Host 20.11.40.37
Australia
Software information
Kestrel
tcp/443
Microsoft-IIS 10.0
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-13 12:06
Last seen 2026-02-09 23:37
Open for 58 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495176b43ac2dff8144849143261c362381b26c6ebPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/ActionMethod GET /api/CheckInvalidRole/{userId} GET /api/GetAssetGroupList/{clientId} GET /api/GetAssetGroupPropertyMapByClientId/{clientId} GET /api/GetAssetLimitStatusByCustomerId/{customerId} GET /api/GetClientById/{clientId} GET /api/GetFieldKVByLocationRole GET /api/GetFieldList/{clientId}/{userId}/{topRole} GET /api/GetHashTagList/{customerId} GET /api/GetHashTagMapListByFieldList/{userId}/{clientId}/{fieldStr} GET /api/GetLocationKV GET /api/GetLocationList/{clientId}/{userId}/{topRole} GET /api/GetPropertyDropdownItemByClientId/{clientId} GET /api/GetPropertyGroupList/{clientId} GET /api/GetPropertyList/{clientId} GET /api/ProtectedMethod POST /api/CheckPostedDataValid POST /api/GetAccountWriteSASToken POST /api/GetAssetImageListByFieldList POST /api/GetAssetListByFieldList POST /api/GetAssetNotificationListByFieldList POST /api/GetAssetPropertyValueByFieldList POST /api/GetClientKVByUser POST /api/GetSASReadToken POST /api/LogAppError POST /api/LogSyncData POST /api/SubmitSigninLog POST /api/SubmitSyncLog POST /api/SyncBundleAssetList POST /api/UploadFile POST /api/ValidateAppUserFound on 2026-02-09 23:37
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-19 12:47
Last seen 2026-02-09 19:44
Open for 113 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495176b43ac2dff8144849143261c362381b26c6ebPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/ActionMethod GET /api/CheckInvalidRole/{userId} GET /api/GetAssetGroupList/{clientId} GET /api/GetAssetGroupPropertyMapByClientId/{clientId} GET /api/GetAssetLimitStatusByCustomerId/{customerId} GET /api/GetClientById/{clientId} GET /api/GetFieldKVByLocationRole GET /api/GetFieldList/{clientId}/{userId}/{topRole} GET /api/GetHashTagList/{customerId} GET /api/GetHashTagMapListByFieldList/{userId}/{clientId}/{fieldStr} GET /api/GetLocationKV GET /api/GetLocationList/{clientId}/{userId}/{topRole} GET /api/GetPropertyDropdownItemByClientId/{clientId} GET /api/GetPropertyGroupList/{clientId} GET /api/GetPropertyList/{clientId} GET /api/ProtectedMethod POST /api/CheckPostedDataValid POST /api/GetAccountWriteSASToken POST /api/GetAssetImageListByFieldList POST /api/GetAssetListByFieldList POST /api/GetAssetNotificationListByFieldList POST /api/GetAssetPropertyValueByFieldList POST /api/GetClientKVByUser POST /api/GetSASReadToken POST /api/LogAppError POST /api/LogSyncData POST /api/SubmitSigninLog POST /api/SubmitSyncLog POST /api/SyncBundleAssetList POST /api/UploadFile POST /api/ValidateAppUserFound on 2026-02-09 19:44
-
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-10-23 16:34
Last seen 2026-02-09 12:21
Open for 108 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2GraphQL introspection enabled at /graphql Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5) Operations: - Query: Query | fields: analytics, assets, authentication, comments, contribute - Mutation: Mutation | fields: analytics, assets, authentication, comments, groups - Subscription: Subscription | fields: loggingLiveTrail Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)
Found on 2026-02-09 12:21190.9 kBytes
-
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-10-23 16:34
Last seen 2026-02-03 19:20
Open for 103 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dec863f59258a9f72eacd4d9eb5bbc5a957af4f2GraphQL introspection enabled at /graphql Types: 134 (by kind: ENUM: 10, INPUT_OBJECT: 12, OBJECT: 107, SCALAR: 5) Operations: - Query: Query | fields: analytics, assets, authentication, comments, contribute - Mutation: Mutation | fields: analytics, assets, authentication, comments, groups - Subscription: Subscription | fields: loggingLiveTrail Directives: auth, cacheControl, deprecated, include, rateLimit, skip, specifiedBy (total: 7)
Found on 2026-02-03 19:20190.9 kBytes
-
-
Open service 20.11.40.37:443 · manual.exman.online
2026-01-26 12:40
HTTP/1.1 200 OK Keep-Alive: timeout=5 Content-Type: text/html; charset=utf-8 Content-Language: en ETag: W/"20f5-KkH255jIWkGoAzT7fXfb4glUvr8" Vary: Accept-Encoding X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-UA-Compatible: IE=edge Referrer-Policy: same-origin X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Date: Mon, 26 Jan 2026 12:40:05 GMT Connection: close Content-Length: 8437 Page title: Dashboard - Version Control | EXMAN : Hazardous e-Dossier - Manual <!DOCTYPE html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta charset="UTF-8"><meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1, maximum-scale=5"><meta name="theme-color" content="#1976d2"><meta name="msapplication-TileColor" content="#1976d2"><meta name="msapplication-TileImage" content="/_assets/favicons/mstile-150x150.png"><title>Dashboard - Version Control | EXMAN : Hazardous e-Dossier - Manual</title><meta name="description" content="User Manual - Electronic Hazardous Area compliance"><meta property="og:title" content="Dashboard - Version Control"><meta property="og:type" content="website"><meta property="og:description" content="User Manual - Electronic Hazardous Area compliance"><meta property="og:image"><meta property="og:url" content="https://manual.exman.online/"><meta property="og:site_name" content="EXMAN : Hazardous e-Dossier - Manual"><link rel="apple-touch-icon" sizes="180x180" href="/_assets/favicons/apple-touch-icon.png"><link rel="icon" type="image/png" sizes="192x192" href="/_assets/favicons/android-chrome-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/_assets/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="16x16" href="/_assets/favicons/favicon-16x16.png"><link rel="mask-icon" href="/_assets/favicons/safari-pinned-tab.svg" color="#1976d2"><link rel="manifest" href="/_assets/manifest.json"><script>var siteConfig = {"title":"EXMAN : Hazardous e-Dossier - Manual","theme":"default","darkMode":false,"tocPosition":"right","lang":"en","rtl":false,"company":"EXMAN Pty Ltd","contentLicense":"alr","footerOverride":"","logoUrl":"https://app.exman.online/AAKINS_ICONS/ExManIcon.png"} var siteLangs = [] </script><link type="text/css" rel="stylesheet" href="/_assets/css/app.c27e0b7f301ce065d2ae.css"><script type="text/javascript" src="/_assets/js/runtime.js?1742780132"></script><script type="text/javascript" src="/_assets/js/app.js?1742780132"></script><style type="text/css">.exman-blue-text{color:#00a5cf}</style><link rel="icon" type="image/svg+xml" href="https://content.app-sources.com/s/38452438404931163/thumbnails/640x480/Images/exman-logo-icon-9787611.svg"></head><body><div id="root"><page locale="en" path="home" title="Dashboard - Version Control" description="User Manual - Electronic Hazardous Area compliance" :tags="[{"tag":"exman","title":"exman"},{"tag":"dossier","title":"dossier"}]" created-at="2023-12-13T05:27:03.225Z" updated-at="2024-03-12T12:43:37.888Z" author-name="Amit Hakim" :author-id="3" editor="ckeditor" :is-published="true" toc="W3sidGl0bGUiOiJXaGF0IGlzIEVYTUFOID8iLCJhbmNob3IiOiIjd2hhdC1pcy1leG1hbiIsImNoaWxkcmVuIjpbXX0seyJ0aXRsZSI6IlRoZSBiZW5lZml0cyBvZiBFWE1BTiIsImFuY2hvciI6IiN0aGUtYmVuZWZpdHMtb2YtZXhtYW4iLCJjaGlsZHJlbiI6W119XQ==" :page-id="6" sidebar="W3siaSI6InNkaS0xIiwiayI6ImxpbmsiLCJsIjoiSG9tZSIsImMiOiJtZGktaG9tZSIsInkiOiJob21lIiwidCI6Ii8ifSx7ImkiOiJzZGktMiIsImsiOiJsaW5rIiwibCI6IkRhc2hib2FyZCAtIFZlcnNpb24gQ29udHJvbCIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9ob21lIn0seyJpIjoic2RpLTMiLCJrIjoibGluayIsImwiOiJFWE1BTiAtIEVsZWN0cm9uaWMgRG9zc2llciIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9Db21wbGlhbmNlX0Rvc3NpZXIifSx7ImkiOiJzZGktNCIsImsiOiJsaW5rIiwibCI6IlNvZnR3YXJlIEFyY2hpdGVjdHVyZSIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9BcmNoaXRlY3R1cmUifSx7ImkiOiJzZGktNSIsImsiOiJsaW5rIiwibCI6IlJvbGVzIiwiYyI6Im1kaS1jaGV2cm9uLXJpZ2h0IiwieSI6InBhZ2UiLCJ0IjoiL2VuL1JvbGVzIn0seyJpIjoic2RpLTYiLCJrIjoibGluayIsImwiOiJNZW51IE5hdmlnYXRpb24iLCJjIjoibWRpLWNoZXZyb24tcmlnaHQiLCJ5IjoicGFnZSIsInQiOiIvZW4vQmFzaWNfTWVudSJ9LHsiaSI6InNkaS03IiwiayI6ImxpbmsiLCJsIjoiTG9naW4gU2V0dXAiLCJjIjoibWRpLWNoZXZyb24tcmlnaHQiLCJ5IjoicGFnZSIsInQiOiIvZW4vTG9naW5fU2V0dXAifV0=" nav-mode="STATIC" comments-enabled effective-permissions="eyJjb21tZW50cyI6eyJyZWFkIjp0cnVlLCJ3cml0ZSI6ZmFsc2UsIm1hbmFnZSI6ZmFsc2V9LCJoaXN0b3J5Ijp7InJlYWQiOmZhbHNlfSwic291cmNlIjp7InJlYWQiOmZhbHNlfSwicGFnZXMiOnsicmVhZCI6dHJ1ZSwid3JpdGUiFound 2026-01-26 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · manual.exman.online
2026-01-26 12:40
HTTP/1.1 200 OK Keep-Alive: timeout=5 Content-Type: text/html; charset=utf-8 Content-Language: en ETag: W/"20f5-KkH255jIWkGoAzT7fXfb4glUvr8" Vary: Accept-Encoding X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-UA-Compatible: IE=edge Referrer-Policy: same-origin X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Date: Mon, 26 Jan 2026 12:40:05 GMT Connection: close Content-Length: 8437 Page title: Dashboard - Version Control | EXMAN : Hazardous e-Dossier - Manual <!DOCTYPE html><html lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta charset="UTF-8"><meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1, maximum-scale=5"><meta name="theme-color" content="#1976d2"><meta name="msapplication-TileColor" content="#1976d2"><meta name="msapplication-TileImage" content="/_assets/favicons/mstile-150x150.png"><title>Dashboard - Version Control | EXMAN : Hazardous e-Dossier - Manual</title><meta name="description" content="User Manual - Electronic Hazardous Area compliance"><meta property="og:title" content="Dashboard - Version Control"><meta property="og:type" content="website"><meta property="og:description" content="User Manual - Electronic Hazardous Area compliance"><meta property="og:image"><meta property="og:url" content="https://manual.exman.online/"><meta property="og:site_name" content="EXMAN : Hazardous e-Dossier - Manual"><link rel="apple-touch-icon" sizes="180x180" href="/_assets/favicons/apple-touch-icon.png"><link rel="icon" type="image/png" sizes="192x192" href="/_assets/favicons/android-chrome-192x192.png"><link rel="icon" type="image/png" sizes="32x32" href="/_assets/favicons/favicon-32x32.png"><link rel="icon" type="image/png" sizes="16x16" href="/_assets/favicons/favicon-16x16.png"><link rel="mask-icon" href="/_assets/favicons/safari-pinned-tab.svg" color="#1976d2"><link rel="manifest" href="/_assets/manifest.json"><script>var siteConfig = {"title":"EXMAN : Hazardous e-Dossier - Manual","theme":"default","darkMode":false,"tocPosition":"right","lang":"en","rtl":false,"company":"EXMAN Pty Ltd","contentLicense":"alr","footerOverride":"","logoUrl":"https://app.exman.online/AAKINS_ICONS/ExManIcon.png"} var siteLangs = [] </script><link type="text/css" rel="stylesheet" href="/_assets/css/app.c27e0b7f301ce065d2ae.css"><script type="text/javascript" src="/_assets/js/runtime.js?1742780132"></script><script type="text/javascript" src="/_assets/js/app.js?1742780132"></script><style type="text/css">.exman-blue-text{color:#00a5cf}</style><link rel="icon" type="image/svg+xml" href="https://content.app-sources.com/s/38452438404931163/thumbnails/640x480/Images/exman-logo-icon-9787611.svg"></head><body><div id="root"><page locale="en" path="home" title="Dashboard - Version Control" description="User Manual - Electronic Hazardous Area compliance" :tags="[{"tag":"exman","title":"exman"},{"tag":"dossier","title":"dossier"}]" created-at="2023-12-13T05:27:03.225Z" updated-at="2024-03-12T12:43:37.888Z" author-name="Amit Hakim" :author-id="3" editor="ckeditor" :is-published="true" toc="W3sidGl0bGUiOiJXaGF0IGlzIEVYTUFOID8iLCJhbmNob3IiOiIjd2hhdC1pcy1leG1hbiIsImNoaWxkcmVuIjpbXX0seyJ0aXRsZSI6IlRoZSBiZW5lZml0cyBvZiBFWE1BTiIsImFuY2hvciI6IiN0aGUtYmVuZWZpdHMtb2YtZXhtYW4iLCJjaGlsZHJlbiI6W119XQ==" :page-id="6" sidebar="W3siaSI6InNkaS0xIiwiayI6ImxpbmsiLCJsIjoiSG9tZSIsImMiOiJtZGktaG9tZSIsInkiOiJob21lIiwidCI6Ii8ifSx7ImkiOiJzZGktMiIsImsiOiJsaW5rIiwibCI6IkRhc2hib2FyZCAtIFZlcnNpb24gQ29udHJvbCIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9ob21lIn0seyJpIjoic2RpLTMiLCJrIjoibGluayIsImwiOiJFWE1BTiAtIEVsZWN0cm9uaWMgRG9zc2llciIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9Db21wbGlhbmNlX0Rvc3NpZXIifSx7ImkiOiJzZGktNCIsImsiOiJsaW5rIiwibCI6IlNvZnR3YXJlIEFyY2hpdGVjdHVyZSIsImMiOiJtZGktY2hldnJvbi1yaWdodCIsInkiOiJwYWdlIiwidCI6Ii9lbi9BcmNoaXRlY3R1cmUifSx7ImkiOiJzZGktNSIsImsiOiJsaW5rIiwibCI6IlJvbGVzIiwiYyI6Im1kaS1jaGV2cm9uLXJpZ2h0IiwieSI6InBhZ2UiLCJ0IjoiL2VuL1JvbGVzIn0seyJpIjoic2RpLTYiLCJrIjoibGluayIsImwiOiJNZW51IE5hdmlnYXRpb24iLCJjIjoibWRpLWNoZXZyb24tcmlnaHQiLCJ5IjoicGFnZSIsInQiOiIvZW4vQmFzaWNfTWVudSJ9LHsiaSI6InNkaS03IiwiayI6ImxpbmsiLCJsIjoiTG9naW4gU2V0dXAiLCJjIjoibWRpLWNoZXZyb24tcmlnaHQiLCJ5IjoicGFnZSIsInQiOiIvZW4vTG9naW5fU2V0dXAifV0=" nav-mode="STATIC" comments-enabled effective-permissions="eyJjb21tZW50cyI6eyJyZWFkIjp0cnVlLCJ3cml0ZSI6ZmFsc2UsIm1hbmFnZSI6ZmFsc2V9LCJoaXN0b3J5Ijp7InJlYWQiOmZhbHNlfSwic291cmNlIjp7InJlYWQiOmZhbHNlfSwicGFnZXMiOnsicmVhZCI6dHJ1ZSwid3JpdGUiFound 2026-01-26 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · tagxapi.exman.online
2026-01-23 15:51
HTTP/1.1 307 Temporary Redirect Transfer-Encoding: chunked Location: https://tagxapi.exman.online/ Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Fri, 23 Jan 2026 15:51:10 GMT Connection: close
Found 2026-01-23 by HttpPluginCreate report
-
Open service 20.11.40.37:443 · tagxapi.exman.online
2026-01-23 14:31
HTTP/1.1 404 Not Found Transfer-Encoding: chunked Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Fri, 23 Jan 2026 14:31:09 GMT Connection: close
Found 2026-01-23 by HttpPluginCreate report
-
Open service 20.11.40.37:443 · cohotest.exman.online
2026-01-22 10:38
HTTP/1.1 302 Found Transfer-Encoding: chunked Location: https://cohotest.exman.online/Home/Login?ReturnUrl=%2F Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 22 Jan 2026 10:38:10 GMT Connection: close
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · cohotest.exman.online
2026-01-22 10:38
HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://cohotest.exman.online Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 22 Jan 2026 10:38:10 GMT Connection: close Content-Length: 152 Page title: Document Moved <head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="https://cohotest.exman.online">here</a></body>
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.11.40.37:443 · testapp.exman.online
2026-01-11 12:05
HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Kestrel X-Powered-By: ASP.NET Date: Sun, 11 Jan 2026 12:06:04 GMT Connection: close Hello from Nancy running on CoreCLR
Found 2026-01-11 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · testapp.exman.online
2026-01-11 12:05
HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://test.exman.online Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Sun, 11 Jan 2026 12:06:02 GMT Connection: close Content-Length: 148 Page title: Document Moved <head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="https://test.exman.online">here</a></body>
Found 2026-01-11 by HttpPluginCreate report
-
Open service 20.11.40.37:443 · test.exman.online
2026-01-11 12:05
HTTP/1.1 302 Found Transfer-Encoding: chunked Location: /Home/Login Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Sun, 11 Jan 2026 12:05:52 GMT Connection: close
Found 2026-01-11 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · test.exman.online
2026-01-11 12:05
HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://test.exman.online Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Sun, 11 Jan 2026 12:05:52 GMT Connection: close Content-Length: 148 Page title: Document Moved <head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="https://test.exman.online">here</a></body>
Found 2026-01-11 by HttpPluginCreate report
-
Open service 20.11.40.37:443 · tagxapi.exman.online
2026-01-10 01:16
HTTP/1.1 404 Not Found Transfer-Encoding: chunked Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Sat, 10 Jan 2026 01:16:42 GMT Connection: close
Found 2026-01-10 by HttpPluginCreate report
-
Open service 20.11.40.37:80 · tagxapi.exman.online
2026-01-09 16:12
HTTP/1.1 307 Temporary Redirect Transfer-Encoding: chunked Location: https://tagxapi.exman.online/ Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Fri, 09 Jan 2026 16:12:17 GMT Connection: close
Found 2026-01-09 by HttpPluginCreate report