LeakIX - Host 20.105.232.52

Host 20.105.232.52

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Ubuntu

Software information

Apache Apache 2.4.58

tcp/443

Apache Apache

tcp/443

Apache-Coyote 1.1

tcp/443

Kestrel Kestrel

tcp/443 tcp/80

TornadoServer 6.4

tcp/443

gunicorn

tcp/443

nginx nginx 1.28.0

tcp/443 tcp/80

nginx nginx

tcp/443

nginx nginx 1.29.4

tcp/443

nginx nginx 1.29.1

tcp/443

nginx nginx 1.22.1

tcp/443

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: syscon-api.thernovo-dev.com
Port: 443
URL: https://syscon-api.thernovo-dev.com

First seen 2025-12-25 11:30
Last seen 2026-02-09 20:32
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354963ba8215270b045334ed0bcb2eb90b55ac8b8643

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /syscon-api/Geolocation/{Country}/{PostalCode}
GET /syscon-api/NormTemperature/country/{Country}/postalcode/{PostalCode}
GET /syscon-api/brand/{brand}/country/{country}/articleNumber/{articleNumber}/images
GET /syscon-api/brand/{brand}/country/{country}/articleNumber/{articleNumber}/mainImage
POST /syscon-api/BillOfMaterial/brand/{brand}/country/{country}/email
POST /syscon-api/BillOfMaterial/brand/{brand}/country/{country}/pdf
POST /syscon-api/BillOfMaterial/{brand}/excel
POST /syscon-api/UserSelection/exportUserValues
POST /syscon-api/UserSelection/extractPreviouslySelectedValues
POST /syscon-api/UserSelection/refreshCompositeResponse
POST /syscon-api/Vpw/country/{country}/brand/{brand}/calculate
POST /syscon-api/Vpw/country/{country}/brand/{brand}/technologies
POST /syscon-api/Vpw/mapPerformanceCurve
POST /syscon-api/country/{country}/brand/{brand}/products

Found on 2026-02-09 20:32

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494d599359e44792989d953b5095154b902613c842

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /brand/{brand}/country/{country}/articleNumber/{articleNumber}/image
GET /brand/{brand}/country/{country}/articleNumber/{articleNumber}/images
GET /syscon-api/Geolocation/{Country}/{PostalCode}
GET /syscon-api/NormTemperature/country/{Country}/postalcode/{PostalCode}
POST /syscon-api/BillOfMaterial/{brand}/email
POST /syscon-api/BillOfMaterial/{brand}/excel
POST /syscon-api/BillOfMaterial/{brand}/pdf
POST /syscon-api/UserSelection/exportUserValues
POST /syscon-api/UserSelection/extractPreviouslySelectedValues
POST /syscon-api/UserSelection/refreshCompositeResponse
POST /syscon-api/Vpw/country/{country}/brand/{brand}/calculate
POST /syscon-api/Vpw/country/{country}/brand/{brand}/technologies
POST /syscon-api/Vpw/mapPerformanceCurve
POST /syscon-api/country/{country}/brand/{brand}/products

Found on 2026-01-09 17:15

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: alliander-lms-t.scim-api.trainingscatalogus.nl
Port: 443
URL: https://alliander-lms-t.scim-api.trainingscatalogus.nl

First seen 2025-12-25 12:29
Last seen 2026-02-09 20:14
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493866d607763b256d342f6305214febdcf6e9254e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Cache
DELETE /Cache/{cacheKey}
DELETE /Users/{employeeId}
GET /Groups
GET /Groups/{id}
GET /OrganizationDepartments
GET /OrganizationDepartments/{id}
GET /Organizations
GET /Organizations/{id}
GET /ResourceTypes
GET /Schemas
GET /Schemas/{id}
GET /ServiceProviderConfig
GET /UserInvite/{id}
GET /Users
GET /Users/{id}
POST /Auth
POST /UserInvite
POST /Users/UpdateClassIdentity
```
  Found on 2026-02-09 20:14
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: e2e-tap.q-point-system-dev.com
Port: 443
URL: https://e2e-tap.q-point-system-dev.com

First seen 2025-12-20 16:42
Last seen 2026-02-09 19:47
Open for 51 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 19:47

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549330cc6ca678a1e1b62ad032394f7b29b609bec07

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/agent
GET /api/agent/DownloadSas
GET /api/apiKeyRoles
GET /api/apiKeys
GET /api/apiKeys/{apiKeyId}
GET /api/apiKeys/{apiKeyId}/key
GET /api/automationJobs/{clusterId}
GET /api/clusterInfo/{clusterIdentifier}
GET /api/clusters
GET /api/clusters/DoesMachineClusterAlreadyExists
GET /api/clusters/Id
GET /api/clusters/withType/{clusterType}
GET /api/clusters/{clusterIdentifier}/clientrelationsdata
GET /api/clusters/{clusterIdentifier}/customerdata
GET /api/clusters/{clusterIdentifier}/deliverydata
GET /api/clusters/{clusterIdentifier}/landingpage-images
GET /api/clusters/{clusterIdentifier}/landingpage-images/{imageName}
GET /api/clusters/{clusterIdentifier}/plants
GET /api/clusters/{clusterIdentifier}/qplantfeatures
GET /api/clusters/{clusterIdentifier}/qplantmasterdatasets
GET /api/clusters/{clusterIdentifier}/qplantnavigation
GET /api/clusters/{clusterIdentifier}/qplantsettings
GET /api/clusters/{clusterIdentifier}/qplantsubscriptionplan
GET /api/clusters/{clusterIdentifier}/qplantsupportusers
GET /api/clusters/{clusterIdentifier}/tbadeliverydata
GET /api/clusters/{clusterId}
GET /api/clusters/{clusterId}/CheckCName
GET /api/clusters/{clusterId}/CheckIdentifier/{identifier}
GET /api/clusters/{clusterId}/CheckName/{name}
GET /api/clusters/{clusterId}/apiKeys
GET /api/clusters/{clusterId}/apiKeys/{apiKeyId}
GET /api/clusters/{clusterId}/apiKeys/{apiKeyId}/key
GET /api/clusters/{clusterId}/devices
GET /api/clusters/{clusterId}/devices/HasDevices
GET /api/clusters/{clusterId}/devices/{deviceId}
GET /api/clusters/{clusterId}/devices/{deviceId}/ConnectionInformation
GET /api/clusters/{clusterId}/devices/{deviceId}/Disable
GET /api/clusters/{clusterId}/devices/{deviceId}/Enable
GET /api/clusters/{clusterId}/devices/{deviceId}/GenerateNewPrimaryKey
GET /api/clusters/{clusterId}/devices/{deviceId}/Ping
GET /api/clusters/{clusterId}/devices/{deviceId}/PushFile
GET /api/clusters/{clusterId}/devices/{deviceId}/RemoveSecondaryKey
GET /api/clusters/{clusterId}/devices/{deviceId}/restart
GET /api/localization/languages
GET /api/localization/texts/{language}/{part}
GET /api/logs
GET /api/navigation
GET /api/permissions
GET /api/qdirectoriesWorkspaces
GET /api/qdirectoriesWorkspaces/sponsors
GET /api/qdirectoriesWorkspaces/workspaceTypes
GET /api/qdirectoriesWorkspaces/{workspaceId}
GET /api/qdirectoriesWorkspaces/{workspaceId}/apiKeys
GET /api/qdirectoriesWorkspaces/{workspaceId}/apiKeys/{apiKeyId}
GET /api/qdirectoriesWorkspaces/{workspaceId}/apiKeys/{apiKeyId}/key
GET /api/qdirectoriesWorkspaces/{workspaceId}/features
GET /api/qdirectoriesWorkspaces/{workspaceId}/settings
GET /api/qdirectoriesclusters
GET /api/qplantclusters
GET /api/qsiteclusters
GET /api/subscription/ChangeState/{clusterIdentifier}/{jobID}
GET /api/subscription/JobID/{clusterId}
GET /api/subscription/JobState/{jobId}
GET /api/subscription/StartCreation/{clusterId}
GET /api/subscription/StartDeletion/{clusterId}
GET /api/subscription/StartSuspending/{clusterId}
GET /api/subscription/StartUnlock/{clusterId}
GET /api/subscription/StartUpdate/{clusterId}
GET /api/timezones
GET /api/users/{userId}/profileimage
GET /api/versions/{clusterType}
GET /api/workspaceInquiries
GET /api/workspaceInquiries/countries
GET /api/workspaceInquiries/validations/identifier/{identifier}
GET /api/workspaceInquiries/{workspaceInquiryId}
GET /api/workspaceInquiries/{workspaceInquiryId}/features
GET /api/workspaceInquiries/{workspaceInquiryId}/settings
GET /api/workspaces/administrativeRoles
GET /api/workspaces/operativeRoles
GET /api/workspaces/{clusterIdentifier}
GET /api/workspaces/{clusterIdentifier}/Languages
GET /api/workspaces/{clusterIdentifier}/SubscriptionPlans
GET /api/workspaces/{clusterIdentifier}/checkIdentifierAvailable/{identifierToCheck}
GET /api/workspaces/{clusterIdentifier}/featuresperworkspace
GET /api/workspaces/{clusterIdentifier}/metrics/{year}
GET /api/workspaces/{clusterIdentifier}/{workspaceId}
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/apiKeys
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/apiKeys/{apiKeyId}
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/apiKeys/{apiKeyId}/key
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/dashboardData
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/features
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/info
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/invoiceInfo
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/members
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/organizationInfo
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/paymentInfo
GET /api/workspaces/{clusterIdentifier}/{workspaceId}/subscriptionPlan
POST /api/clusters/downloadusercommunicationinformation
POST /api/clusters/{clusterId}/devices/{deviceId}/PushMessage
POST /api/clusters/{identifier}/dashboard
POST /api/qdirectoriesWorkspaces/{workspaceId}/supportusers
POST /api/subscription/JobStates
POST /api/subscription/SetState/{clusterIdentifier}
POST /api/workspaces/{clusterIdentifier}/{workspaceId}/computeDashboardData
POST /api/workspaces/{clusterIdentifier}/{workspaceId}/members/invite
POST /api/workspaces/{clusterIdentifier}/{workspaceId}/members/{memberId}/resendInvite
POST /api/workspaces/{clusterIdentifier}/{workspaceId}/qsitesupportusers
PUT /api/clusters/{clusterId}/devices/{deviceID}
PUT /api/clusters/{id}
PUT /api/clusters/{id}/comments
PUT /api/qdirectoriesWorkspaces/{workspaceId}/state/{newState}
PUT /api/workspaceInquiries/{workspaceInquiryId}/state/{newState}
PUT /api/workspaces/{clusterIdentifier}/{workspaceId}/members/{memberId}/profile

Found on 2026-01-23 04:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: services.beta.westeurope.azure.agromanager.link
Port: 80
URL: http://services.beta.westeurope.azure.agromanager.link

First seen 2026-01-12 22:11
Last seen 2026-02-09 19:44
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43f6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4f
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
POST /api/bakker/v1/sdf
```
  Found on 2026-02-09 19:44
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: alliander-lms-t.enrollment-api.trainingscatalogus.nl
Port: 443
URL: https://alliander-lms-t.enrollment-api.trainingscatalogus.nl

First seen 2025-12-25 12:20
Last seen 2026-02-09 18:38
Open for 46 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493866d607763b256dd1e18f7847be631f163bd603
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Cache
DELETE /Cache/{cacheKey}
GET /Certificates
GET /Certificates/{id}
GET /EmployeeProgram
GET /Enrollments
GET /Enrollments/{id}
GET /Exemptions
PUT /Enrollments/{id}/cancel
```
  Found on 2026-02-09 18:38
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: elli-test.jaf-group.com
Port: 443
URL: https://elli-test.jaf-group.com

First seen 2025-12-23 08:47
Last seen 2026-02-09 17:51
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 17:51
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: coremetadataapi.fefundinfo.com
Port: 443
URL: https://coremetadataapi.fefundinfo.com

First seen 2025-11-13 13:13
Last seen 2026-02-09 17:47
Open for 88 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4d8cb068641e2d9fffdccedf39e7ecc227b7bb5f3
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /changesets/{changesetId}
GET /data-update-requests/{requestId}
GET /{correlationId}/ingestion-results
GET /{requestId}/changesets/{changesetId}
GET /{requestId}/field-updates
GET /{requestId}/fields
GET /{requestId}/files
GET /{requestId}/ingestion/errors
GET /{requestId}/request-validations
GET /{requestId}/source-details
GET /{requestId}/traces
POST /data-update-requests
```
  Found on 2026-02-09 17:47
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4d8cb068641e2d9fffdccedf3121106d8b44ab122
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /changesets/{changesetId}
GET /data-update-requests/{requestId}
GET /{correlationId}/ingestion-results
GET /{requestId}/field-updates
GET /{requestId}/fields
GET /{requestId}/files
GET /{requestId}/ingestion/errors
GET /{requestId}/request-validations
GET /{requestId}/source-details
GET /{requestId}/traces
POST /data-update-requests
```
  Found on 2025-12-26 22:22
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: beheer.waterkracht.com
Port: 443
URL: https://beheer.waterkracht.com

First seen 2026-01-02 14:05
Last seen 2026-02-09 17:38
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 17:38
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: api-test.tradeservicing.cz
Port: 443
URL: https://api-test.tradeservicing.cz

First seen 2025-11-26 15:42
Last seen 2026-02-09 16:11
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 16:11
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: api.rizervia.com
Port: 443
URL: https://api.rizervia.com

First seen 2025-10-19 14:05
Last seen 2026-02-09 14:09
Open for 113 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8ae8ecc722af0d2b9d556abbf5d0510909b1373

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bookings/reviews/{reviewId}
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-types/{serviceTypeId}
DELETE /api/user/devices/{deviceId}
DELETE /api/user/favorites/{shopId}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/reviews
GET /api/Bookings/upcoming
GET /api/Bookings/user
GET /api/Bookings/{bookingId}
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/instagram/webhook
GET /api/regions/{countryCode}
GET /api/service-types/defaults
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/check-slug/{slug}
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/search
GET /api/shops/{idOrSlug}
GET /api/shops/{idOrSlug}/availability
GET /api/shops/{idOrSlug}/closestAvailability
GET /api/shops/{idOrSlug}/publicEmployees
GET /api/shops/{shopId}/auto-confirm-settings
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/cancellation-policy-settings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/instagram
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/reminder-settings
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-types
GET /api/shops/{shopId}/whatsapp
GET /api/test
GET /api/upload/info
GET /api/user/devices
GET /api/user/favorites
GET /api/user/notification-preferences
GET /api/user/notifications
GET /api/whatsapp/webhook
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
PATCH /api/Bookings/{bookingId}/reject
POST /api/Auth/apple/link
POST /api/Auth/apple/mobile
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/no-show
POST /api/Bookings/{bookingId}/review
POST /api/Categories/default-services
POST /api/Feedback
POST /api/admin/tools/trigger-notifications
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
POST /api/upload/profile-picture
POST /api/user/devices/{deviceId}/touch
POST /api/user/notifications/clear
POST /api/user/notifications/mark-read
PUT /api/Auth/profile
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2026-02-09 14:09

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-29 21:48

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8ae8ecc722af0d2b9d556abbf5d05106aafcc59

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bookings/reviews/{reviewId}
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-types/{serviceTypeId}
DELETE /api/user/devices/{deviceId}
DELETE /api/user/favorites/{shopId}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/reviews
GET /api/Bookings/upcoming
GET /api/Bookings/user
GET /api/Bookings/{bookingId}
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/instagram/webhook
GET /api/regions/{countryCode}
GET /api/service-types/defaults
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/auto-confirm-settings
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/cancellation-policy-settings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/closestAvailability
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/instagram
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reminder-settings
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-types
GET /api/shops/{shopId}/whatsapp
GET /api/test
GET /api/upload/info
GET /api/user/devices
GET /api/user/favorites
GET /api/user/notification-preferences
GET /api/user/notifications
GET /api/whatsapp/webhook
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
PATCH /api/Bookings/{bookingId}/reject
POST /api/Auth/apple/link
POST /api/Auth/apple/mobile
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/no-show
POST /api/Bookings/{bookingId}/review
POST /api/Categories/default-services
POST /api/Feedback
POST /api/admin/tools/trigger-notifications
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
POST /api/upload/profile-picture
POST /api/user/devices/{deviceId}/touch
POST /api/user/notifications/clear
POST /api/user/notifications/mark-read
PUT /api/Auth/profile
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-12-08 05:24

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8ae8ecc722af0d2b9d556abbf5d0510280d7b96

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bookings/reviews/{reviewId}
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-types/{serviceTypeId}
DELETE /api/user/devices/{deviceId}
DELETE /api/user/favorites/{shopId}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/reviews
GET /api/Bookings/upcoming
GET /api/Bookings/user
GET /api/Bookings/{bookingId}
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/instagram/webhook
GET /api/regions/{countryCode}
GET /api/service-types/defaults
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/closestAvailability
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/instagram
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-types
GET /api/shops/{shopId}/whatsapp
GET /api/test
GET /api/upload/info
GET /api/user/devices
GET /api/user/favorites
GET /api/user/notification-preferences
GET /api/user/notifications
GET /api/whatsapp/webhook
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
PATCH /api/Bookings/{bookingId}/reject
POST /api/Auth/apple/link
POST /api/Auth/apple/mobile
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/review
POST /api/Categories/default-services
POST /api/Feedback
POST /api/admin/tools/trigger-notifications
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
POST /api/user/devices/{deviceId}/touch
POST /api/user/notifications/clear
POST /api/user/notifications/mark-read
PUT /api/Auth/profile
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-11-30 13:59

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e8ae8ecc722af0d2b9d556abbd7b045e22ba55e4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bookings/reviews/{reviewId}
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-categories/{categoryName}
DELETE /api/user/devices/{deviceId}
DELETE /api/user/favorites/{shopId}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/reviews
GET /api/Bookings/upcoming
GET /api/Bookings/user
GET /api/Bookings/{bookingId}
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/instagram/webhook
GET /api/regions/{countryCode}
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/closestAvailability
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/instagram
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-categories
GET /api/shops/{shopId}/whatsapp
GET /api/test
GET /api/upload/info
GET /api/user/devices
GET /api/user/favorites
GET /api/user/notification-preferences
GET /api/user/notifications
GET /api/whatsapp/webhook
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
PATCH /api/Bookings/{bookingId}/reject
POST /api/Auth/apple/link
POST /api/Auth/apple/mobile
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/review
POST /api/Feedback
POST /api/admin/tools/trigger-notifications
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
POST /api/user/devices/{deviceId}/touch
POST /api/user/notifications/clear
POST /api/user/notifications/mark-read
PUT /api/Auth/profile
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-11-14 09:09

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d335a01da0cebd369e145ecfa963dda26a705f1b

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-categories/{categoryName}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/user
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/instagram/webhook
GET /api/regions/{countryCode}
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/closestAvailability
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/instagram
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-categories
GET /api/shops/{shopId}/whatsapp
GET /api/test
GET /api/upload/info
GET /api/whatsapp/webhook
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
POST /api/Auth/apple/link
POST /api/Auth/apple/mobile
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/review
POST /api/Feedback
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
PUT /api/Auth/profile
PUT /api/Bookings/{bookingId}
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-11-08 08:46

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d335a01da0cebd369e145ecfa963dda2592bbc2d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-categories/{categoryName}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/user
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/regions/{countryCode}
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-categories
GET /api/test
GET /api/upload/info
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
POST /api/Auth/apple/link
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/review
POST /api/Feedback
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
PUT /api/Auth/profile
PUT /api/Bookings/{bookingId}
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-10-29 10:06

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d335a01da0cebd369e145ecfa963dda26a0e7778

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/shops/{shopId}/employees/{employeeId}
DELETE /api/shops/{shopId}/roles/{userId}
DELETE /api/shops/{shopId}/service-categories/{categoryName}
GET /
GET /api/Auth/apple/callback
GET /api/Auth/debug-cookies
GET /api/Auth/google/callback
GET /api/Auth/me
GET /api/Bookings/user
GET /api/Categories
GET /api/Categories/{id}
GET /api/Categories/{id}/shops
GET /api/countries
GET /api/countries/{countryId}
GET /api/employees/{employeeId}
GET /api/employees/{employeeId}/schedule
GET /api/regions/{countryCode}
GET /api/services
GET /api/services/{id}
GET /api/shops
GET /api/shops/my-shops
GET /api/shops/public
GET /api/shops/{id}
GET /api/shops/{shopId}/availability
GET /api/shops/{shopId}/bookings
GET /api/shops/{shopId}/categories
GET /api/shops/{shopId}/dashboard/portfolio
GET /api/shops/{shopId}/dashboard/stats
GET /api/shops/{shopId}/employees
GET /api/shops/{shopId}/portfolio
GET /api/shops/{shopId}/publicEmployees
GET /api/shops/{shopId}/reviews
GET /api/shops/{shopId}/roles/permissions
GET /api/shops/{shopId}/roles/users
GET /api/shops/{shopId}/roles/{userId}/role
GET /api/shops/{shopId}/service-categories
GET /api/test
GET /api/upload/info
PATCH /api/Bookings/{bookingId}/cancel
PATCH /api/Bookings/{bookingId}/complete
PATCH /api/Bookings/{bookingId}/confirm
POST /api/Auth/apple/exchange
POST /api/Auth/apple/link
POST /api/Auth/check-email
POST /api/Auth/google/link
POST /api/Auth/google/mobile
POST /api/Auth/signin
POST /api/Auth/signout
POST /api/Auth/signup
POST /api/Bookings
POST /api/Bookings/{bookingId}/review
POST /api/Feedback
POST /api/employees/schedule
POST /api/shops/{shopId}/roles/assign
POST /api/shops/{shopId}/roles/system/assign-admin-to-owners
POST /api/upload/image
POST /api/upload/images/multiple
PUT /api/Auth/profile
PUT /api/Bookings/{bookingId}
PUT /api/shops/{shopId}
PUT /api/shops/{shopId}/dashboard/portfolio/{portfolioItemId}

Found on 2025-10-19 14:05

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: beheer.waterkracht.com
Port: 80
URL: http://beheer.waterkracht.com

First seen 2026-01-02 14:05
Last seen 2026-02-09 08:29
Open for 37 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 08:29
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: account.waterkracht.com
Port: 80
URL: http://account.waterkracht.com

First seen 2026-01-05 11:46
Last seen 2026-02-09 06:51
Open for 34 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 06:51
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.52
Domain: artezbrand.com
Port: 443
URL: https://artezbrand.com

First seen 2025-11-21 10:36
Last seen 2026-02-02 05:56
Open for 72 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6aea7eea520a203a70eea99b11f06cd8d1f06cd8d

GraphQL introspection enabled at /api/graphql
Types: 96 (by kind: ENUM: 3, INPUT_OBJECT: 3, INTERFACE: 3, OBJECT: 81, SCALAR: 6)
Operations:
- Query: Query | fields: allowedCountries, countries, currencies, provinces, timezones
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2026-02-02 05:56

150.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6aea7eea520a203a70eea99b11f06cd8dc9ff71d0

GraphQL introspection enabled at /api/graphql
Types: 96 (by kind: ENUM: 3, INPUT_OBJECT: 3, INTERFACE: 3, OBJECT: 81, SCALAR: 6)
Operations:
- Query: Query | fields: allowedCountries, countries, currencies, provinces, timezones
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Detected: Magento

Found on 2026-01-23 00:21

150.3 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: e2e-fdh.q-point-system-dev.com
Port: 443
URL: https://e2e-fdh.q-point-system-dev.com

First seen 2025-12-20 17:54
Last seen 2026-02-02 05:54
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 05:54
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: api.fmedlem.dk
Port: 443
URL: https://api.fmedlem.dk

First seen 2026-01-11 09:15
Last seen 2026-02-02 05:30
Open for 21 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 05:30

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eeacca3184567a5788ed86707afdca35c2946800

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /activities/{activityId}/periods/{periodId}/members/{memberId}
DELETE /members/{memberId}/registrations/{id}
GET /FMedlem/DownloadExcel
GET /FMedlem/DownloadExcelAllMembers
GET /activities
GET /activities/options/activity
GET /activities/options/cfr
GET /activities/options/mycfr
GET /activities/options/payment
GET /activities/{activityId}/periods/{periodId}/paymentsummary
GET /activities/{activityId}/periods/{period}/members
GET /activities/{id}
GET /app/aaa
GET /app/boot
GET /app/cache/clear
GET /app/club/companies
GET /app/club/company/{tokenId}
GET /app/club/messagetypes
GET /app/clubs
GET /app/init
GET /app/invoice/sample/{registrationId}/{email}
GET /app/period/{periodId}/deactivate
GET /app/period/{periodId}/delete
GET /app/statictics/allmembers
GET /app/statictics/allmembersbyactivity
GET /app/statictics/allmembersbyactivityandgender
GET /app/statictics/allmembersbyagerange
GET /app/totalmembers
GET /app/view/member/{memberId}
GET /app/view/members
GET /app/view/period/{periodId}
GET /clubs/my
GET /companyclub/deactivate
GET /companyclub/delete
GET /companyclub/options/years
GET /companyclub/tokenLink
GET /companyclub/tokenLink/delete
GET /companyclub/view
GET /companyclub/view/orderfile
GET /companyclub/view/orders
GET /companyclub/view/registrations
GET /companyclubs
GET /companyclubs/{id}
GET /fshop/club/{clubId}/accounts
GET /fshop/club/{clubId}/accounts/{accountNumber}
GET /fshop/club/{clubId}/activities
GET /fshop/club/{clubId}/activities/{activityId}/periods
GET /fshop/club/{clubId}/departments
GET /fshop/club/{clubId}/departments/{departmentId}
GET /fshop/club/{clubId}/products
GET /invoices/{invoiceId}.pdf
GET /members
GET /members/dashboardNumbers
GET /members/dublicates
GET /members/exists
GET /members/{id}
GET /periods
GET /periods/options/years
GET /registrations
GET /school/allclubs
GET /school/find
GET /school/getExisting
GET /school/validate
GET /statistics/cfr
GET /statistics/cfr/download
GET /statistics/detailed
POST /activities/{activityId}/periods
POST /activities/{activityId}/periods/{periodId}/members
POST /activities/{activityId}/periods/{periodId}/members/batch
POST /api/payments/Clubs/{clubId}
POST /app/period/{activityId}/{periodId}/addMembersToPeriod
POST /app/view/member/create
POST /app/view/member/{memberId}/update
POST /app/view/message/send
POST /app/view/period/create
POST /app/view/period/{periodId}/paymentsForMembers
POST /app/view/period/{periodId}/removeMembersFromPeriod
POST /app/view/period/{periodId}/update
POST /companyclub/add
POST /companyclub/saveRegistrations
POST /companyclub/tokenLink/create
POST /companyclub/update
POST /members/DownloadExcelMembersList
POST /members/ImportMembersList
POST /members/MergeMembers
POST /members/Message
POST /members/SignUp
POST /members/UpdatePaymentStatus
POST /orders
POST /orders/credit/{orderNumber}
POST /orders/registerOrderData
POST /periods/{periodId}/payment
POST /school/create/{clubId}
POST /school/reregistration
PUT /activities/{activityId}/periods/{id}
PUT /companyclubs/{id}/{tokenId}

Found on 2026-01-17 01:45

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: account.waterkracht.com
Port: 443
URL: https://account.waterkracht.com

First seen 2026-01-05 11:46
Last seen 2026-02-02 02:36
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 02:36
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: code-breaker.nl
Port: 443
URL: https://code-breaker.nl

First seen 2025-12-12 02:16
Last seen 2026-02-01 22:18
Open for 51 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-01 22:18
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: cms.stage.mit.vestfor.dk
Port: 443
URL: https://cms.stage.mit.vestfor.dk

First seen 2025-12-26 11:00
Last seen 2026-01-23 05:38
Open for 27 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60732037d10b21cfb859d21ba5bfd0a2cd36867c9e

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/auto-complete
GET /api/v1/auto-complete/{id}
GET /api/v1/customer-portal
GET /api/v1/customer-portal/advice
GET /api/v1/customer-portal/advice/filter
GET /api/v1/customer-portal/consumption
GET /api/v1/customer-portal/contact
GET /api/v1/customer-portal/inbox
GET /api/v1/customer-portal/installation
GET /api/v1/customer-portal/login
GET /api/v1/customer-portal/profile
GET /api/v1/customer-portal/settings
GET /api/v1/district-heating/address-lookup
GET /api/v1/events
GET /api/v1/events/filters
GET /api/v1/general/languages
GET /api/v1/general/sitemap
GET /api/v1/general/translations
GET /api/v1/health
GET /api/v1/jobs
GET /api/v1/jobs/{id}
GET /api/v1/login
GET /api/v1/news
GET /api/v1/news/tags
GET /api/v1/pages
GET /api/v1/pages/root
GET /api/v1/pages/{id}
GET /api/v1/pages/{id}/ancestors
GET /api/v1/pages/{id}/children
GET /api/v1/pages/{id}/descendants
GET /api/v1/recycling-stations
GET /api/v1/search
GET /api/v1/settings
GET /api/v1/vestfor-search
POST /api/v1/district-heating/interest
POST /api/v1/district-heating/offer
POST /api/v1/district-heating/opt-out
POST /api/v1/district-heating/owner-details
POST /api/v1/jobs/apply/{id}

Found on 2026-01-23 05:38

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: migrateapi.dixysacc.com
Port: 443
URL: https://migrateapi.dixysacc.com

First seen 2025-12-07 04:22
Last seen 2026-01-23 04:18
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549eef337bf7a09cfd3c41cd3c873c8df528c8ad895

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/SalesForce/{origin}/{restaurantId}
GET /api/Bookings/{origin}/{restaurantId}
GET /api/Bookings/{origin}/{restaurantId}/Status
GET /api/CustomerSheets/{origin}/{restaurantId}
GET /api/CustomerSheets/{origin}/{restaurantId}/Status
GET /api/Disable/{origin}/{restaurantId}
GET /api/Finish/{origin}/{restaurantId}
GET /api/History/{origin}/{restaurantId}
GET /api/History/{origin}/{restaurantId}/Status
GET /api/Init/{origin}/{restaurantId}
GET /api/Jobs/details/{id}
GET /api/Jobs/queue
GET /api/Jobs/servers
GET /api/NotifyZenchef/{origin}/{restaurantId}
GET /api/NotifyZenchefPhase1/{origin}/{restaurantId}
GET /api/NotifyZenchefPhase2/{origin}/{restaurantId}
GET /api/Partners
GET /api/Partners/Export
GET /api/Phase2/{origin}/{restaurantId}
GET /api/Phase2/{origin}/{restaurantId}/Disable
GET /api/Phase2/{origin}/{restaurantId}/NotifyZenchef
GET /api/Restaurant/{origin}/{restaurantId}
GET /api/Restaurant/{origin}/{restaurantId}/Check
GET /api/Restaurant/{origin}/{restaurantId}/Status
GET /api/Reviews/{origin}/{restaurantId}
GET /api/Reviews/{origin}/{restaurantId}/Status
GET /api/Rooms/{origin}/{restaurantId}
GET /api/Rooms/{origin}/{restaurantId}/Status
GET /api/SalesForce
GET /api/SalesForce/{id}
GET /api/Shifts/{origin}/{restaurantId}
GET /api/Shifts/{origin}/{restaurantId}/Status
GET /api/User/{origin}/{originId}/{userId}
GET /api/VoucherCodes/{origin}/{restaurantId}
GET /api/VoucherCodes/{origin}/{restaurantId}/Status
GET /api/VoucherCodesHistory/{origin}/{restaurantId}
GET /api/VoucherCodesHistory/{origin}/{restaurantId}/Status
GET /api/bookings2/{origin}/{restaurantId}
GET /api/customersheetsphase2/{origin}/{restaurantId}
GET /api/vouchercodes2/{origin}/{restaurantId}
GET /overview/filter/{origin}
GET /overview/filter/{origin}/{statusRaw}
POST /api/Appointment/{origin}/{restaurantId}
POST /api/Appointment/{origin}/{restaurantId}/CalendlyOnboardingEnded
POST /api/Appointment/{origin}/{restaurantId}/CalendlyOnboardingStarted
POST /api/Copilot/{origin}/{restaurantId}
POST /api/Copilot/{origin}/{restaurantId}/login-details-confirmed
POST /api/Init
POST /api/Partners/Import
POST /api/Phase2/ActivateJob
POST /api/Phase2/DeactivateJob
POST /api/Phase2/StartEligible
POST /api/User/{origin}/{originId}

Found on 2026-01-23 04:18

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-26 14:42

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d603350d2366bc38fa4a9d8778b3a83e7cf4b472008

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/SalesForce/{origin}/{restaurantId}
GET /api/Bookings/{origin}/{restaurantId}
GET /api/Bookings/{origin}/{restaurantId}/Status
GET /api/CustomerSheets/{origin}/{restaurantId}
GET /api/CustomerSheets/{origin}/{restaurantId}/Status
GET /api/Disable/{origin}/{restaurantId}
GET /api/Finish/{origin}/{restaurantId}
GET /api/History/{origin}/{restaurantId}
GET /api/History/{origin}/{restaurantId}/Status
GET /api/Init/{origin}/{restaurantId}
GET /api/Jobs/details/{id}
GET /api/Jobs/queue
GET /api/Jobs/servers
GET /api/NotifyZenchef/{origin}/{restaurantId}
GET /api/NotifyZenchefPhase1/{origin}/{restaurantId}
GET /api/NotifyZenchefPhase2/{origin}/{restaurantId}
GET /api/Partners
GET /api/Partners/Export
GET /api/Phase2/{origin}/{restaurantId}
GET /api/Phase2/{origin}/{restaurantId}/Disable
GET /api/Phase2/{origin}/{restaurantId}/NotifyZenchef
GET /api/Restaurant/{origin}/{restaurantId}
GET /api/Restaurant/{origin}/{restaurantId}/Check
GET /api/Restaurant/{origin}/{restaurantId}/Status
GET /api/Reviews/{origin}/{restaurantId}
GET /api/Reviews/{origin}/{restaurantId}/Status
GET /api/Rooms/{origin}/{restaurantId}
GET /api/Rooms/{origin}/{restaurantId}/Status
GET /api/SalesForce
GET /api/SalesForce/{id}
GET /api/Shifts/{origin}/{restaurantId}
GET /api/Shifts/{origin}/{restaurantId}/Status
GET /api/User/{origin}/{originId}/{userId}
GET /api/VoucherCodes/{origin}/{restaurantId}
GET /api/VoucherCodes/{origin}/{restaurantId}/Status
GET /api/VoucherCodesHistory/{origin}/{restaurantId}
GET /api/VoucherCodesHistory/{origin}/{restaurantId}/Status
GET /api/bookings2/{origin}/{restaurantId}
GET /api/customersheetsphase2/{origin}/{restaurantId}
GET /api/vouchercodes2/{origin}/{restaurantId}
GET /overview/filter/{origin}
GET /overview/filter/{origin}/{statusRaw}
POST /api/Appointment/{origin}/{restaurantId}
POST /api/Appointment/{origin}/{restaurantId}/CalendlyOnboardingEnded
POST /api/Appointment/{origin}/{restaurantId}/CalendlyOnboardingStarted
POST /api/Copilot/{origin}/{restaurantId}
POST /api/Copilot/{origin}/{restaurantId}/login-details-confirmed
POST /api/Init
POST /api/Partners/Import
POST /api/Phase2/ActivateJob
POST /api/Phase2/DeactivateJob
POST /api/Phase2/StartEligible
POST /api/User/{origin}/{originId}

Found on 2025-12-07 04:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: alliander-lms-t.webhook-api.trainingscatalogus.nl
Port: 443
URL: https://alliander-lms-t.webhook-api.trainingscatalogus.nl

First seen 2025-12-25 12:20
Last seen 2026-01-23 00:52
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035495a30fcb921d56bf770af5bd3ecb5fc39689f7bf7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /CertificateSubscriptions
GET /CertificateSubscriptions/events
GET /CertificateSubscriptions/{id}
GET /CourseSubscriptions
GET /CourseSubscriptions/events
GET /CourseSubscriptions/{id}
GET /EnrollmentSubscriptions
GET /EnrollmentSubscriptions/events
GET /EnrollmentSubscriptions/{id}
GET /Subscriptions
```
  Found on 2026-01-23 00:52
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: alliander-lms-t.product-api.trainingscatalogus.nl
Port: 443
URL: https://alliander-lms-t.product-api.trainingscatalogus.nl

First seen 2025-12-25 12:20
Last seen 2026-01-23 00:52
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493866d607763b256d1421446919143277db2cb692
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Cache
DELETE /Cache/{cacheKey}
GET /Catalog
GET /Course
GET /Course/prices
GET /Course/skills
GET /Course/{id}
GET /Course/{id}/prices
GET /DevelopmentPlan
GET /DevelopmentPlan/{id}
GET /Event/prices
GET /Event/{id}/prices
```
  Found on 2026-01-23 00:52
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.52
Domain: www.artezbrand.com
Port: 443
URL: https://www.artezbrand.com

First seen 2025-11-21 00:34
Last seen 2026-01-23 00:42
Open for 63 days

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6aea7eea520a203a70eea99b11f06cd8dc9ff71d0

GraphQL introspection enabled at /api/graphql
Types: 96 (by kind: ENUM: 3, INPUT_OBJECT: 3, INTERFACE: 3, OBJECT: 81, SCALAR: 6)
Operations:
- Query: Query | fields: allowedCountries, countries, currencies, provinces, timezones
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Detected: Magento

Found on 2026-01-23 00:42

150.3 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6aea7eea520a203a70eea99b11f06cd8d1f06cd8d

GraphQL introspection enabled at /api/graphql
Types: 96 (by kind: ENUM: 3, INPUT_OBJECT: 3, INTERFACE: 3, OBJECT: 81, SCALAR: 6)
Operations:
- Query: Query | fields: allowedCountries, countries, currencies, provinces, timezones
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)

Found on 2025-12-10 12:55

150.3 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: bif-tv.dwarf.dk
Port: 443
URL: https://bif-tv.dwarf.dk

First seen 2026-01-09 02:50
Last seen 2026-01-23 00:33
Open for 13 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d606d8399dd5ec0e9edf1fa46414dd59e943c8a3913

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/feeds
GET /api/v1/feeds/categories
GET /api/v1/feeds/categories/{id}
GET /api/v1/feeds/{id}
GET /api/v1/global
GET /api/v1/global/sitemap
GET /api/v1/health
GET /api/v1/liga-login
GET /api/v1/migration/blocks
GET /api/v1/migration/blocks/{alias}
GET /api/v1/migration/page-types
GET /api/v1/migration/page-types/{alias}
GET /api/v1/migration/postman-collection-examples
GET /api/v1/migration/supported-editor-resolvers
GET /api/v1/pages
GET /api/v1/pages/{id}
GET /api/v1/pages/{id}/content
GET /api/v1/pages/{id}/sub-pages
GET /api/v1/pages/{id}/subpages
GET /api/v1/search
GET /api/v1/search/filters
GET /api/v1/search/suggestions
GET /api/v1/youtube
POST /api/v1/migration/media
POST /api/v1/migration/page

Found on 2026-01-23 00:33

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: test.careertracker.eu
Port: 80
URL: http://test.careertracker.eu

First seen 2026-01-04 12:42
Last seen 2026-01-22 21:40
Open for 18 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60d7799299404108955c1dd92c1fa20d44ac52c690

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/cancel
DELETE /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/reject
DELETE /api/feedback/{feedbackReference}/responders/{responderReference}
DELETE /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/cancel
DELETE /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/reject
GET /api/assessment/{assessmentReference}
GET /api/assessment/{assessmentReference}/intro
GET /api/assessment/{assessmentReference}/question
GET /api/employee/{employeeReference}/contextnotes
GET /api/employee/{employeeReference}/contextnotes/list
GET /api/employee/{employeeReference}/interactionnotes/list
GET /api/employee/{employeeReference}/interactionnotes/{textNoteReference}
GET /api/feedback
GET /api/feedback/openrequests
GET /api/feedback/response/{feedbackReference}/{feedbackResponderReference}
GET /api/feedback/{feedbackReference}
GET /api/feedback/{feedbackReference}/{responderReference}/feedback
GET /api/justtesting
GET /api/organizations/{organizationReference}/profile
GET /api/organizations/{organizationReference}/structures
GET /api/organizations/{organizationReference}/structures/{structureReference}
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams/{teamReference}
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams/{teamReference}/parent/{parentTeamReference}
GET /api/organizations/{organizationReference}/users
GET /api/organizations/{organizationReference}/users/{userReference}
GET /api/roles/{organizationreference}
GET /api/roles/{organizationreference}/level
GET /api/roles/{organizationreference}/level/{roleLevelReference}
GET /api/roles/{organizationreference}/{roleReference}
GET /api/weatherforecast
GET /external/feedback/response/{feedbackReference}/{feedbackResponderReference}
GET /iktest
GET /images/avatar/{workerReference}
GET /images/profile/{workerReference}
POST /api/assessment/{assessmentReference}/answer
POST /api/assessment/{assessmentReference}/finish
POST /api/assessment/{assessmentReference}/index
POST /api/assessment/{assessmentReference}/next
POST /api/assessment/{assessmentReference}/previous
POST /api/assessment/{assessmentReference}/start
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}/redo
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}/undo
POST /api/employee/{employeeReference}/interactionnotes/{textNoteReference}/redo
POST /api/employee/{employeeReference}/interactionnotes/{textNoteReference}/undo
POST /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/accept
POST /api/feedback/{feedbackReference}/coworkers/search
POST /api/feedback/{feedbackReference}/questions/order
POST /api/feedback/{feedbackReference}/responders/coworker
POST /api/feedback/{feedbackReference}/responders/external
POST /api/feedback/{feedbackReference}/submit
POST /api/organizations/{organizationReference}/users/{userReference}/role/{roleLevelReference}
POST /clientnotificationhub/negotiate
POST /testhub/negotiate
PUT /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/finish
PUT /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/{questionReference}
PUT /api/feedback/{feedbackReference}/description/{description}
PUT /api/feedback/{feedbackReference}/questions/{questionReference}
PUT /api/feedback/{feedbackReference}/title/{title}
PUT /api/organizations/{organizationReference}/profile/mission
PUT /api/organizations/{organizationReference}/profile/values/{coreValueReference}
PUT /api/organizations/{organizationReference}/profile/values/{coreValueReference}/{index}
PUT /api/organizations/{organizationReference}/profile/vision
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/accept
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/finish
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/{questionReference}

Found on 2026-01-22 21:40

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: dev.akkordplus.dk
Port: 443
URL: https://dev.akkordplus.dk

First seen 2026-01-11 04:39
Last seen 2026-01-22 21:28
Open for 11 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a08578c6e70ab4020d2b257cce6c497017a3e918

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/account/favorites/{favoriteListId}/affiliate/{favoriteListAffiliateId}
DELETE /api/account/favorites/{favoriteListId}/items/{favoriteListItemId}
DELETE /api/projects/{projectId}/documents/{documentId}
DELETE /api/projects/{projectId}/extraworkagreements/{extraWorkAgreementId}/documents/{documentId}
DELETE /api/projects/{projectId}/folders/{folderId}
DELETE /api/projects/{projectId}/folders/{folderId}/documents/{documentId}
DELETE /api/projects/{projectId}/users/{affiliateId}
GET /api/Health
GET /api/account/favorites
GET /api/administration/baserateandsupplement
GET /api/administration/importreferences
GET /api/administration/importreferences/{importReferenceId}/importreportasspreadsheet
GET /api/administration/metrics
GET /api/administration/profitshare
GET /api/administration/projects-information
GET /api/administration/supplements
GET /api/administration/users-information
GET /api/business-intelligence
GET /api/business-intelligence/projects
GET /api/catalog/materials/{materialId}
GET /api/catalog/operations/{operationId}
GET /api/catalog/supplements
GET /api/config
GET /api/documents/{documentId}
GET /api/notifications
GET /api/notifications/all
GET /api/ping
GET /api/profileinfo
GET /api/projects
GET /api/projects/{projectId}
GET /api/projects/{projectId}/compensations
GET /api/projects/{projectId}/extraworkagreements/rates
GET /api/projects/{projectId}/extraworkagreements/{extraWorkAgreementId}/statusTransitions
GET /api/projects/{projectId}/extraworkgreements
GET /api/projects/{projectId}/favorites
GET /api/projects/{projectId}/folders
GET /api/projects/{projectId}/folders/{folderId}/summation
GET /api/projects/{projectId}/folders/{folderId}/workitems
GET /api/projects/{projectId}/folders/{folderId}/workitems/grouped
GET /api/projects/{projectId}/invitations/{invitationId}
GET /api/projects/{projectId}/logbook
GET /api/projects/{projectId}/logbook/{userId}/weeks/{year}/{month}/{day}
GET /api/projects/{projectId}/logbook/{userId}/weeks/{year}/{week}
GET /api/projects/{projectId}/projectspecificoperation
GET /api/projects/{projectId}/projectspecificoperationsandfavorites
GET /api/projects/{projectId}/reports/logbookspreadsheet
GET /api/projects/{projectId}/reports/projectinfo
GET /api/projects/{projectId}/reports/statusreportspreatsheet
GET /api/projects/{projectId}/reports/workitemsspreadsheet
GET /api/projects/{projectId}/summation
GET /api/projects/{projectId}/users
POST /api/account/favorites/{favoriteListId}/items
POST /api/account/favorites/{favoriteListId}/user
POST /api/catalog/materials/search
POST /api/catalog/operations/search
POST /api/notifications/markAsRead
POST /api/projects/{projectId}/calculations/importcalculation
POST /api/projects/{projectId}/compensations/participants
POST /api/projects/{projectId}/description
POST /api/projects/{projectId}/documents
POST /api/projects/{projectId}/extraworkagreements
POST /api/projects/{projectId}/extraworkagreements/{extraWorkAgreementId}/documents
POST /api/projects/{projectId}/folders/{folderId}/documents
POST /api/projects/{projectId}/folders/{folderId}/extrawork
POST /api/projects/{projectId}/folders/{folderId}/lock
POST /api/projects/{projectId}/folders/{folderId}/supplements
POST /api/projects/{projectId}/folders/{folderId}/workitems/material
POST /api/projects/{projectId}/folders/{folderId}/workitems/material/preview
POST /api/projects/{projectId}/folders/{folderId}/workitems/operation
POST /api/projects/{projectId}/folders/{folderId}/workitems/operation/preview
POST /api/projects/{projectId}/folders/{folderId}/workitems/projectspecificoperation
POST /api/projects/{projectId}/folders/{folderId}/workitems/projectspecificoperation/preview
POST /api/projects/{projectId}/folders/{sourceFolderId}/workitems/copy
POST /api/projects/{projectId}/invitations
POST /api/projects/{projectId}/logbook/salaryadvance
POST /api/projects/{projectId}/logbook/weeks
POST /api/projects/{projectId}/logbook/weeks/close
POST /api/projects/{projectId}/logbook/weeks/open
POST /api/projects/{projectId}/projectinformationandtype
POST /api/projects/{projectId}/projectspecificoperation/{projectSpecificOperationId}
POST /api/projects/{projectId}/setup/projectcompany
PUT /api/account/favorites/{favoriteListId}
PUT /api/projects/{projectId}/extraworkagreements/{extraWorkAgreementId}
PUT /api/projects/{projectId}/folders/move
PUT /api/projects/{projectId}/folders/{folderId}/baserate
PUT /api/projects/{projectId}/folders/{folderId}/basesupplements
PUT /api/projects/{projectId}/folders/{folderId}/description
PUT /api/projects/{projectId}/folders/{folderId}/multiplicationFactor
PUT /api/projects/{projectId}/folders/{folderId}/name
PUT /api/projects/{projectId}/folders/{folderId}/workItems/{workItemId}
PUT /api/projects/{projectId}/folders/{folderId}/workItems/{workItemId}/material
PUT /api/projects/{projectId}/folders/{folderId}/workItems/{workItemId}/operation
PUT /api/projects/{projectId}/folders/{folderId}/workItems/{workItemId}/projectspecificoperation
PUT /api/projects/{projectId}/folders/{folderId}/workitems/move
PUT /api/projects/{projectId}/folders/{sourceFolderId}/copy
PUT /api/projects/{projectId}/hide
PUT /api/projects/{projectId}/projectlumpsum
PUT /api/projects/{projectId}/unhide
PUT /api/projects/{projectId}/users/user

Found on 2026-01-22 21:28

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: test.careertracker.eu
Port: 443
URL: https://test.careertracker.eu

First seen 2026-01-04 12:42
Last seen 2026-01-22 19:47
Open for 18 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60d7799299404108955c1dd92c1fa20d44ac52c690

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/cancel
DELETE /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/reject
DELETE /api/feedback/{feedbackReference}/responders/{responderReference}
DELETE /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/cancel
DELETE /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/reject
GET /api/assessment/{assessmentReference}
GET /api/assessment/{assessmentReference}/intro
GET /api/assessment/{assessmentReference}/question
GET /api/employee/{employeeReference}/contextnotes
GET /api/employee/{employeeReference}/contextnotes/list
GET /api/employee/{employeeReference}/interactionnotes/list
GET /api/employee/{employeeReference}/interactionnotes/{textNoteReference}
GET /api/feedback
GET /api/feedback/openrequests
GET /api/feedback/response/{feedbackReference}/{feedbackResponderReference}
GET /api/feedback/{feedbackReference}
GET /api/feedback/{feedbackReference}/{responderReference}/feedback
GET /api/justtesting
GET /api/organizations/{organizationReference}/profile
GET /api/organizations/{organizationReference}/structures
GET /api/organizations/{organizationReference}/structures/{structureReference}
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams/{teamReference}
GET /api/organizations/{organizationReference}/structures/{structureReference}/teams/{teamReference}/parent/{parentTeamReference}
GET /api/organizations/{organizationReference}/users
GET /api/organizations/{organizationReference}/users/{userReference}
GET /api/roles/{organizationreference}
GET /api/roles/{organizationreference}/level
GET /api/roles/{organizationreference}/level/{roleLevelReference}
GET /api/roles/{organizationreference}/{roleReference}
GET /api/weatherforecast
GET /external/feedback/response/{feedbackReference}/{feedbackResponderReference}
GET /iktest
GET /images/avatar/{workerReference}
GET /images/profile/{workerReference}
POST /api/assessment/{assessmentReference}/answer
POST /api/assessment/{assessmentReference}/finish
POST /api/assessment/{assessmentReference}/index
POST /api/assessment/{assessmentReference}/next
POST /api/assessment/{assessmentReference}/previous
POST /api/assessment/{assessmentReference}/start
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}/redo
POST /api/employee/{employeeReference}/contextnotes/{textNoteReference}/undo
POST /api/employee/{employeeReference}/interactionnotes/{textNoteReference}/redo
POST /api/employee/{employeeReference}/interactionnotes/{textNoteReference}/undo
POST /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/accept
POST /api/feedback/{feedbackReference}/coworkers/search
POST /api/feedback/{feedbackReference}/questions/order
POST /api/feedback/{feedbackReference}/responders/coworker
POST /api/feedback/{feedbackReference}/responders/external
POST /api/feedback/{feedbackReference}/submit
POST /api/organizations/{organizationReference}/users/{userReference}/role/{roleLevelReference}
POST /clientnotificationhub/negotiate
POST /testhub/negotiate
PUT /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/finish
PUT /api/feedback/response/{feedbackReference}/{feedbackResponderReference}/{questionReference}
PUT /api/feedback/{feedbackReference}/description/{description}
PUT /api/feedback/{feedbackReference}/questions/{questionReference}
PUT /api/feedback/{feedbackReference}/title/{title}
PUT /api/organizations/{organizationReference}/profile/mission
PUT /api/organizations/{organizationReference}/profile/values/{coreValueReference}
PUT /api/organizations/{organizationReference}/profile/values/{coreValueReference}/{index}
PUT /api/organizations/{organizationReference}/profile/vision
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/accept
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/finish
PUT /external/feedback/response/{feedbackReference}/{feedbackResponderReference}/{questionReference}

Found on 2026-01-22 19:47

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: services.beta.westeurope.azure.agromanager.link
Port: 443
URL: https://services.beta.westeurope.azure.agromanager.link

First seen 2026-01-12 22:11
Last seen 2026-01-22 11:55
Open for 9 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43f6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4f
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
POST /api/bakker/v1/sdf
```
  Found on 2026-01-22 11:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: request.binge.plus
Port: 443
URL: https://request.binge.plus

First seen 2026-01-02 18:06
Last seen 2026-01-16 15:07
Open for 13 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-16 15:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: services.production.westeurope.azure.agromanager.link
Port: 443
URL: https://services.production.westeurope.azure.agromanager.link

First seen 2026-01-11 01:35
Last seen 2026-01-16 15:01
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43f6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4ff6e4ca4f
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
POST /api/bakker/v1/sdf
```
  Found on 2026-01-16 15:01
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: mbzk.derealisatiegroep.nl
Port: 443
URL: https://mbzk.derealisatiegroep.nl

First seen 2026-01-11 12:34
Last seen 2026-01-16 14:45
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 14:45
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: elli.jaf-group.com
Port: 443
URL: https://elli.jaf-group.com

First seen 2025-12-24 02:08
Last seen 2026-01-16 09:56
Open for 23 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 09:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: coremetadataapi.fefundinfo.com
Port: 80
URL: http://coremetadataapi.fefundinfo.com

First seen 2025-11-13 13:13
Last seen 2026-01-16 08:48
Open for 63 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4d8cb068641e2d9fffdccedf39e7ecc227b7bb5f3
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /changesets/{changesetId}
GET /data-update-requests/{requestId}
GET /{correlationId}/ingestion-results
GET /{requestId}/changesets/{changesetId}
GET /{requestId}/field-updates
GET /{requestId}/fields
GET /{requestId}/files
GET /{requestId}/ingestion/errors
GET /{requestId}/request-validations
GET /{requestId}/source-details
GET /{requestId}/traces
POST /data-update-requests
```
  Found on 2026-01-16 08:48
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb4d8cb068641e2d9fffdccedf3121106d8b44ab122
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /changesets/{changesetId}
GET /data-update-requests/{requestId}
GET /{correlationId}/ingestion-results
GET /{requestId}/field-updates
GET /{requestId}/fields
GET /{requestId}/files
GET /{requestId}/ingestion/errors
GET /{requestId}/request-validations
GET /{requestId}/source-details
GET /{requestId}/traces
POST /data-update-requests
```
  Found on 2026-01-02 15:43
Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.105.232.52
Domain: wiki.navaldefence.org
Port: 443
URL: https://wiki.navaldefence.org

First seen 2025-12-09 00:06
Last seen 2026-01-16 03:03
Open for 38 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2

GraphQL introspection enabled at /graphql
Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5)
Operations:
- Query: Query | fields: analytics, assets, authentication, comments, contribute
- Mutation: Mutation | fields: analytics, assets, authentication, comments, groups
- Subscription: Subscription | fields: loggingLiveTrail
Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)

Found on 2026-01-16 03:03

190.9 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: findmotos.com
Port: 443
URL: https://findmotos.com

First seen 2026-01-10 14:29
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354967969a3c7755695655cc533fffd6e5cabf8821e4
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/Favorites/RemoveFavorite
DELETE /api/v1/listings/{listingId}/images/{imageId}
GET /api/v1/Admin/Catalogue
GET /api/v1/Admin/Lookups
GET /api/v1/Favorites/GetFavoritesByUserId
GET /api/v1/Listings/Featured
GET /api/v1/Listings/GetListingById
GET /api/v1/Listings/Search
GET /api/v1/Traders/Featured
GET /api/v1/Traders/Search
POST /api/v1/Auth/login
POST /api/v1/Favorites/AddFavorite
POST /api/v1/Listings/Draft
POST /api/v1/listings/{listingId}/images/confirm
POST /api/v1/listings/{listingId}/images/presign
PUT /api/v1/Listings/{listingId}/Edit
PUT /api/v1/Listings/{listingId}/Submission
```
  Found on 2026-01-10 14:29
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: 70002-api.q-plant-dev.com
Port: 443
URL: https://70002-api.q-plant-dev.com

First seen 2025-10-29 08:06
Last seen 2025-11-30 11:35
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-30 11:35
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: maia-ambiente-st.unoplatform.io
Port: 443
URL: https://maia-ambiente-st.unoplatform.io

First seen 2025-11-24 16:58
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-24 16:58
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: 70007-oad.q-site-dev.com
Port: 443
URL: https://70007-oad.q-site-dev.com

First seen 2025-10-28 22:03
Last seen 2025-11-10 18:51
Open for 12 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-10 18:51
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: 70007-sba.q-site-dev.com
Port: 443
URL: https://70007-sba.q-site-dev.com

First seen 2025-10-28 22:43
Last seen 2025-11-10 10:25
Open for 12 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495b4591a2e10e1d5e101366bece4d37320c074b04

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v2/workspaces/{workspaceId}
GET /api/oad/v2/directories/plants
GET /api/v1/users/supportuser/profileimage
GET /api/v1/users/{userId}/profileimage
GET /api/v2/configuration
GET /api/v2/configuration/authorization
GET /api/v2/countries
GET /api/v2/cultures
GET /api/v2/currentMember/workspaces
GET /api/v2/directoriesxvehicles/{vehicleRegistrationNumber}
GET /api/v2/lts/localization/languages
GET /api/v2/lts/resources
GET /api/v2/onboardings/mobiledevice/{phoneNumber}/status
GET /api/v2/permissions
GET /api/v2/projects/activeProjects
GET /api/v2/projects/archivedProjects
GET /api/v2/secrets/aiconnectionstring
GET /api/v2/secrets/googleanalyticskey
GET /api/v2/secrets/googlemapskey
GET /api/v2/vehicles/truckBuddyAppEnabled
GET /api/v2/workspaces/{workspaceId}/legal/termsofuse
GET /api/v3/workspaces/{workspaceId}
GET /apiinfos
POST /api/oad/v2/deliveryNotes
POST /api/oad/v2/validations/mixtureOrders
POST /api/oad/v3/projects/{projectId}/mixtureOrders
POST /api/v2/eventgrid
POST /api/v2/workspaces
POST /api/v2/workspaces/{workspaceId}/members/confirminvitation
POST /api/v2/workspaces/{workspaceId}/members/finishSignUp/{invitationId}
POST /api/v2/workspaces/{workspaceId}/members/invite
POST /api/v2/workspaces/{workspaceId}/members/{memberId}/updateInvite
PUT /api/oad/v3/mixtureOrders/{mixtureOrderId}
PUT /api/v2/workspaces/{workspaceId}/legal/disclaimerhash
PUT /api/v2/workspaces/{workspaceId}/members/{membersId}/roles
PUT /api/v2/workspaces/{workspaceId}/vehicles/{id}/startonboarding

Found on 2025-11-10 10:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.105.232.52
Domain: 70007-authorityinsight-api.q-site-dev.com
Port: 443
URL: https://70007-authorityinsight-api.q-site-dev.com

First seen 2025-10-28 22:53
Last seen 2025-11-10 07:24
Open for 12 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-11-10 07:24
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.105.232.52
Domain: demopb4.praktijkbeoordelen.nl
Port: 443
URL: https://demopb4.praktijkbeoordelen.nl

First seen 2023-12-11 12:36
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94de66ede61766ede61766ede617
```
Found 2 files trough .DS_Store spidering:

/assets
/vendor
```
  Found on 2023-12-11 12:36
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.105.232.52
Domain: devpb4.praktijkbeoordelen.nl
Port: 443
URL: https://devpb4.praktijkbeoordelen.nl

First seen 2023-12-04 12:27
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94de66ede61766ede61766ede617
```
Found 2 files trough .DS_Store spidering:

/assets
/vendor
```
  Found on 2023-12-04 12:27
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.105.232.52
Domain: testpb4.praktijkbeoordelen.nl
Port: 443
URL: https://testpb4.praktijkbeoordelen.nl

First seen 2023-10-23 14:56
Last seen 2023-11-16 22:37
Open for 24 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94de66ede61766ede61766ede617
```
Found 2 files trough .DS_Store spidering:

/assets
/vendor
```
  Found on 2023-11-16 22:37
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9dc971e412c971e412c971e412c971e412
```
Found 1 files trough .DS_Store spidering:

/angular
```
  Found on 2023-11-06 05:49
Create report

Open service 20.105.232.52:443 · www.cdl.tirol

2026-02-12 09:13

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Date: Thu, 12 Feb 2026 09:13:12 GMT
Server: Kestrel
Transfer-Encoding: chunked
Request-Context: appId=cid-v1:321ed41f-7d87-441a-ace7-8734d7c94894

Page title: CDL.Tirol


<!DOCTYPE html>
<html lang="de">

<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>CDL.Tirol</title>

    

    <!-- Icons und Manifest-Dateien -->
    <link rel="apple-touch-icon" sizes="180x180" href="/favicon/apple-touch-icon.png" />
    <link rel="icon" type="image/png" sizes="32x32" href="/favicon/favicon-32x32.png" />
    <link rel="icon" type="image/png" sizes="16x16" href="/favicon/favicon-16x16.png" />
    <link rel="manifest" href="/favicon//site.webmanifest" />

    <!-- Bootstrap, jQuery usw. -->
    <link rel="stylesheet" href="/lib/bootstrap/dist/css/bootstrap.min.css" />


    <!-- Eigene CSS-Dateien mit ASP.NET-Hilfsmethoden -->
 

<link rel="stylesheet" href="/css/base/variables.css" />
    <link rel="stylesheet" href="/css/base/reset.css" />
    <link rel="stylesheet" href="/css/base/utilities.css" />

    <link rel="stylesheet" href="/css/layout/layout-core.css" />
    <link rel="stylesheet" href="/css/layout/navbar.css" />
    <link rel="stylesheet" href="/css/layout/footer.css" />


    <link rel="stylesheet" href="/css/components/buttons.css" />
    <link rel="stylesheet" href="/css/components/cards.css" />
    <link rel="stylesheet" href="/css/components/modals.css" />
    <link rel="stylesheet" href="/css/components/forms.css" />
    <link rel="stylesheet" href="/css/components/badges.css" />
    <link rel="stylesheet" href="/css/components/animations.css" />
    <link rel="stylesheet" href="/css/components/tables.css" />
    <link rel="stylesheet" href="/css/components/hero.css" />
    <link rel="stylesheet" href="/css/components/qr-modal.css?v=8b9f5di0eERMqYljILI1Q2CGl80_9NAzvdD00Ppf2zA" />


    <link rel="stylesheet" href="/css/pages/page-register.css" />




    <link rel="stylesheet" href="/css/identity/avatar.css" />
    <link rel="stylesheet" href="/css/identity/avatar-modal.css" />





    <script type="module" src="/lib/model-viewer/model-viewer.min.js">
    </script>
    <script src="/lib/chartjs/chart.umd.js"></script>


    <!-- JS -->
    <script src="/_newsletter/js/newsletter.js"></script>
    


<script type="text/javascript">!function(T,l,y){var S=T.location,k="script",D="instrumentationKey",C="ingestionendpoint",I="disableExceptionTracking",E="ai.device.",b="toLowerCase",w="crossOrigin",N="POST",e="appInsightsSDK",t=y.name||"appInsights";(y.name||T[e])&&(T[e]=t);var n=T[t]||function(d){var g=!1,f=!1,m={initialize:!0,queue:[],sv:"5",version:2,config:d};function v(e,t){var n={},a="Browser";return n[E+"id"]=a[b](),n[E+"type"]=a,n["ai.operation.name"]=S&&S.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(m.sv||m.version),{time:function(){var e=new Date;function t(e){var t=""+e;return 1===t.length&&(t="0"+t),t}return e.getUTCFullYear()+"-"+t(1+e.getUTCMonth())+"-"+t(e.getUTCDate())+"T"+t(e.getUTCHours())+":"+t(e.getUTCMinutes())+":"+t(e.getUTCSeconds())+"."+((e.getUTCMilliseconds()/1e3).toFixed(3)+"").slice(2,5)+"Z"}(),iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}}}}var h=d.url||y.src;if(h){function a(e){var t,n,a,i,r,o,s,c,u,p,l;g=!0,m.queue=[],f||(f=!0,t=h,s=function(){var e={},t=d.connectionString;if(t)for(var n=t.split(";"),a=0;a<n.length;a++){var i=n[a].split("=");2===i.length&&(e[i[0][b]()]=i[1])}if(!e[C]){var r=e.endpointsuffix,o=r?e.location:null;e[C]="https://"+(o?o+".":"")+"dc."+(r||"services.visualstudio.com")}return e}(),c=s[D]||d[D]||"",u=s[C],p=u?u+"/v2/track":d.endpointUrl,(l=[]).push((n="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",a=t,i=p,(o=(r=v(c,"Exception")).data).baseType="ExceptionData",o.baseData.exceptions=[{typeName:"SDKLoadFailed",message:n.replace(/\./g,"-"),hasFullStack:!1,stack:n+"\nSnippet failed to load ["+a+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(S&&S.pathname||"_unknown_")+"\nEndpoint: "+i,parsedStack:[]}],r)),l.push(

Found 18 hours ago by HttpPlugin

Host 20.105.232.52

The Netherlands

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file