.png
/logo-no-border.png
/logo.png
/logo192.png
/logo512.png
/manifest.json
/robots.txt
/splash.html
```
  Found on 2025-11-10 10:40
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf17642a63ae5df916fcc18916fcc18916fcc18
```
Found 2 files trough .DS_Store spidering:

/favicon
/images
```
  Found on 2025-11-07 03:14
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.48
Domain: quiki-pedia.com
Port: 443
URL: https://quiki-pedia.com

First seen 2025-11-28 11:05
Last seen 2025-12-10 19:47
Open for 12 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2025-12-10 19:47

190.9 kBytes

Create report

Open service 20.105.232.48:443 · chat.ccdcloud.eu

2026-02-04 21:06

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Date: Wed, 04 Feb 2026 21:07:30 GMT
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Set-Cookie: ARRAffinity=500559938492d396dbd12724769634ddb485518c6ded28c80437bdcb2bf41090;Path=/;HttpOnly;Secure;Domain=chat.ccdcloud.eu
Set-Cookie: ARRAffinitySameSite=500559938492d396dbd12724769634ddb485518c6ded28c80437bdcb2bf41090;Path=/;HttpOnly;SameSite=None;Secure;Domain=chat.ccdcloud.eu
Transfer-Encoding: chunked
Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
X-Powered-By: Next.js

Page title: AzureChatGPT

<!DOCTYPE html><html lang="en" class="h-full overflow-hidden"><head><meta charSet="utf-8"/><link rel="preload" as="font" href="/_next/static/media/2aaf0723e720e8b9-s.p.woff2" crossorigin="" type="font/woff2"/><link rel="stylesheet" href="/_next/static/css/18cab5a82cb6df6a.css" data-precedence="next"/><title>AzureChatGPT</title><meta name="description" content="AzureChatGPT"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="any"/><meta name="next-size-adjust"/><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body class="__className_0ec1f4 flex p-2 h-full gap-2 bg-page-background"><script>!function(){try{var d=document.documentElement,c=d.classList;c.remove('light','dark');var e=localStorage.getItem('theme');if('system'===e||(!e&&true)){var t='(prefers-color-scheme: dark)',m=window.matchMedia(t);if(m.media!==t||m.matches){d.style.colorScheme = 'dark';c.add('dark')}else{d.style.colorScheme = 'light';c.add('light')}}else if(e){c.add(e|| '')}if(e==='light'||e==='dark')d.style.colorScheme=e}catch(e){}}()</script><!--$--><div class="rounded-lg border bg-card text-card-foreground shadow-sm h-full flex-1 overflow-hidden relative items-center justify-center flex"><div class="rounded-lg border bg-card text-card-foreground shadow-sm flex gap-2 flex-col min-w-[300px]"><div class="flex flex-col space-y-1.5 p-6 gap-2"><h3 class="font-semibold tracking-tight text-2xl flex gap-2"><span class="relative flex shrink-0 overflow-hidden rounded-full h-8 w-8"></span><span>Azure<span class="text-muted-foreground">ChatGPT</span></span></h3><p class="text-sm text-muted-foreground">Login in with your GitHub or Microsoft 365 account</p></div><div class="p-6 pt-0 grid gap-4"><button class="inline-flex items-center justify-center rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 bg-primary text-primary-foreground hover:bg-primary/90 h-10 px-4 py-2">GitHub</button><button class="inline-flex items-center justify-center rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 bg-primary text-primary-foreground hover:bg-primary/90 h-10 px-4 py-2"> Microsoft 365</button></div></div></div><!--/$--><div role="region" aria-label="Notifications (F8)" tabindex="-1" style="pointer-events:none"><ol tabindex="-1" class="fixed top-0 z-[100] flex max-h-screen w-full flex-col-reverse p-4 sm:bottom-0 sm:right-0 sm:top-auto sm:flex-col md:max-w-[420px]"></ol></div><script src="/_next/static/chunks/webpack-e6b0ea89c4bac425.js" async=""></script><script src="/_next/static/chunks/87bc1fd9-31853b16e5a908ec.js" async=""></script><script src="/_next/static/chunks/801-504704b9578c7395.js" async=""></script><script src="/_next/static/chunks/main-app-d40b59aaca8365ea.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/media/2aaf0723e720e8b9-s.p.woff2\",{\"as\":\"font\",\"type\":\"font/woff2\"}]\n2:HL[\"/_next/static/css/18cab5a82cb6df6a.css\",{\"as\":\"style\"}]\n0:\"$L3\"\n"])</script><script>self.__next_f.push([1,"4:I{\"id\":68802,\"chunks\":[\"272:static/chunks/webpack-e6b0ea89c4bac425.js\",\"704:static/chunks/87bc1fd9-31853b16e5a908ec.js\",\"801:static/chunks/801-504704b9578c7395.js\"],\"name\":\"default\",\"async\":false}\n6:I{\"id\":14299,\"chunks\":[\"272:static/chunks/webpack-e6b0ea89c4bac425.js\",\"704:static/chunks/87bc1fd9-31853b16e5a908ec.js\",\"801:static/chunks/801-504704b9578c7395.js\"],\"name\":\"\",\"async\":false}\n7:I{\"id\":11561,\"chunks\":[\"273:static/chunks/273-81e893e4dad45253.js\",\"795:static/chunks/795-2a2b43490cf0cb7e.js\",\"134:sta"])</script><script>self.__next_f.push([1,"tic/chunks/134-e8162efd95fe9427.js\",\"1

Found 2026-02-04 by HttpPlugin

Host 20.105.232.48

The Netherlands

Software information

Git configuration and history exposed

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

Git configuration and history exposed

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

GraphQL introspection is enabled.