LeakIX - Host 20.50.2.68

Host 20.50.2.68

The Netherlands

MICROSOFT-CORP-MSN-AS-BLOCK

Debian

Software information

Apache Apache

tcp/443 tcp/80

GraphDB 11.0.1

tcp/443 tcp/80

Kestrel Kestrel

tcp/443 tcp/80

RDF4J 5.1.2-jakarta

tcp/443 tcp/80

gunicorn

tcp/443

nginx nginx 1.28.0

tcp/443 tcp/80

nginx nginx

tcp/443 tcp/80

nginx nginx 1.29.3

tcp/443

nginx nginx 1.29.4

tcp/443

nginx nginx 1.29.0

tcp/443

nginx nginx 1.21.6

tcp/443

uvicorn

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: adminapi.dev.vorbestellservice.billa.at
Port: 443
URL: https://adminapi.dev.vorbestellservice.billa.at

First seen 2025-12-21 12:07
Last seen 2026-02-09 20:38
Open for 50 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6030a309e221ca86b2579bfdb802b4ded84efa6358
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Allergen
GET /api/Allergen/{id}
GET /api/Article
GET /api/Article/{id}
GET /api/Capacity
GET /api/Capacity/{id}
GET /api/Category
GET /api/Category/{id}
GET /api/GlobalOpeningTime
GET /api/GlobalOpeningTime/{id}
GET /api/Online
GET /api/Order
GET /api/Order/{id}
GET /api/OrderExport/detailedData
GET /api/OrderExport/overallData
GET /api/Promo
GET /api/Shop
GET /api/Shop/getShopsFromApi
GET /api/Shop/{id}
GET /api/User
GET /api/User/{id}
GET /api/Variant
PATCH /api/Category/Order
PATCH /api/User/changePassword
PATCH /api/User/lockUnlock
POST /api/Image
POST /api/User/signIn
```
  Found on 2026-02-09 20:38
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: windesheim-lms-a.scim-api.trainingscatalogus.nl
Port: 443
URL: https://windesheim-lms-a.scim-api.trainingscatalogus.nl

First seen 2025-12-09 02:18
Last seen 2026-02-09 20:02
Open for 62 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035493866d607763b256d342f6305214febdcf6e9254e
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Cache
DELETE /Cache/{cacheKey}
DELETE /Users/{employeeId}
GET /Groups
GET /Groups/{id}
GET /OrganizationDepartments
GET /OrganizationDepartments/{id}
GET /Organizations
GET /Organizations/{id}
GET /ResourceTypes
GET /Schemas
GET /Schemas/{id}
GET /ServiceProviderConfig
GET /UserInvite/{id}
GET /Users
GET /Users/{id}
POST /Auth
POST /UserInvite
POST /Users/UpdateClassIdentity
```
  Found on 2026-02-09 20:02
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: saturn-api.internal.congatec.app
Port: 443
URL: https://saturn-api.internal.congatec.app

First seen 2026-01-02 13:50
Last seen 2026-02-09 18:26
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354907c1380ccf5cf6b3f4e4ea6086d2034beff791f4
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Departments
GET /api/v1/Departments/{id}
GET /api/v1/Features
GET /api/v1/HardwareSamples
GET /api/v1/HardwareSamples/{id}
GET /api/v1/Items/{id}
GET /api/v1/Items/{id}/GetQr
GET /api/v1/Locations
GET /api/v1/Locations/{id}
GET /api/v1/ManufacturedHardwareSample
GET /api/v1/ManufacturedHardwareSample/import
GET /api/v1/ManufacturedHardwareSample/{id}
GET /api/v1/Offices
GET /api/v1/Offices/{id}
GET /api/v1/SignOut
GET /api/v1/SignOut/{guid}/status
GET /api/v1/SignOut/{id}
GET /api/v1/Users/UserGet
GET /api/v1/Users/qr
POST /api/v1/Items
POST /api/v1/Users/UserCreate
PUT /api/v1/SignOut/return
```
  Found on 2026-02-09 18:26
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: neptune-api.internal.congatec.app
Port: 443
URL: https://neptune-api.internal.congatec.app

First seen 2026-01-02 13:34
Last seen 2026-02-09 18:26
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035493b3dc86947411397001cc574a3f40d1d81bb6109

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/CheckInOut/Delete
DELETE /api/v1/Email/DeleteAttachment
DELETE /api/v1/Email/DeleteTemplate
DELETE /api/v1/MicrosoftGraph/Delete
DELETE /api/v1/Visit/Delete
DELETE /api/v1/Visitor/Delete
GET /api/v1/CheckInOut
GET /api/v1/Email/FormatEmail
GET /api/v1/Email/GetAttachment
GET /api/v1/Email/GetTemplate
GET /api/v1/Email/ListAttachment
GET /api/v1/Email/ListTemplate
GET /api/v1/Email/TemplateVariablesList
GET /api/v1/MicrosoftGraph
GET /api/v1/MicrosoftGraph/places/List
GET /api/v1/Visit/List
GET /api/v1/Visit/reception
GET /api/v1/Visitor/FindByEventId
GET /api/v1/Visitor/List
GET /api/v1/Visitor/ListScreened
GET /api/v1/Visitor/qr
POST /api/v1/Email/CreateAttachment
POST /api/v1/Email/CreateTemplate
POST /api/v1/Email/SendAutomaticEmails
POST /api/v1/User/FindUser
POST /api/v1/Visit
POST /api/v1/Visit/QuickCreate
POST /api/v1/Visitor/Create
PUT /api/v1/CheckInOut/CreateOrEdit
PUT /api/v1/Email/SendEmail
PUT /api/v1/Email/UpdateAttachment
PUT /api/v1/Email/UpdateTemplate
PUT /api/v1/MicrosoftGraph/Update
PUT /api/v1/Visit/Edit
PUT /api/v1/Visitor/Edit
PUT /api/v1/Visitor/{VisitorId}/screen

Found on 2026-02-09 18:26

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: orionapi-test.tradesolution.no
Port: 443
URL: https://orionapi-test.tradesolution.no

First seen 2026-01-10 21:11
Last seen 2026-02-09 18:25
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491c08e9ccc10e95d15a72c966acd05fa00ea8c43f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bestillinger/fromEpd/{epdNumber}/{tsCustomerId}
DELETE /api/Bestillinger/{id}
DELETE /api/CarbonCopy/{carbonCopyId}
DELETE /api/Customer/log/{logId}
DELETE /api/Fotobestillinger/RemoveBestilling
DELETE /api/GruppeOppdrag/{key}
DELETE /api/Oppdrag/{key}
DELETE /api/OppdragsPreferanser/{id}
DELETE /api/OrionEvents/{key}
DELETE /api/Utsettelser/{key}
GET /api/Bestillinger/{oppdragId}
GET /api/CarbonCopy/GetAll
GET /api/CarbonCopy/GetByTsKunderId
GET /api/Customer/Search
GET /api/Customer/Search/{gln}
GET /api/Customer/all
GET /api/Customer/card/{tsKundeId}
GET /api/Customer/getContactPersons/{tsKundeId}
GET /api/Customer/getServiceGroups
GET /api/Customer/logs/{tsKundeId}/{top}
GET /api/FotoQueue
GET /api/FotoQueue/Count
GET /api/Fotobestillinger
GET /api/FotorobQueue
GET /api/FotorobStasjon/scans
GET /api/GruppeOppdrag
GET /api/GruppeOppdrag/getAll
GET /api/GruppeOppdrag/getById/{identityGuid}
GET /api/Lagerplasser
GET /api/Lanseringsvindu
GET /api/LanseringsvinduRapport/Excel/{lanseringsvinduId}
GET /api/MediaStore/GetImageSets/{gtin}/{gln}
GET /api/MediaStore/getPhotorobJobs
GET /api/MediaStore/{gtin}/image
GET /api/MediaStore/{gtin}/metadata
GET /api/MinimumNumberOfImagesPerProduktType
GET /api/Oppdrag/AsPriorityList
GET /api/Oppdrag/GetAllEpdNumbersWithImageDeadlineDate/{date}
GET /api/Oppdrag/ProduktStatus
GET /api/Oppdrag/ProduktStatus/{orderIdentityGuid}
GET /api/OppdragEvent/getFotoCompleteEvents
GET /api/OppdragEvent/getFotoStartedEvents
GET /api/OppdragEvent/{oppdragId}
GET /api/OppdragsPreferanser
GET /api/OppdragsPreferanser/Count/all
GET /api/OppdragsPreferanser/Excel/all
GET /api/OppdragsPreferanser/{tsKundeId}
GET /api/OrionEvents
GET /api/Pakninger
GET /api/Purringer/GetOppdragByTsKunder/{tsKundeId}
GET /api/Purringer/GetTsKunder
GET /api/Purringer/{tsKundeId}/Sjekkpunktkontaktperson
GET /api/Search/byEpdNumber/{epdNumber}
GET /api/Search/byGtin/{gtin}
GET /api/Search/variants
GET /api/Search/variantsAsExcel
GET /api/SjekkpunktOppdrag
GET /api/Sjekkpunktbestillinger
GET /api/Tilleggsgebyr
GET /api/Tilleggsgebyr/{tsKundeId}
GET /api/User/getOrionUser
GET /api/Utsettelser/{oppdragId}
POST /api/Bestillinger
POST /api/CarbonCopy
POST /api/Customer/log
POST /api/Fotobestillinger/AddBestilling
POST /api/FotorobStasjon/scans/RegisterScan/{scannedGtin}
POST /api/FotorobStasjon/scans/RemoveScanFromPakning/{scanId}
POST /api/Lanseringsvindu/SyncLaunchWindowsFromEpd
POST /api/Oppdrag
POST /api/Oppdrag/AppendComment
POST /api/Oppdrag/Get
POST /api/Oppdrag/GetAsExcel
POST /api/Oppdrag/GetOppdragByEpdNumber/{epdNumber}
POST /api/Oppdrag/ReceivedProducts
POST /api/OppdragEvent/CompleteFoto/{gtin}
POST /api/OppdragEvent/EndreLagerplass/{oppdragId}/{lagerplassId}
POST /api/OppdragEvent/StartFoto/{gtin}
POST /api/OrionImport/AddBestillinger/{bestillerId}
POST /api/Purringer/SendPaaminnelser
POST /api/Purringer/SendPurringer
POST /api/SjekkpunktOppdrag/AddUtsettelse
POST /api/TsKunder/TsKundeEndret
POST /api/UpdateOppdragWithMissingData/UpdateOppdragWithMissingTsKunde
POST /api/User/logout
POST /api/Utsettelser
PUT /api/Oppdrag/deaktiver-by-epd/{epdNr}

Found on 2026-02-09 18:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: app.lotusbase.com
Port: 443
URL: https://app.lotusbase.com

First seen 2026-01-10 21:27
Last seen 2026-02-09 18:25
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549ee654319c9b5645d70d102c96cef16bfcd17c8b2

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/List/deleteSelected
DELETE /api/List/{id}/person/{personId}
DELETE /api/Organization/{id}/persons/{personId}
DELETE /api/Person/{id}/organizations/{organizationId}
DELETE /api/User/{id}
GET /api/Account/authclientsettings
GET /api/Account/authclientsettings/demo
GET /api/Common/countries
GET /api/Common/gender
GET /api/Common/personimportfields
GET /api/Common/systemdata
GET /api/CustomField
GET /api/Info
GET /api/List
GET /api/List/functions
GET /api/List/{id}
GET /api/Notes
GET /api/Notes/organization/{id}
GET /api/Notes/person/{id}
GET /api/Notes/{id}
GET /api/Organization
GET /api/Organization/customfields
GET /api/Organization/{id}
GET /api/Person
GET /api/Person/customfields
GET /api/Person/{id}
GET /api/Person/{id}/relations/{relationId}
GET /api/Relationship
GET /api/SendEmail/list/{id}
GET /api/User
POST /api/Account/authorize
POST /api/Account/authorize/basic
POST /api/Export/list
POST /api/Export/person-data
POST /api/Export/persons
POST /api/Import/import
POST /api/Import/read-file
POST /api/List/archiveSelected
POST /api/List/unarchiveSelected
POST /api/List/{id}/copy
POST /api/Organization/DeleteSelected
POST /api/Person/DeleteSelected
POST /api/Person/{id}/relations
POST /api/Search
POST /api/Search/all
POST /api/SendEmail/selection
PUT /api/Account/setpassword
PUT /api/CustomField/{id}
PUT /api/List/{id}/addpersons
PUT /api/Organization/{id}/addperson
PUT /api/Person/{id}/addorganization

Found on 2026-02-09 18:25

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035495195586d597fc019d8514f4fd57e585f9f349d22

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/List/{id}/person/{personId}
DELETE /api/Organization/{id}/persons/{personId}
DELETE /api/Person/{id}/organizations/{organizationId}
DELETE /api/User/{id}
GET /api/Account/authclientsettings
GET /api/Account/authclientsettings/demo
GET /api/Common/countries
GET /api/Common/gender
GET /api/Common/personimportfields
GET /api/Common/systemdata
GET /api/CustomField
GET /api/Info
GET /api/List
GET /api/List/functions
GET /api/List/{id}
GET /api/Notes
GET /api/Notes/organization/{id}
GET /api/Notes/person/{id}
GET /api/Notes/{id}
GET /api/Organization
GET /api/Organization/customfields
GET /api/Organization/{id}
GET /api/Person
GET /api/Person/customfields
GET /api/Person/{id}
GET /api/Person/{id}/relations/{relationId}
GET /api/Relationship
GET /api/SendEmail/list/{id}
GET /api/User
POST /api/Account/authorize
POST /api/Account/authorize/basic
POST /api/Export/list
POST /api/Export/person-data
POST /api/Export/persons
POST /api/Import/import
POST /api/Import/read-file
POST /api/List/archiveSelected
POST /api/List/unarchiveSelected
POST /api/List/{id}/copy
POST /api/Organization/DeleteSelected
POST /api/Person/DeleteSelected
POST /api/Person/{id}/relations
POST /api/Search
POST /api/Search/all
POST /api/SendEmail/selection
PUT /api/Account/setpassword
PUT /api/CustomField/{id}
PUT /api/List/{id}/addpersons
PUT /api/Organization/{id}/addperson
PUT /api/Person/{id}/addorganization

Found on 2026-01-23 10:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: recallapi-dev.tradesolution.no
Port: 443
URL: https://recallapi-dev.tradesolution.no

First seen 2026-01-10 21:56
Last seen 2026-02-09 18:25
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499487f24f02bb9c78984440b37d40fb4772d8061c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mottaker/Sak/{sakId}
GET /api/Mottaker/Sak/{sakId}/Dialog
GET /api/Produkteier/Sak/{sakId}
GET /api/Produkteier/Sak/{sakId}/Dialog
GET /api/SakWizard/ExecuteSakTestCommand/{commandSessionId}
GET /api/SakWizard/Files/GetUploadSas
GET /api/SakWizard/GetAttachments
GET /api/SakWizard/GetMottakerListItems
GET /api/SakWizard/LastSakKontakter/{produktEierGln}/produkteier
GET /api/SakWizard/ProduktSearch
GET /api/SakWizard/ProduktSearchEpd
GET /api/SakWizard/Sak/{tag}
GET /api/SakerList/ByMottaker/{tsKundeId}/ProduktEierList
GET /api/SakerList/ByProduktEier/{id}/MottakereList
GET /api/User/AccessModel
GET /api/User/MottakerList
GET /api/User/ProduktEierList
GET /api/User/getRecallUser
POST /api/Mottaker/Sak/{sakId}/Dialog/SendMessage
POST /api/Produkteier/Sak/Add
POST /api/Produkteier/Sak/{sakId}/Dialog/SendMessage
POST /api/SakWizard/CommandCompleted/{commandSessionId}
POST /api/SakWizard/Files/UploadSuccess
POST /api/SakWizard/GrossistSearch
POST /api/SakWizard/HandleSakCommand/{commandName}
POST /api/SakWizard/HandleSakCommandArray
POST /api/SakWizard/KundeSearch
POST /api/SakWizard/SendPdfToEmails
POST /api/SakerList/ByMottaker/{tsKundeId}
POST /api/SakerList/ByProduktEier/{gln}
PUT /api/Mottaker/Sak/{sakId}/statusKode/{statusKode}/Update
PUT /api/Produkteier/Sak/{sakId}/Update/{updateCode}

Found on 2026-02-09 18:25

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: recallapi.tradesolution.no
Port: 443
URL: https://recallapi.tradesolution.no

First seen 2026-01-10 22:57
Last seen 2026-02-09 18:20
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499487f24f02bb9c78984440b37d40fb4772d8061c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mottaker/Sak/{sakId}
GET /api/Mottaker/Sak/{sakId}/Dialog
GET /api/Produkteier/Sak/{sakId}
GET /api/Produkteier/Sak/{sakId}/Dialog
GET /api/SakWizard/ExecuteSakTestCommand/{commandSessionId}
GET /api/SakWizard/Files/GetUploadSas
GET /api/SakWizard/GetAttachments
GET /api/SakWizard/GetMottakerListItems
GET /api/SakWizard/LastSakKontakter/{produktEierGln}/produkteier
GET /api/SakWizard/ProduktSearch
GET /api/SakWizard/ProduktSearchEpd
GET /api/SakWizard/Sak/{tag}
GET /api/SakerList/ByMottaker/{tsKundeId}/ProduktEierList
GET /api/SakerList/ByProduktEier/{id}/MottakereList
GET /api/User/AccessModel
GET /api/User/MottakerList
GET /api/User/ProduktEierList
GET /api/User/getRecallUser
POST /api/Mottaker/Sak/{sakId}/Dialog/SendMessage
POST /api/Produkteier/Sak/Add
POST /api/Produkteier/Sak/{sakId}/Dialog/SendMessage
POST /api/SakWizard/CommandCompleted/{commandSessionId}
POST /api/SakWizard/Files/UploadSuccess
POST /api/SakWizard/GrossistSearch
POST /api/SakWizard/HandleSakCommand/{commandName}
POST /api/SakWizard/HandleSakCommandArray
POST /api/SakWizard/KundeSearch
POST /api/SakWizard/SendPdfToEmails
POST /api/SakerList/ByMottaker/{tsKundeId}
POST /api/SakerList/ByProduktEier/{gln}
PUT /api/Mottaker/Sak/{sakId}/statusKode/{statusKode}/Update
PUT /api/Produkteier/Sak/{sakId}/Update/{updateCode}

Found on 2026-02-09 18:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: azureai-api.internal.congatec.app
Port: 443
URL: https://azureai-api.internal.congatec.app

First seen 2026-01-04 10:01
Last seen 2026-02-09 18:03
Open for 36 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549c5247a586caa83ad87ad751323d57c856b1eeb3f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/open-ai/gpt/sessions
GET /api/v1/open-ai/gpt/sessions/{id}
GET /api/v1/open-ai/models
GET /api/v1/open-ai/models/configurations
GET /api/v1/open-ai/models/{id}
GET /api/v1/open-ai/models/{id}/configurations/model
GET /api/v1/open-ai/models/{id}/configurations/{configid}
POST /api/v1/open-ai/dalle/images
POST /api/v1/open-ai/gpt/chats
POST /api/v1/open-ai/models/{id}/configurations
```
  Found on 2026-02-09 18:03
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: siteapi.dev.vorbestellservice.billa.at
Port: 80
URL: http://siteapi.dev.vorbestellservice.billa.at

First seen 2025-12-21 11:09
Last seen 2026-02-09 17:42
Open for 50 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62f876972f9
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Promo
GET /api/Variant
POST /api/Checkout/SubmitOrder
```
  Found on 2026-02-09 17:42
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: cms.onitiriministries.com
Port: 443
URL: https://cms.onitiriministries.com

First seen 2026-01-10 13:40
Last seen 2026-02-09 17:39
Open for 30 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 17:39
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549370c2ccb767eacfcc4ddbd66e0ba4da40e4ef8bc
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/sermon/{id}
GET /api/sermons
GET /api/sermons/info
GET /api/sermons/rss
POST /api/devops/pipeline/run
POST /api/devops/pipeline/runlist
```
  Found on 2026-01-23 13:58
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: eris-api.internal.congatec.app
Port: 443
URL: https://eris-api.internal.congatec.app

First seen 2026-01-02 12:12
Last seen 2026-02-09 17:39
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035492371c63fba0e9000bd7714beadf59bf33dce1d3f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/manufactured-products
GET /api/v1/manufactured-products/macs
GET /api/v1/manufactured-products/{id}
GET /api/v1/manufactured-products/{serialNumber}/macs
GET /api/v1/products/{id}
GET /api/v1/rpt-test-result/Status
GET /api/v1/rpt-test-result/rpts
GET /api/v1/rpt-test-result/rpts/serial-numbers/{id}
GET /api/v1/rpt-test-result/rpts/{id}/messages
GET /api/v1/scheduler/jobs
GET /api/v1/svn-extraction/Status
GET /api/v1/test-details/{id}
POST /api/v1/manufactured-products/excel-export-detail
POST /api/v1/manufactured-products/excel-export-result
POST /api/v1/rpt-test-result/export/layout
POST /api/v1/rpt-test-result/export/{ExportLayoutId}
POST /api/v1/svn-extraction/log-files/extract
POST /api/v1/svn-extraction/log-files/extract-latest
POST /api/v1/svn-extraction/log-files/parse
POST /api/v1/svn-extraction/log-files/parse-latest
POST /api/v1/svn-extraction/rpt-files/extract
POST /api/v1/svn-extraction/rpt-files/extract-latest
POST /api/v1/svn-extraction/rpt-files/extract/revisions
POST /api/v1/svn-extraction/rpt-files/parse
POST /api/v1/svn-extraction/rpt-files/parse-latest
POST /api/v1/svn-extraction/rpt-files/parse/ids
POST /api/v1/svn-extraction/rpt-files/parse/revisions
POST /api/v1/svn-extraction/rpt-files/verify-products
PUT /api/v1/svn-extraction/rpt-files/prune

Found on 2026-02-09 17:39

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: orionapi.tradesolution.no
Port: 443
URL: https://orionapi.tradesolution.no

First seen 2026-01-10 20:55
Last seen 2026-02-09 17:34
Open for 29 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491c08e9ccc10e95d15a72c966acd05fa00ea8c43f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Bestillinger/fromEpd/{epdNumber}/{tsCustomerId}
DELETE /api/Bestillinger/{id}
DELETE /api/CarbonCopy/{carbonCopyId}
DELETE /api/Customer/log/{logId}
DELETE /api/Fotobestillinger/RemoveBestilling
DELETE /api/GruppeOppdrag/{key}
DELETE /api/Oppdrag/{key}
DELETE /api/OppdragsPreferanser/{id}
DELETE /api/OrionEvents/{key}
DELETE /api/Utsettelser/{key}
GET /api/Bestillinger/{oppdragId}
GET /api/CarbonCopy/GetAll
GET /api/CarbonCopy/GetByTsKunderId
GET /api/Customer/Search
GET /api/Customer/Search/{gln}
GET /api/Customer/all
GET /api/Customer/card/{tsKundeId}
GET /api/Customer/getContactPersons/{tsKundeId}
GET /api/Customer/getServiceGroups
GET /api/Customer/logs/{tsKundeId}/{top}
GET /api/FotoQueue
GET /api/FotoQueue/Count
GET /api/Fotobestillinger
GET /api/FotorobQueue
GET /api/FotorobStasjon/scans
GET /api/GruppeOppdrag
GET /api/GruppeOppdrag/getAll
GET /api/GruppeOppdrag/getById/{identityGuid}
GET /api/Lagerplasser
GET /api/Lanseringsvindu
GET /api/LanseringsvinduRapport/Excel/{lanseringsvinduId}
GET /api/MediaStore/GetImageSets/{gtin}/{gln}
GET /api/MediaStore/getPhotorobJobs
GET /api/MediaStore/{gtin}/image
GET /api/MediaStore/{gtin}/metadata
GET /api/MinimumNumberOfImagesPerProduktType
GET /api/Oppdrag/AsPriorityList
GET /api/Oppdrag/GetAllEpdNumbersWithImageDeadlineDate/{date}
GET /api/Oppdrag/ProduktStatus
GET /api/Oppdrag/ProduktStatus/{orderIdentityGuid}
GET /api/OppdragEvent/getFotoCompleteEvents
GET /api/OppdragEvent/getFotoStartedEvents
GET /api/OppdragEvent/{oppdragId}
GET /api/OppdragsPreferanser
GET /api/OppdragsPreferanser/Count/all
GET /api/OppdragsPreferanser/Excel/all
GET /api/OppdragsPreferanser/{tsKundeId}
GET /api/OrionEvents
GET /api/Pakninger
GET /api/Purringer/GetOppdragByTsKunder/{tsKundeId}
GET /api/Purringer/GetTsKunder
GET /api/Purringer/{tsKundeId}/Sjekkpunktkontaktperson
GET /api/Search/byEpdNumber/{epdNumber}
GET /api/Search/byGtin/{gtin}
GET /api/Search/variants
GET /api/Search/variantsAsExcel
GET /api/SjekkpunktOppdrag
GET /api/Sjekkpunktbestillinger
GET /api/Tilleggsgebyr
GET /api/Tilleggsgebyr/{tsKundeId}
GET /api/User/getOrionUser
GET /api/Utsettelser/{oppdragId}
POST /api/Bestillinger
POST /api/CarbonCopy
POST /api/Customer/log
POST /api/Fotobestillinger/AddBestilling
POST /api/FotorobStasjon/scans/RegisterScan/{scannedGtin}
POST /api/FotorobStasjon/scans/RemoveScanFromPakning/{scanId}
POST /api/Lanseringsvindu/SyncLaunchWindowsFromEpd
POST /api/Oppdrag
POST /api/Oppdrag/AppendComment
POST /api/Oppdrag/Get
POST /api/Oppdrag/GetAsExcel
POST /api/Oppdrag/GetOppdragByEpdNumber/{epdNumber}
POST /api/Oppdrag/ReceivedProducts
POST /api/OppdragEvent/CompleteFoto/{gtin}
POST /api/OppdragEvent/EndreLagerplass/{oppdragId}/{lagerplassId}
POST /api/OppdragEvent/StartFoto/{gtin}
POST /api/OrionImport/AddBestillinger/{bestillerId}
POST /api/Purringer/SendPaaminnelser
POST /api/Purringer/SendPurringer
POST /api/SjekkpunktOppdrag/AddUtsettelse
POST /api/TsKunder/TsKundeEndret
POST /api/UpdateOppdragWithMissingData/UpdateOppdragWithMissingTsKunde
POST /api/User/logout
POST /api/Utsettelser
PUT /api/Oppdrag/deaktiver-by-epd/{epdNr}

Found on 2026-02-09 17:34

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: iums.tetrapak.com
Port: 443
URL: https://iums.tetrapak.com

First seen 2025-12-25 06:31
Last seen 2026-02-09 17:29
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-09 17:29

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f4b303aaf06b2413d714d4725159b43653666188

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/device-types/v1/{deviceTypeId}/files/{fileId}
GET /api/agent/v1
GET /api/agent/v1/{id}
GET /api/agent/v1/{id}/download
GET /api/agent/v1/{platform}
GET /api/availability/v1/ping
GET /api/availability/v1/ping/apigee
GET /api/availability/v1/ping/blob/agent
GET /api/availability/v1/ping/blob/file
GET /api/availability/v1/ping/bms
GET /api/availability/v1/ping/sql
GET /api/countries/v1
GET /api/customer-sites/v1/{countryId}
GET /api/device-types/v1
GET /api/device-types/v1/{id}
GET /api/devices/v1
GET /api/devices/v1/{id}
GET /api/devices/v1/{id}/files
GET /api/devices/v1/{id}/schedule
GET /api/files/v1
GET /api/files/v1/{id}
GET /api/files/v1/{id}/download
GET /api/installer/v1/settings
GET /api/manifest
GET /api/operating-systems/v1
GET /api/update-categories/v1
PATCH /api/device-credential/v1/device/{id}/renew
PATCH /api/device-types/v1/{deviceTypeId}/files
PATCH /api/devices/v1/{id}/files/{fileId}
PATCH /api/devices/v1/{id}/heartbeat
POST /api/files/v1/GetFilesByDeviceIds

Found on 2026-01-02 02:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: uranus-api.internal.congatec.app
Port: 80
URL: http://uranus-api.internal.congatec.app

First seen 2026-01-02 11:05
Last seen 2026-02-09 11:36
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c63689b93ff213739117a92f38e31adb9e1ab33c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/DataQualityChecks/DeleteDataQualityCheck
DELETE /api/v1/DwhDatabase/DwhDatabasesDelete
DELETE /api/v1/ScheduledExecutions/ScheduledExecutionDelete
GET /api/v1/DataQualityChecks/FindById/{id}
GET /api/v1/DataQualityChecks/List
GET /api/v1/DataQualityChecks/{id}
GET /api/v1/DwhDatabase
GET /api/v1/DwhDatabase/DWHDatabaseBehavior
GET /api/v1/DwhDatabase/DWHDatabasePerformance
GET /api/v1/DwhDatabase/DWHDatabasePerformanceFolderList
GET /api/v1/DwhDatabase/DwhDatabaseDetails
GET /api/v1/DwhDatabase/DwhDatabasePerformancePackageList
GET /api/v1/DwhDatabase/DwhDatabaseTables
GET /api/v1/Executions
GET /api/v1/Executions/Details
GET /api/v1/MMDwhDatabasesUsersNotification/Details
GET /api/v1/MMScheduledExecutionDataQualityCheck/Delete
GET /api/v1/ScheduledExecutions/ScheduledExecutionDetails
GET /api/v1/ScheduledExecutions/ScheduledExecutionExecute
GET /api/v1/ScheduledExecutions/ScheduledExecutionList
GET /api/v1/Users/Details
GET /api/v1/Users/List
OPTIONS /api/v1/DwhDatabase/DwhDatabaseSwitch
OPTIONS /api/v1/MMDwhDatabasesUsersNotification/SetNotification
POST /api/v1/DataQualityChecks
POST /api/v1/DataQualityChecks/Execute
POST /api/v1/DwhDatabase/DwhDatabaseCreate
POST /api/v1/Error/LogError
POST /api/v1/ScheduledExecutions/ScheduledExecutionCreate
POST /api/v1/Users/Create
POST /api/v1/Users/Delete
POST /api/v1/Users/Edit
POST /api/v1/Users/Login
POST /api/v1/Users/RefreshToken
PUT /api/v1/DwhDatabase/DwhDatabseUpdate
PUT /api/v1/ScheduledExecutions/ScheduledExecutionUpdate

Found on 2026-02-09 11:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: siteapi.vorbestellservice.billa.at
Port: 80
URL: http://siteapi.vorbestellservice.billa.at

First seen 2025-12-21 12:06
Last seen 2026-02-09 06:36
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62f876972f9
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Promo
GET /api/Variant
POST /api/Checkout/SubmitOrder
```
  Found on 2026-02-09 06:36
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: adminapi.dev.vorbestellservice.billa.at
Port: 80
URL: http://adminapi.dev.vorbestellservice.billa.at

First seen 2025-12-21 12:07
Last seen 2026-02-09 01:50
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d6030a309e221ca86b2579bfdb802b4ded84efa6358
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Allergen
GET /api/Allergen/{id}
GET /api/Article
GET /api/Article/{id}
GET /api/Capacity
GET /api/Capacity/{id}
GET /api/Category
GET /api/Category/{id}
GET /api/GlobalOpeningTime
GET /api/GlobalOpeningTime/{id}
GET /api/Online
GET /api/Order
GET /api/Order/{id}
GET /api/OrderExport/detailedData
GET /api/OrderExport/overallData
GET /api/Promo
GET /api/Shop
GET /api/Shop/getShopsFromApi
GET /api/Shop/{id}
GET /api/User
GET /api/User/{id}
GET /api/Variant
PATCH /api/Category/Order
PATCH /api/User/changePassword
PATCH /api/User/lockUnlock
POST /api/Image
POST /api/User/signIn
```
  Found on 2026-02-09 01:50
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: api-demo.bezba.cz
Port: 443
URL: https://api-demo.bezba.cz

First seen 2026-01-05 02:01
Last seen 2026-02-02 12:47
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 12:47

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496d4237bfc39ffc72878f9a033e066042cf358212

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /escortinfo/{id}
DELETE /slotinstancenote/{id}
GET /address
GET /audits/entity/{id}
GET /carrier
GET /carrier/{id}
GET /customer
GET /customer/{id}
GET /enums/handicapequipment
GET /enums/vehicletype
GET /enums/vehicletype/{id}
GET /export/gpsdozor
GET /fixdata
GET /fixdata/notes
GET /fixdata/notes/delete
GET /image/{id}
GET /map/vehicle
GET /operatingday
GET /operatingday/calendar
GET /operatingday/calendar/{from}/{to}
GET /operatingday/{id}
GET /order
GET /order/{id}
GET /orderinstance
GET /orderinstance/{id}
GET /regular-ride
GET /regular-ride/{id}
GET /ride
GET /ride/jointypes
GET /ride/planning
GET /ride/statistics
GET /ride/{id}
GET /ride/{id}/customers
GET /ride/{id}/unjointypes
GET /shift
GET /shiftlog
GET /shiftlog/current/{driverid}
GET /shiftlog/startable/{driverid}
GET /shiftlog/summary
GET /slot
GET /slot/{id}
GET /slotinstance/
GET /slotinstance/planning/
GET /slotinstance/{id}
GET /user
GET /user/{id}
GET /vehicle
GET /vehicle/{id}
PATCH /address/geocoding
PATCH /carrier/{id}/isactive
PATCH /customer/{id}/isactive
PATCH /operatingday/{id}/isactive
PATCH /order/cancel
PATCH /order/noninstantiables
PATCH /orderinstance/{id}/extra-escort
PATCH /orderinstance/{id}/state
PATCH /ride/{id}/duration
PATCH /ride/{id}/slotinstance
PATCH /ride/{id}/stopsequence
PATCH /shiftlog/event/{eventid}/fixlocation
PATCH /shiftlog/{drivershiftid}/{vehicleshiftid}/closed
PATCH /shiftlog/{drivershiftid}/{vehicleshiftid}/estimates
PATCH /shiftlog/{drivershiftid}/{vehicleshiftid}/manual
PATCH /slot/{id}/isactive
PATCH /slot/{id}/name
PATCH /slotinstance/{id}/isactive
PATCH /slotinstance/{id}/shifts
PATCH /user/{id}/avatarimage
PATCH /user/{id}/isactive
PATCH /vehicle/{id}/isactive
POST /enums/vehicletype/{typeid}/{variantid}
POST /escortinfo
POST /fixdata/cityparts
POST /image
POST /operatingday/{id}/clone
POST /order/{id}/clone
POST /order/{id}/confirm
POST /regular-ride/export
POST /ride/join
POST /ride/{id}/pigeonhole
POST /ride/{id}/unjoin
POST /shiftlog/end
POST /shiftlog/forceend
POST /shiftlog/start
POST /shiftlog/switchvehicleshift
POST /shiftlog/{drivershiftid}/{vehicleshiftid}/customerevent
POST /shiftlog/{drivershiftid}/{vehicleshiftid}/togglebreak
POST /slot/sequence
POST /slotinstance
POST /slotinstance/cloneshifts/{source}/{target}
POST /slotinstancenote
POST /slotinstancenote/multiple
POST /user/activate
POST /user/forgotpassword
POST /user/login
POST /user/password
POST /user/register
POST /user/token
PUT /user/changePassword

Found on 2026-01-22 19:39

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: recallapi-prodtest.tradesolution.no
Port: 443
URL: https://recallapi-prodtest.tradesolution.no

First seen 2026-01-10 22:45
Last seen 2026-02-02 12:45
Open for 22 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499487f24f02bb9c78984440b37d40fb4772d8061c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Mottaker/Sak/{sakId}
GET /api/Mottaker/Sak/{sakId}/Dialog
GET /api/Produkteier/Sak/{sakId}
GET /api/Produkteier/Sak/{sakId}/Dialog
GET /api/SakWizard/ExecuteSakTestCommand/{commandSessionId}
GET /api/SakWizard/Files/GetUploadSas
GET /api/SakWizard/GetAttachments
GET /api/SakWizard/GetMottakerListItems
GET /api/SakWizard/LastSakKontakter/{produktEierGln}/produkteier
GET /api/SakWizard/ProduktSearch
GET /api/SakWizard/ProduktSearchEpd
GET /api/SakWizard/Sak/{tag}
GET /api/SakerList/ByMottaker/{tsKundeId}/ProduktEierList
GET /api/SakerList/ByProduktEier/{id}/MottakereList
GET /api/User/AccessModel
GET /api/User/MottakerList
GET /api/User/ProduktEierList
GET /api/User/getRecallUser
POST /api/Mottaker/Sak/{sakId}/Dialog/SendMessage
POST /api/Produkteier/Sak/Add
POST /api/Produkteier/Sak/{sakId}/Dialog/SendMessage
POST /api/SakWizard/CommandCompleted/{commandSessionId}
POST /api/SakWizard/Files/UploadSuccess
POST /api/SakWizard/GrossistSearch
POST /api/SakWizard/HandleSakCommand/{commandName}
POST /api/SakWizard/HandleSakCommandArray
POST /api/SakWizard/KundeSearch
POST /api/SakWizard/SendPdfToEmails
POST /api/SakerList/ByMottaker/{tsKundeId}
POST /api/SakerList/ByProduktEier/{gln}
PUT /api/Mottaker/Sak/{sakId}/statusKode/{statusKode}/Update
PUT /api/Produkteier/Sak/{sakId}/Update/{updateCode}

Found on 2026-02-02 12:45

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: iums-dev.tetrapak.com
Port: 443
URL: https://iums-dev.tetrapak.com

First seen 2025-12-25 06:32
Last seen 2026-02-02 12:10
Open for 39 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f4b303aaf06b2413d714d4725159b43653666188

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/device-types/v1/{deviceTypeId}/files/{fileId}
GET /api/agent/v1
GET /api/agent/v1/{id}
GET /api/agent/v1/{id}/download
GET /api/agent/v1/{platform}
GET /api/availability/v1/ping
GET /api/availability/v1/ping/apigee
GET /api/availability/v1/ping/blob/agent
GET /api/availability/v1/ping/blob/file
GET /api/availability/v1/ping/bms
GET /api/availability/v1/ping/sql
GET /api/countries/v1
GET /api/customer-sites/v1/{countryId}
GET /api/device-types/v1
GET /api/device-types/v1/{id}
GET /api/devices/v1
GET /api/devices/v1/{id}
GET /api/devices/v1/{id}/files
GET /api/devices/v1/{id}/schedule
GET /api/files/v1
GET /api/files/v1/{id}
GET /api/files/v1/{id}/download
GET /api/installer/v1/settings
GET /api/manifest
GET /api/operating-systems/v1
GET /api/update-categories/v1
PATCH /api/device-credential/v1/device/{id}/renew
PATCH /api/device-types/v1/{deviceTypeId}/files
PATCH /api/devices/v1/{id}/files/{fileId}
PATCH /api/devices/v1/{id}/heartbeat
POST /api/files/v1/GetFilesByDeviceIds

Found on 2026-02-02 12:10

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-01-23 04:42

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: ai4g4s.app
Port: 443
URL: https://ai4g4s.app

First seen 2025-12-21 03:58
Last seen 2026-02-02 10:04
Open for 43 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035498a2b9070cd00fa3935cb1e8c6c8e4b793b4561d3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Account/oidc-login
GET /api/Comments/field-response/{id}
GET /api/Fields
GET /api/Fields/projectType/{id}
GET /api/Fields/section/{id}
GET /api/Fields/{projectId}/{sectionType}/{name}
GET /api/LiteratureReviews
GET /api/LiteratureReviews/{id}
GET /api/LiteratureReviews/{id}/form/{sectionId}
GET /api/LiteratureReviews/{id}/summary
GET /api/Notes
GET /api/Notes/{id}
GET /api/Notes/{id}/feedback
GET /api/Notes/{id}/field-response/{fieldId}
GET /api/Notes/{id}/form/{sectionId}
GET /api/Plans
GET /api/Plans/{id}
GET /api/Plans/{id}/form/{sectionId}
GET /api/Plans/{id}/summary
GET /api/Projects
GET /api/Projects/{id}
GET /api/Projects/{id}/instructors
GET /api/Projects/{id}/summary
GET /api/ReactionTable/compounds
GET /api/ReactionTable/data
GET /api/ReactionTable/reagent
GET /api/ReactionTable/solvent
GET /api/ReactionTable/solvents
GET /api/RegistrationRules
GET /api/RegistrationRules/{id}
GET /api/Reports
GET /api/Reports/{id}
GET /api/Reports/{id}/GenerateExport
GET /api/Reports/{id}/form/{sectionId}
GET /api/Reports/{id}/summary
GET /api/Roles
GET /api/Roles/{roleId}
GET /api/Sections/File
GET /api/Sections/project-type/{id}
GET /api/Sections/project/{id}
GET /api/Sections/section-type/{sectionType}/project/{id}
GET /api/Users
GET /api/Users/me
GET /api/Users/{id}
GET /api/input-types
GET /api/input-types/{id}
GET /api/project-groups/project/{id}
GET /api/project-groups/{id}
GET /api/project-groups/{id}/form
GET /api/project-types
GET /api/project-types/section-types
GET /api/project-types/{id}
POST /api/Account/confirm
POST /api/Account/confirm/resend
POST /api/Account/email/confirm-change
POST /api/Account/login
POST /api/Account/logout
POST /api/Account/password/request-reset
POST /api/Account/password/reset
POST /api/Account/register
POST /api/Comments
POST /api/Fields/{id}/save
POST /api/LiteratureReviews/{id}/advance
POST /api/Notes/lock-notes/{id}
POST /api/Notes/{id}/advance
POST /api/Notes/{id}/complete-feedback
POST /api/Notes/{id}/request-feedback
POST /api/Plans/{id}/advance
POST /api/Prediction/forward
POST /api/Projects/{id}/invite-instructors
POST /api/Projects/{id}/remove-instructor
POST /api/Projects/{id}/validate-instructor
POST /api/RegistrationRules/validate
POST /api/Reports/{id}/advance
POST /api/Sections/save
POST /api/Users/invite
POST /api/project-groups
POST /api/project-groups/{id}/invite-students
POST /api/project-groups/{id}/remove-student
POST /api/project-types/{id}/advance
PUT /api/Account/activate
PUT /api/Comments/{id}
PUT /api/Comments/{id}/read
PUT /api/LiteratureReviews/save-form
PUT /api/Notes/save-form
PUT /api/Plans/save-form
PUT /api/Reports/save-form
PUT /api/Users/invite/resend
PUT /api/Users/ui-culture
PUT /api/Users/{id}/email/request-change
PUT /api/Users/{id}/roles/update
PUT /api/project-groups/save-form

Found on 2026-02-02 10:04

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: ceres-ep-api.internal.congatec.app
Port: 443
URL: https://ceres-ep-api.internal.congatec.app

First seen 2026-01-05 12:36
Last seen 2026-02-02 07:53
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497b298c797b298c797b298c797b298c797b298c79
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/{catchAll}
```
  Found on 2026-02-02 07:53
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: hyperion-api.internal.congatec.app
Port: 443
URL: https://hyperion-api.internal.congatec.app

First seen 2026-01-05 17:12
Last seen 2026-02-02 05:34
Open for 27 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dee8f10328866450f2f88691e20438e8b46764d5

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/competences
GET /api/v1/competences/{CompetenceId}
GET /api/v1/employees
GET /api/v1/employees/check-open
GET /api/v1/employees/myself
GET /api/v1/employees/performance-reviews
GET /api/v1/employees/personnel-areas
GET /api/v1/employees/sap-checksync
GET /api/v1/employees/{EmployeeId}/performance-reviews
GET /api/v1/job-positions
GET /api/v1/job-positions/{JobPositionId}
PATCH /api/v1/employees/begin
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate/myself
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/comment
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/review/{Vote}
POST /api/v1/employees/performance-reviews/create-by-job-position
POST /api/v1/employees/sap-sync
POST /api/v1/import/competences/xlsx
PUT /api/v1/competences/{Id}
PUT /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}
PUT /api/v1/job-positions/{Id}

Found on 2026-02-02 05:34

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549dee8f10328866450f2f88691e20438e831d6d79f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/competences
GET /api/v1/competences/{CompetenceId}
GET /api/v1/employees
GET /api/v1/employees/check-open
GET /api/v1/employees/myself
GET /api/v1/employees/performance-reviews
GET /api/v1/employees/sap-checksync
GET /api/v1/employees/{EmployeeId}/performance-reviews
GET /api/v1/job-positions
GET /api/v1/job-positions/{JobPositionId}
PATCH /api/v1/employees/begin
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/delegate
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/comment
PATCH /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}/review/{Vote}
POST /api/v1/employees/performance-reviews/create-by-job-position
POST /api/v1/employees/sap-sync
POST /api/v1/import/competences/xlsx
PUT /api/v1/competences/{Id}
PUT /api/v1/employees/{EmployeeId}/performance-reviews/{PerformanceReviewId}
PUT /api/v1/job-positions/{Id}

Found on 2026-01-17 01:59

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: api.gatship.com
Port: 443
URL: https://api.gatship.com

First seen 2025-12-29 11:25
Last seen 2026-02-02 03:35
Open for 34 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e9debab590e9aafed008ec2045447d856e35c525

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Clients
GET /api/v1/Clients/{clientNumber}
GET /api/v1/ExchangeRates
GET /api/v1/Expenses
GET /api/v1/Expenses/ExpenseTemplates
GET /api/v1/Expenses/{expenseId}
GET /api/v1/Expenses/{expenseId}/Files/{documentId}
GET /api/v1/Portcalls
GET /api/v1/PurchaseInvoices
GET /api/v1/PurchaseInvoices/{invoiceId}
GET /api/v1/PurchaseInvoices/{invoiceId}/File
GET /api/v1/SalesInvoices
GET /api/v1/SalesInvoices/ByInvoiceNumber
GET /api/v1/SalesInvoices/{invoiceId}/File
GET /api/v1/Test/About-me
GET /api/v1/Test/Ping
POST /api/v1/Clients/{clientNumber}/MarkAsExported
POST /api/v1/Expenses/AdvancePayment
POST /api/v1/Expenses/{expenseId}/MarkAsExported
POST /api/v1/Expenses/{expenseId}/MarkAsProcessed
POST /api/v1/Portcalls/{portcallId}/MarkAsExported
POST /api/v1/Portcalls/{portcallId}/UpdateDynamicFields
POST /api/v1/PurchaseInvoices/{invoiceId}/CreateExpenseLine
POST /api/v1/PurchaseInvoices/{invoiceId}/MarkAsExported
POST /api/v1/SalesInvoices/{invoiceId}/MarkAsExported
POST /api/v1/SalesInvoices/{invoiceId}/Settled
POST /api/v1/Test/Clear-cache
PUT /api/v1/ExchangeRates/{fromCurrencyCode}/{toCurrencyCode}
PUT /api/v1/PurchaseInvoices/{invoiceId}/ConnectToBudgetLine

Found on 2026-02-02 03:35

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e9debab590e9aafed008ec2045447d8541d252d7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Clients
GET /api/v1/Clients/{clientNumber}
GET /api/v1/ExchangeRates
GET /api/v1/Expenses
GET /api/v1/Expenses/ExpenseTemplates
GET /api/v1/Expenses/{expenseId}
GET /api/v1/Expenses/{expenseId}/Files/{documentId}
GET /api/v1/Portcalls
GET /api/v1/PurchaseInvoices
GET /api/v1/PurchaseInvoices/{invoiceId}/File
GET /api/v1/SalesInvoices
GET /api/v1/SalesInvoices/ByInvoiceNumber
GET /api/v1/SalesInvoices/{invoiceId}/File
GET /api/v1/Test/About-me
GET /api/v1/Test/Ping
POST /api/v1/Clients/{clientNumber}/MarkAsExported
POST /api/v1/Expenses/AdvancePayment
POST /api/v1/Expenses/{expenseId}/MarkAsExported
POST /api/v1/Expenses/{expenseId}/MarkAsProcessed
POST /api/v1/Portcalls/{portcallId}/MarkAsExported
POST /api/v1/Portcalls/{portcallId}/UpdateDynamicFields
POST /api/v1/PurchaseInvoices/{invoiceId}/CreateExpenseLine
POST /api/v1/PurchaseInvoices/{invoiceId}/MarkAsExported
POST /api/v1/SalesInvoices/{invoiceId}/MarkAsExported
POST /api/v1/SalesInvoices/{invoiceId}/Settled
POST /api/v1/Test/Clear-cache
PUT /api/v1/ExchangeRates/{fromCurrencyCode}/{toCurrencyCode}
PUT /api/v1/PurchaseInvoices/{invoiceId}/ConnectToBudgetLine

Found on 2026-01-16 00:37

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: jira-gw-api.congatec.app
Port: 443
URL: https://jira-gw-api.congatec.app

First seen 2025-11-24 10:37
Last seen 2026-02-02 03:18
Open for 69 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549206fdfd6d56941c890b0e5999cf876028b17d8ee

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/extract/{guid}/process
GET /api/v1/extract/{guid}/status
GET /api/v1/jira-op/issues/{id}
GET /api/v1/jira/issues
GET /api/v1/jira/projects
GET /api/v1/jira/projects/fields
GET /api/v1/sap-controller/issue/search/transfer/sap
GET /api/v1/sap-controller/issues/worklogs/transfer/sap
GET /api/v1/sap-controller/issues/{issueKey}/worklogs/transfer/sap
POST /api/v1/big-picture/holidays/extract
POST /api/v1/big-picture/teams/extract
POST /api/v1/big-picture/workloads/extract
POST /api/v1/jira-op/issue/worklog
POST /api/v1/jira-op/login
POST /api/v1/jira/issue
POST /api/v1/jira/issues/extract
POST /api/v1/jira/issues/extract/key-shortname
POST /api/v1/jira/issues/priorities/extract
POST /api/v1/jira/issues/status/extract
POST /api/v1/jira/issues/types/extract
POST /api/v1/jira/projects/extract
POST /api/v1/jira/users/extract
POST /api/v1/jira/webhook/issue/delete/{id}
POST /api/v1/jira/webhook/issue/worklog/delete/{id}

Found on 2026-02-02 03:18

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549206fdfd6d56941c890b0e5996b009a30478439d7

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/extract/{guid}/process
GET /api/v1/extract/{guid}/status
GET /api/v1/jira-op/issues/{id}
GET /api/v1/sap-controller/issue/search/transfer/sap
GET /api/v1/sap-controller/issues/worklogs/transfer/sap
GET /api/v1/sap-controller/issues/{issueKey}/worklogs/transfer/sap
POST /api/v1/big-picture/holidays/extract
POST /api/v1/big-picture/teams/extract
POST /api/v1/big-picture/workloads/extract
POST /api/v1/jira-op/issue/worklog
POST /api/v1/jira-op/login
POST /api/v1/jira/issue
POST /api/v1/jira/issues/extract
POST /api/v1/jira/issues/extract/key-shortname
POST /api/v1/jira/issues/priorities/extract
POST /api/v1/jira/issues/status/extract
POST /api/v1/jira/issues/types/extract
POST /api/v1/jira/projects/extract
POST /api/v1/jira/users/extract
POST /api/v1/jira/webhook/issue/delete/{id}
POST /api/v1/jira/webhook/issue/worklog/delete/{id}

Found on 2025-12-01 02:45

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: adminapi.tradesolution.no
Port: 443
URL: https://adminapi.tradesolution.no

First seen 2026-01-04 10:22
Last seen 2026-02-02 01:40
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549530f7ae08c958efc4dcf14254c30d6a64c30d6a6
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/brukere/{objectId}/claims
GET /api/brukere/{objectId}/claims/byTsKundeId/{tsKundeId}
GET /api/brukere/{objectId}/claims/tsKundeId
GET /api/diagnostics/testclientapis
```
  Found on 2026-02-02 01:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: mimas-api.internal.congatec.app
Port: 443
URL: https://mimas-api.internal.congatec.app

First seen 2026-01-05 16:42
Last seen 2026-02-01 23:26
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549cc048e539ee6e2655c9c7823b7dbc21b3c5f70cb
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/keyVaults
GET /api/v1/keyVaults/{KeyVault}
GET /api/v1/keys
GET /api/v1/keys/pgp/public
GET /api/v1/keys/signaturelogs
GET /api/v1/keys/{Key}
GET /api/v1/keys/{Key}/public
GET /api/v1/keys/{Name}/acl
GET /api/v1/options/acl
GET /api/v1/options/user
PATCH /api/v1/keys/{Key}/disable
POST /api/v1/keys/{KeyvaultName}/import/{Key}
POST /api/v1/keys/{Key}/create
POST /api/v1/keys/{Key}/sign
POST /api/v1/keys/{Key}/sign-certificate
POST /api/v1/keys/{Key}/sign/{Algorithm}
POST /api/v1/keys/{Key}/verify
PUT /api/v1/keys/{Key}/update
```
  Found on 2026-02-01 23:26
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: ceres-gw-api.internal.congatec.app
Port: 443
URL: https://ceres-gw-api.internal.congatec.app

First seen 2026-01-06 14:10
Last seen 2026-02-01 23:21
Open for 26 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549311740ae9440c8ccf33e7515dc5aac57ad36d8cf

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Company/GetCompanies
GET /api/v1/Company/List
GET /api/v1/Email/{CompanyId}/Contacts
GET /api/v1/Opportunity/{CompanyId}
GET /api/v1/Opportunity/{CompanyId}/export
GET /api/v1/Sap/{CompanyId}/RMAs
GET /api/v1/Sap/{CompanyId}/SalesOrder
GET /api/v1/Sap/{CompanyId}/SamplesAvailability
GET /api/v1/Sap/{CompanyId}/all-samples
GET /api/v1/Sap/{CompanyId}/delivery-tracking
GET /api/v1/Sap/{CompanyId}/delivery-tracking/{OrderId}
GET /api/v1/Sap/{CompanyId}/information
GET /api/v1/Sap/{CompanyId}/invoice/history
GET /api/v1/Sap/{CompanyId}/invoice/open
GET /api/v1/Sap/{CompanyId}/invoice/open/total
GET /api/v1/Sap/{CompanyId}/lead-time/export
GET /api/v1/Sap/{CompanyId}/lead-time/{ProductId}
GET /api/v1/Sap/{CompanyId}/processed-orders
GET /api/v1/Sap/{CompanyId}/rma
GET /api/v1/Sap/{CompanyId}/sales-order/export
GET /api/v1/Sap/{CompanyId}/samples-availability/{SampleId}
GET /api/v1/Sap/{CompanyId}/warranty/{SerialNumber}
GET /api/v1/changelog
GET /api/v1/documents
GET /api/v1/documents/documents
GET /api/v1/documents/images
GET /api/v1/documents/other
GET /api/v1/documents/pricelist
GET /api/v1/documents/roadmap
GET /api/v1/users/create-request/{Guid}
GET /api/v1/users/create-requests
GET /api/v1/users/import
GET /api/v1/users/roles
GET /api/v1/users/{CompanyId}
POST /api/v1/Email/{CompanyId}/NotifyCreatedAccount
POST /api/v1/Email/{CompanyId}/ProjectRegistration
POST /api/v1/Email/{CompanyId}/SendEmail
POST /api/v1/Opportunity/{CompanyId}/forecast/create
POST /api/v1/users/role/{KeyCloakRole}/import
POST /api/v1/users/{AssignedCompanyId}/create-request
PUT /api/v1/Company/sync
PUT /api/v1/Opportunity/{CompanyId}/forecast
PUT /api/v1/users/assign-company
PUT /api/v1/users/create-request/{Guid}/edit

Found on 2026-02-01 23:21

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: epdapi-oldtest.tradesolution.no
Port: 443
URL: https://epdapi-oldtest.tradesolution.no

First seen 2025-12-28 08:05
Last seen 2026-02-01 22:21
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c5a3e930997fa39cde9b342b2210fd00b211a23c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/KladdProduktMottaker/{kladdProduktID}/{mottakerGLN}
GET /api/Abonnement/produkter/abonnert
GET /api/Abonnement/produkter/search
GET /api/Aldersgrense
GET /api/Aldersgruppe
GET /api/Alkoholrapporteringsgruppe
GET /api/Allergen
GET /api/Allergenverditype
GET /api/Deklarasjon
GET /api/Deklarasjonsgruppe
GET /api/DisplayProdukt/{epdnr}
GET /api/Emballasje
GET /api/Emballasje/registrer/all
GET /api/Enhetsprisbetegnelsetype
GET /api/Enhetspristype
GET /api/EnvaGPCKonvertering
GET /api/Fareseddel
GET /api/Feilmerking/GetByEPDNr/{epdnr}
GET /api/HSetning
GET /api/Kategori
GET /api/Kladd/Get2/{kladdProduktID}
GET /api/Kladd/GetAll
GET /api/Kladd/GetAllBasic
GET /api/Kladd/GetAllByGTIN/{gtin}
GET /api/Kladd/GetIDByEPDnr/{epdnr}
GET /api/Kladd/GetStatus/{kladdProduktID}
GET /api/Kladd/{kladdProduktID}
GET /api/KladdPakningPant/GetAllPants
GET /api/KladdProduktMottaker/{kladdProduktID}
GET /api/Kodeliste/gs1databaer
GET /api/Kodeliste/naeringsinnhold_deklarasjon
GET /api/Kodeliste/naeringsinnhold_kode
GET /api/Kodeliste/produksjonmethode
GET /api/Kodeliste/produktmerking_egenskaper
GET /api/Land
GET /api/Land/GetAllOpphavssteder
GET /api/Land/GetAllOpprinnelsesland
GET /api/Lansering
GET /api/Lastbaerer
GET /api/Listing/{epdnr}
GET /api/Mengdetype
GET /api/Merkeordning
GET /api/Merkeordning/firma
GET /api/Merkeordning/merkeordninggrupper
GET /api/Merkeordning/produkter
GET /api/MinSide
GET /api/Mottaker/GetAll
GET /api/Mva
GET /api/Pakning/GetPakning/{epdnr}/{gtin}
GET /api/Pakning/GetPakninger/{epdnr}
GET /api/Pant
GET /api/Produkt/GetAllBasic
GET /api/Produkt/GetEndredeProdukterAsEpdnumbers/{fromDate}/{toDate}
GET /api/Produkt/GetIDByEPDNr/{epdnr}
GET /api/Produkt/GetProduktByEPD/{epdnr}
GET /api/Produkt/GetProduktByEPDList
GET /api/Produkt/GetProduktStatus/{epdnr}
GET /api/Produkt/GetProdukter
GET /api/Produkt/GetProdukterByGLN/{gln}/{fasenr}
GET /api/Produkt/GetProdukterByGTIN/{gtin}
GET /api/Produkt/Nedlegg/{epdnr}/{dato}
GET /api/Produkt/{epdNr}/pakningsinfo
GET /api/Produkt2/GetProduktByEPD/{epdnr}
GET /api/Produkt2/GetProdukter
GET /api/Produkt2/GetProdukterByGTIN/{gtin}
GET /api/ProduktFeilmerking/GetFeilmarkerteFelter/{epdnr}
GET /api/ProduktRapport/GetProduktRapport/{email}
GET /api/Produkteier
GET /api/Produkteier/GetAll
GET /api/Produkteier/GetAllByMottaker/{gln}
GET /api/ProdukteierHentested
GET /api/ProdukteierHentested/GetAllByEierGLN/{eierGLN}
GET /api/Produktstatus
GET /api/Sertifisering
GET /api/SikkerhetOgFarligGodsEmballasje
GET /api/SjekkpunktBestilling/{epdnr}
GET /api/UNnummer
GET /api/Varegruppe/nivaa/{type}/{nivaa}
GET /api/Varegruppe/tsvaregruppe/{type}/{varegruppenr}
GET /api/Varegruppe/varegrupper_by_epd_number/{epdNummer}
GET /api/Varegruppe/{type}
GET /api/Varegruppe/{type}/{varegruppenr}
GET /api/Varegruppetype
GET /api/VaremerkeRegistrer/alleVaremerker
GET /api/VinSpritEmballasjetype
GET /api/VinSpritKorktype
GET /api/VinSpritLagringsgrad
GET /api/VirkestoffLegemiddel
GET /api/VirkestoffLegemiddelEnhet
PATCH /api/KladdPakning/ChangeToppPakning/{kladdProduktID}/{kladdPakningID}/{newGTIN}/{antall}
POST /api/Bestilling
POST /api/Bestilling/list
POST /api/Emballasje/registrer
POST /api/Kladd
POST /api/Kladd/Create
POST /api/Kladd/Create_B
POST /api/Kladd/Create_B_M_M_T
POST /api/Kladd/Create_B_M_T
POST /api/Kladd/Create_B_T
POST /api/Kladd/Create_ExistingB
POST /api/Kladd/Create_ExistingB_M_M_T
POST /api/Kladd/Create_ExistingB_M_T
POST /api/Kladd/Create_ExistingB_T
POST /api/Kladd/Create_ExistingM_M_T
POST /api/Kladd/Create_ExistingM_T
POST /api/Kladd/Create_Mix_Minimum2B_M_M_T
POST /api/Kladd/Create_Mix_Minimum2B_M_T
POST /api/Kladd/Create_Mix_Minimum2B_T
POST /api/Kladd/Create_Mix_Minimum2M_M_T
POST /api/Kladd/Create_Mix_Minimum2M_T
POST /api/Kladd/EditProdukt/{epdnr}/{fasenummer}
POST /api/KladdProduktMottaker/{kladdProduktID}/{mottakerGLN}/{harTilgang}
POST /api/KladdToQa/{kladdProduktID}
POST /api/Kontrollmaaling/GetByEpdnumbers
POST /api/Listing/{epdnr}/{lanseringsdato}
POST /api/Produkt/GetProduktByEPDList2
POST /api/Produkt/NedleggProdukt/{epdnr}/{dato}
POST /api/Produkt2/GetProduktByEPDList
POST /api/SjekkpunktBestilling/{epdnr}/{lanseringsdato}
PUT /api/Abonnement/produkt/subscribe
PUT /api/Abonnement/produkt/unsubcribe
PUT /api/Produkt/reopen/{epdnr}/{fasenummer}

Found on 2026-02-01 22:21

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: epdbedriftapi-test.tradesolution.no
Port: 443
URL: https://epdbedriftapi-test.tradesolution.no

First seen 2026-01-11 01:16
Last seen 2026-01-23 13:08
Open for 12 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354928600c357b65b87d9ad6135a18581059011bd71c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Ansatt/GetAktiveAnsatteByButikkID/{butikkId}
GET /api/Ansatt/SearchUserInAdminSystem
GET /api/Bruker
GET /api/Butikk/GetAktiveButikkerForCurrentUser
GET /api/Butikk/{butikkId}
GET /api/Dokument/{id}
GET /api/Ingrediens/{gtin}/gln/{gln}
GET /api/Ingrediens/{gtin}/gln/{gln}/image
GET /api/ProdusertResept/{produsertReseptId}
GET /api/Resept/export
GET /api/Resept/useroptions
GET /api/Resept/{epdNr}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}/dokument/{dokumentId}
GET /api/ReseptMottaker
POST /api/Ansatt
POST /api/Ansatt/Activate/{objectId}
POST /api/Ansatt/DeActivate/{objectId}
POST /api/Ansatt/search
POST /api/Butikk/Activate/{butikkId}
POST /api/Butikk/DeActivate/{butikkId}
POST /api/Butikk/search
POST /api/Butikk/searchNewButikker
POST /api/Butikk/{loepeNr}
POST /api/ButikkAnsatt/{ansattId}/{butikkId}
POST /api/Dokument
POST /api/EventReceiver/reseed
POST /api/EventReceiver/{code}
POST /api/Ingrediens/import
POST /api/Ingrediens/reindex
POST /api/Ingrediens/search
POST /api/Plu/import
POST /api/Plu/override/{reseptId}/{pluCode}
POST /api/Plu/search
POST /api/ProdusertResept
POST /api/ProdusertResept/search
POST /api/Resept/avvis
POST /api/Resept/deactivate
POST /api/Resept/dokument
POST /api/Resept/getorclone
POST /api/Resept/godkjenn
POST /api/Resept/import
POST /api/Resept/kladd
POST /api/Resept/qa
POST /api/Resept/reindex
POST /api/Resept/reindexone/{reseptId}
POST /api/Resept/search
POST /api/Resept/slett
POST /codeValues
POST /companies
POST /units

Found on 2026-01-23 13:08

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: epdbedriftapi-dev.tradesolution.no
Port: 443
URL: https://epdbedriftapi-dev.tradesolution.no

First seen 2026-01-10 23:26
Last seen 2026-01-23 13:07
Open for 12 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354928600c357b65b87d9ad6135a18581059011bd71c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Ansatt/GetAktiveAnsatteByButikkID/{butikkId}
GET /api/Ansatt/SearchUserInAdminSystem
GET /api/Bruker
GET /api/Butikk/GetAktiveButikkerForCurrentUser
GET /api/Butikk/{butikkId}
GET /api/Dokument/{id}
GET /api/Ingrediens/{gtin}/gln/{gln}
GET /api/Ingrediens/{gtin}/gln/{gln}/image
GET /api/ProdusertResept/{produsertReseptId}
GET /api/Resept/export
GET /api/Resept/useroptions
GET /api/Resept/{epdNr}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}/dokument/{dokumentId}
GET /api/ReseptMottaker
POST /api/Ansatt
POST /api/Ansatt/Activate/{objectId}
POST /api/Ansatt/DeActivate/{objectId}
POST /api/Ansatt/search
POST /api/Butikk/Activate/{butikkId}
POST /api/Butikk/DeActivate/{butikkId}
POST /api/Butikk/search
POST /api/Butikk/searchNewButikker
POST /api/Butikk/{loepeNr}
POST /api/ButikkAnsatt/{ansattId}/{butikkId}
POST /api/Dokument
POST /api/EventReceiver/reseed
POST /api/EventReceiver/{code}
POST /api/Ingrediens/import
POST /api/Ingrediens/reindex
POST /api/Ingrediens/search
POST /api/Plu/import
POST /api/Plu/override/{reseptId}/{pluCode}
POST /api/Plu/search
POST /api/ProdusertResept
POST /api/ProdusertResept/search
POST /api/Resept/avvis
POST /api/Resept/deactivate
POST /api/Resept/dokument
POST /api/Resept/getorclone
POST /api/Resept/godkjenn
POST /api/Resept/import
POST /api/Resept/kladd
POST /api/Resept/qa
POST /api/Resept/reindex
POST /api/Resept/reindexone/{reseptId}
POST /api/Resept/search
POST /api/Resept/slett
POST /codeValues
POST /companies
POST /units

Found on 2026-01-23 13:07

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: uranus-api.internal.congatec.app
Port: 443
URL: https://uranus-api.internal.congatec.app

First seen 2026-01-02 11:05
Last seen 2026-01-23 08:22
Open for 20 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c63689b93ff213739117a92f38e31adb9e1ab33c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/DataQualityChecks/DeleteDataQualityCheck
DELETE /api/v1/DwhDatabase/DwhDatabasesDelete
DELETE /api/v1/ScheduledExecutions/ScheduledExecutionDelete
GET /api/v1/DataQualityChecks/FindById/{id}
GET /api/v1/DataQualityChecks/List
GET /api/v1/DataQualityChecks/{id}
GET /api/v1/DwhDatabase
GET /api/v1/DwhDatabase/DWHDatabaseBehavior
GET /api/v1/DwhDatabase/DWHDatabasePerformance
GET /api/v1/DwhDatabase/DWHDatabasePerformanceFolderList
GET /api/v1/DwhDatabase/DwhDatabaseDetails
GET /api/v1/DwhDatabase/DwhDatabasePerformancePackageList
GET /api/v1/DwhDatabase/DwhDatabaseTables
GET /api/v1/Executions
GET /api/v1/Executions/Details
GET /api/v1/MMDwhDatabasesUsersNotification/Details
GET /api/v1/MMScheduledExecutionDataQualityCheck/Delete
GET /api/v1/ScheduledExecutions/ScheduledExecutionDetails
GET /api/v1/ScheduledExecutions/ScheduledExecutionExecute
GET /api/v1/ScheduledExecutions/ScheduledExecutionList
GET /api/v1/Users/Details
GET /api/v1/Users/List
OPTIONS /api/v1/DwhDatabase/DwhDatabaseSwitch
OPTIONS /api/v1/MMDwhDatabasesUsersNotification/SetNotification
POST /api/v1/DataQualityChecks
POST /api/v1/DataQualityChecks/Execute
POST /api/v1/DwhDatabase/DwhDatabaseCreate
POST /api/v1/Error/LogError
POST /api/v1/ScheduledExecutions/ScheduledExecutionCreate
POST /api/v1/Users/Create
POST /api/v1/Users/Delete
POST /api/v1/Users/Edit
POST /api/v1/Users/Login
POST /api/v1/Users/RefreshToken
PUT /api/v1/DwhDatabase/DwhDatabseUpdate
PUT /api/v1/ScheduledExecutions/ScheduledExecutionUpdate

Found on 2026-01-23 08:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: jupiter-api.internal.congatec.app
Port: 443
URL: https://jupiter-api.internal.congatec.app

First seen 2025-12-28 07:27
Last seen 2026-01-23 02:30
Open for 25 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354958e9fe5206e58ae5202f31e0a47afe042682de4a
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/jira/user-issue
GET /api/v1/cards
GET /api/v1/jira/time-trackings
GET /api/v1/jira/time-trackings/elapsed-time
GET /api/v1/tour/tour-text
POST /api/v1/jira/login
POST /api/v1/jira/time-trackings/summarize
PUT /api/v1/cards/favorites/toggle
PUT /api/v1/jira/time-trackings/commit
PUT /api/v1/jira/time-trackings/pause
PUT /api/v1/jira/time-trackings/start
PUT /api/v1/jira/time-trackings/stop
```
  Found on 2026-01-23 02:30
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: epdbedriftapi.tradesolution.no
Port: 443
URL: https://epdbedriftapi.tradesolution.no

First seen 2026-01-11 01:48
Last seen 2026-01-22 23:13
Open for 11 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354928600c357b65b87d9ad6135a18581059011bd71c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Ansatt/GetAktiveAnsatteByButikkID/{butikkId}
GET /api/Ansatt/SearchUserInAdminSystem
GET /api/Bruker
GET /api/Butikk/GetAktiveButikkerForCurrentUser
GET /api/Butikk/{butikkId}
GET /api/Dokument/{id}
GET /api/Ingrediens/{gtin}/gln/{gln}
GET /api/Ingrediens/{gtin}/gln/{gln}/image
GET /api/ProdusertResept/{produsertReseptId}
GET /api/Resept/export
GET /api/Resept/useroptions
GET /api/Resept/{epdNr}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}
GET /api/Resept/{reseptId}/reseptTypeKode/{reseptTypeKode}/dokument/{dokumentId}
GET /api/ReseptMottaker
POST /api/Ansatt
POST /api/Ansatt/Activate/{objectId}
POST /api/Ansatt/DeActivate/{objectId}
POST /api/Ansatt/search
POST /api/Butikk/Activate/{butikkId}
POST /api/Butikk/DeActivate/{butikkId}
POST /api/Butikk/search
POST /api/Butikk/searchNewButikker
POST /api/Butikk/{loepeNr}
POST /api/ButikkAnsatt/{ansattId}/{butikkId}
POST /api/Dokument
POST /api/EventReceiver/reseed
POST /api/EventReceiver/{code}
POST /api/Ingrediens/import
POST /api/Ingrediens/reindex
POST /api/Ingrediens/search
POST /api/Plu/import
POST /api/Plu/override/{reseptId}/{pluCode}
POST /api/Plu/search
POST /api/ProdusertResept
POST /api/ProdusertResept/search
POST /api/Resept/avvis
POST /api/Resept/deactivate
POST /api/Resept/dokument
POST /api/Resept/getorclone
POST /api/Resept/godkjenn
POST /api/Resept/import
POST /api/Resept/kladd
POST /api/Resept/qa
POST /api/Resept/reindex
POST /api/Resept/reindexone/{reseptId}
POST /api/Resept/search
POST /api/Resept/slett
POST /codeValues
POST /companies
POST /units

Found on 2026-01-22 23:13

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: haumea-api.internal.congatec.app
Port: 443
URL: https://haumea-api.internal.congatec.app

First seen 2026-01-02 12:03
Last seen 2026-01-16 15:17
Open for 14 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035492a59d4f2b8cff052be59d129c87c2c1395308cf3
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/EmployeeCard/Delete
GET /api/v1/EmployeeCard
GET /api/v1/ImageTemplate
GET /api/v1/ImageTemplate/editor-capabilities
GET /api/v1/Template
GET /api/v1/_Test
GET /api/v1/_TestMediator/List
POST /api/v1/EmployeeCard/Clone
POST /api/v1/EmployeeCard/Create
POST /api/v1/ImageTemplate/apply
POST /api/v1/ImageTemplate/make-id
POST /api/v1/ImageTemplate/make-id-admin
POST /api/v1/QrCode
POST /api/v1/User/FindUser
PUT /api/v1/EmployeeCard/Invalidate
PUT /api/v1/ImageTemplate/clone
PUT /api/v1/ImageTemplate/draw-commands
```
  Found on 2026-01-16 15:17
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: api.armadatms.com
Port: 443
URL: https://api.armadatms.com

First seen 2026-01-10 15:39
Last seen 2026-01-16 15:14
Open for 5 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d27ee5e06f02cb07a5883ca83d68bab2cd0a74fc

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/Carrier/delete/{id}
DELETE /api/Credit/request/delete/carrier/{id}
DELETE /api/Credit/request/delete/customer/{id}
DELETE /api/Customer/confirm/{id}
DELETE /api/Customer/delete/{id}
DELETE /api/Load/delete/{id}
DELETE /api/SavedSearch/delete/{communicationType}/{id}
DELETE /api/Staff/delete/{id}
DELETE /api/Staff/payroll/delete/{staffId}/{payrollId}
GET /api/Account
GET /api/Branch/branches
GET /api/Branch/{Id}
GET /api/Carrier
GET /api/Carrier/trucks/{id}
GET /api/Carrier/{Id}
GET /api/Customer
GET /api/Customer/{Id}
GET /api/File/careerDocument/download/{name}
GET /api/File/companyPicture/download/{guid}
GET /api/File/loadConfirmation/download/{name}
GET /api/File/loadPDF/download/{name}
GET /api/File/mcDocument/download/{name}
GET /api/File/mcLogo/download/{name}
GET /api/File/userPicture/download/{guid}
GET /api/Load/{Id}
GET /api/Lookup/{LookupSetName}
GET /api/MC
GET /api/MC/mcs
GET /api/MC/{Id}
GET /api/SavedSearch/{communicationType}/{id}
GET /api/Staff/payrolls/{staffId}
GET /api/Staff/roles
GET /api/Staff/{Id}
GET /api/Truck/truckposts/{id}
GET /api/TruckPost/{id}
GET /api/User/current
GET /api/User/profile
GET /api/User/test
PATCH /api/Carrier/update/postingAvailability/{id}
PATCH /api/TruckPost/disable/{id}
POST /api/Account/password/change
POST /api/Account/password/setup/{emailActionType}
POST /api/Account/validate/token/{tokenType}
POST /api/Branch/add
POST /api/Branch/dashboard
POST /api/Carrier/add
POST /api/Carrier/add/feedback/{id}
POST /api/Carrier/dashboard
POST /api/Carrier/feedbacks/{id}
POST /api/Credit/request/add/carrier
POST /api/Credit/request/add/customer
POST /api/Credit/requests/carrier
POST /api/Credit/requests/customer
POST /api/Customer/add
POST /api/Customer/dashboard
POST /api/Load/add
POST /api/Load/dashboard
POST /api/Load/dashboard/carrier/{carrierId}
POST /api/MC/add
POST /api/MC/dashboard
POST /api/SavedSearch/add/truck-post
POST /api/SavedSearch/dashboard/{communicationType}
POST /api/Staff/add
POST /api/Staff/dashboard
POST /api/Staff/payroll/add/{staffId}
POST /api/TruckPost/dashboard/carrier/{carrierId}
POST /api/TruckPost/dashboard/{savedSearchId}
PUT /api/Branch/update/{id}
PUT /api/Carrier/update/documents/{id}
PUT /api/Carrier/update/feedback/{feedbackId}
PUT /api/Carrier/update/trucks/{id}
PUT /api/Carrier/update/{id}
PUT /api/Customer/update/{id}
PUT /api/Load/update/basic/{id}
PUT /api/Load/update/confirmations/{id}
PUT /api/Load/update/deliveries/{id}
PUT /api/Load/update/info/{id}
PUT /api/Load/update/{id}
PUT /api/MC/update/documents/{id}
PUT /api/MC/update/{id}
PUT /api/SavedSearch/update/truck-post/{id}
PUT /api/Staff/payroll/update/{staffId}/{payrollId}
PUT /api/Staff/update/{id}
PUT /api/TruckPost/update/{id}

Found on 2026-01-16 15:14

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: api.gymnasiekoll.se
Port: 443
URL: https://api.gymnasiekoll.se

First seen 2026-01-10 20:25
Last seen 2026-01-16 15:07
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-16 15:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: test-accounts.safetyct.com
Port: 443
URL: https://test-accounts.safetyct.com

First seen 2026-01-11 03:43
Last seen 2026-01-16 14:57
Open for 5 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549ce96dcc199ff7cea81c4551bcc5143e401a8fb3b
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /.well-known/openid-configuration
GET /api/application/info
GET /api/applications
GET /api/applications/{application}/invitations
GET /api/applications/{application}/roles
GET /api/applications/{application}/users
GET /api/applications/{application}/users/{userId}
GET /api/auth/getuser
GET /api/auth/login
GET /api/auth/logout
GET /api/auth/organizations
GET /api/auth/requestchangepassword
GET /api/organizations
GET /api/user/applications
GET /api/user/{userId}/organizations
GET /api/user/{userId}/requestchangepassword
GET /api/user/{userId}/roles
GET /oauth/token
PATCH /api/connections/azureadoauth2/loginbutton
POST /api/connections/azureadoauth2
```
  Found on 2026-01-16 14:57
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-11 03:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: lapcounter-api.internal.congatec.app
Port: 443
URL: https://lapcounter-api.internal.congatec.app

First seen 2026-01-05 14:04
Last seen 2026-01-16 13:46
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549a32a06b5e67b5bd3fe480f059dc1ece59dc1ece5
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Participants
GET /api/v1/Participants/id
GET /api/v1/Participants/rfid
POST /api/v1/Laps
```
  Found on 2026-01-16 13:46
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: oberon-api.internal.congatec.app
Port: 443
URL: https://oberon-api.internal.congatec.app

First seen 2026-01-05 16:17
Last seen 2026-01-16 13:44
Open for 10 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035497b30fc78cc5cf54f4113e70f6a1bc1be949c9527
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/artifacts
GET /api/v1/artifacts/{guid}
GET /api/v1/artifacts/{guid}/revisions
GET /api/v1/artifacts/{guid}/url
GET /api/v1/job
GET /api/v1/job/{Guid}
GET /api/v1/release/release-rules
GET /api/v1/release/{Guid}/check-status
GET /api/v1/release/{Guid}/vote
GET /api/v1/software-bundles
GET /api/v1/software-bundles/{Guid}
GET /api/v1/software-bundles/{guid}/bundles-by-artifact
POST /api/v1/User/FindUser
PUT /api/v1/release/release-rules/{Guid}
PUT /api/v1/release/{Guid}/change-status
PUT /api/v1/software-bundles/{guid}/set-state
```
  Found on 2026-01-16 13:44
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: windesheim-lms-a.webhook-api.trainingscatalogus.nl
Port: 443
URL: https://windesheim-lms-a.webhook-api.trainingscatalogus.nl

First seen 2025-12-13 02:34
Last seen 2026-01-16 13:37
Open for 34 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035495a30fcb921d56bf770af5bd3ecb5fc39689f7bf7
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /CertificateSubscriptions
GET /CertificateSubscriptions/events
GET /CertificateSubscriptions/{id}
GET /CourseSubscriptions
GET /CourseSubscriptions/events
GET /CourseSubscriptions/{id}
GET /EnrollmentSubscriptions
GET /EnrollmentSubscriptions/events
GET /EnrollmentSubscriptions/{id}
GET /Subscriptions
```
  Found on 2026-01-16 13:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: siteapi.vorbestellservice.billa.at
Port: 443
URL: https://siteapi.vorbestellservice.billa.at

First seen 2025-12-21 12:06
Last seen 2026-01-16 12:08
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62f876972f9
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Promo
GET /api/Variant
POST /api/Checkout/SubmitOrder
```
  Found on 2026-01-16 12:08
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: siteapi.dev.vorbestellservice.billa.at
Port: 443
URL: https://siteapi.dev.vorbestellservice.billa.at

First seen 2025-12-21 11:09
Last seen 2026-01-16 11:56
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609f013ed2a7c1310e4350b9a65cada62f876972f9
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/Article
GET /api/Category
GET /api/Checkout/GetAccessibilityDataForShop
GET /api/Checkout/GetShopData
GET /api/Online
GET /api/Promo
GET /api/Variant
POST /api/Checkout/SubmitOrder
```
  Found on 2026-01-16 11:56
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: silosensor-api.deheus-apps.com
Port: 443
URL: https://silosensor-api.deheus-apps.com

First seen 2025-10-23 12:57
Last seen 2025-11-27 11:29
Open for 34 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035490c3204c4bd284a5ac12632e047a039db60642e19

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Alarm/delete
GET /Alarm/detail
GET /Alarm/getAlarmsBySiloId
GET /Animal/all
GET /ApplicationUser/alarm
GET /ApplicationUser/all
GET /ApplicationUser/getUserInfo
GET /ApplicationUser/me
GET /Customer/all
GET /Farm/all
GET /Farm/detail
GET /Farm/getFarmDropDownList
GET /Farm/getFarmMaps
GET /Feed/all
GET /Order/all
GET /Role/all
GET /Sensor/getSensorMeasures
GET /Sensor/getSensorsBySiloId
GET /Silo/getSiloAlarms
GET /Silo/getSiloInfo
GET /Silo/getSiloMeasures
GET /Silo/getSilosByFarmId
GET /Vendor/all
GET /api/Health
POST /Alarm/save
POST /ApplicationUser/changePassword
POST /ApplicationUser/delete
POST /ApplicationUser/save
POST /ApplicationUser/sendEmailTest
POST /ApplicationUser/sendSMSTest
POST /ApplicationUser/update
POST /Customer/save
POST /Farm/create
POST /Farm/update
POST /Farm/updateCustomerId
POST /Sensor/save
POST /Silo/create
POST /Silo/update
POST /login
POST /resetPassword
POST /sendResetPasswordLink

Found on 2025-11-27 11:29

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: silosensor-api.deheus-apps.com
Port: 80
URL: http://silosensor-api.deheus-apps.com

First seen 2025-10-23 12:57
Last seen 2025-11-27 07:06
Open for 34 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035490c3204c4bd284a5ac12632e047a039db60642e19

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Alarm/delete
GET /Alarm/detail
GET /Alarm/getAlarmsBySiloId
GET /Animal/all
GET /ApplicationUser/alarm
GET /ApplicationUser/all
GET /ApplicationUser/getUserInfo
GET /ApplicationUser/me
GET /Customer/all
GET /Farm/all
GET /Farm/detail
GET /Farm/getFarmDropDownList
GET /Farm/getFarmMaps
GET /Feed/all
GET /Order/all
GET /Role/all
GET /Sensor/getSensorMeasures
GET /Sensor/getSensorsBySiloId
GET /Silo/getSiloAlarms
GET /Silo/getSiloInfo
GET /Silo/getSiloMeasures
GET /Silo/getSilosByFarmId
GET /Vendor/all
GET /api/Health
POST /Alarm/save
POST /ApplicationUser/changePassword
POST /ApplicationUser/delete
POST /ApplicationUser/save
POST /ApplicationUser/sendEmailTest
POST /ApplicationUser/sendSMSTest
POST /ApplicationUser/update
POST /Customer/save
POST /Farm/create
POST /Farm/update
POST /Farm/updateCustomerId
POST /Sensor/save
POST /Silo/create
POST /Silo/update
POST /login
POST /resetPassword
POST /sendResetPasswordLink

Found on 2025-11-27 07:06

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.2.68
Domain: api.qrwalk.codelink.be
Port: 443
URL: https://api.qrwalk.codelink.be

First seen 2025-10-15 14:39
Last seen 2025-11-12 07:21
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035496b1f4f5e49aac7a02de29b31447d210a12620b43
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /admin/users/overview
GET /admin/users/{userId}
GET /api/walks/{walkCode}
GET /api/walks/{walkCode}/questions/{questionCode}
GET /api/walks/{walkCode}/users/me/overview
GET /health
POST /api/walks/{walkCode}/questions/{questionCode}/submit
POST /auth/guest
POST /auth/logout
POST /auth/recover
POST /auth/refresh
```
  Found on 2025-11-12 07:21
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-10-30 17:49
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549d96c1daebf9092519ee4a742154b43df39532bca
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/walks/{walkCode}
GET /api/walks/{walkCode}/questions/{questionCode}
GET /api/walks/{walkCode}/users/me/overview
GET /health
POST /api/walks/{walkCode}/questions/{questionCode}/submit
POST /auth/guest
POST /auth/logout
POST /auth/recover
POST /auth/refresh
```
  Found on 2025-10-17 13:59
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.2.68
Domain: vorsorge-api.rente.de
Port: 443
URL: https://vorsorge-api.rente.de

First seen 2023-07-17 09:48
Last seen 2025-01-06 17:34
Open for 539 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9dac936db2ac936db2ac936db2ac936db2
```
Found 1 files trough .DS_Store spidering:

/pdf
```
  Found on 2025-01-06 17:34
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.2.68
Domain: www.dafo.pl
Port: 443
URL: https://www.dafo.pl

First seen 2023-09-25 08:12
Last seen 2024-09-26 16:18
Open for 367 days

Severity: medium
Fingerprint: 5f32cf5d6962f09c70ba7b5770ba7b57c8a8987f393cf29f3a99a4f8738b19ce

Found 54 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js
/js/admin
/js/admin/autocomplete
/js/admin/bootstrap-datepicker
/js/admin/bootstrap-select
/js/admin/bootstrap-touchspin
/js/admin/bootstrap-touchspin/css
/js/admin/bootstrap-touchspin/js
/js/admin/clockpicker
/js/admin/clockpicker/js
/js/admin/datatables
/js/admin/dropzone
/js/admin/morris
/js/admin/nestable
/js/admin/summernote
/js/admin/summernote/lang
/js/admin/summernote/plugin
/js/admin/summernote/plugin/databasic
/js/admin/summernote/plugin/hello
/js/admin/summernote/plugin/specialchars
/js/admin/tagsinput

Found on 2024-09-26 16:18

Severity: low
Fingerprint: 5f32cf5d6962f09c3838040e3838040e5abc36968a783a5a58629f4f3b9e80c4

Found 20 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-09-24 10:19

Severity: medium
Fingerprint: 5f32cf5d6962f09c93a25c3a93a25c3a48d8e6ca4f915af6f0ca733b3de9fe28

Found 46 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js
/js/admin
/js/admin/autocomplete
/js/admin/bootstrap-datepicker
/js/admin/bootstrap-select
/js/admin/bootstrap-touchspin
/js/admin/clockpicker
/js/admin/datatables
/js/admin/dropzone
/js/admin/morris
/js/admin/nestable
/js/admin/summernote
/js/admin/tagsinput

Found on 2024-09-22 15:00

Severity: low
Fingerprint: 5f32cf5d6962f09cdc57c57adc57c57a578f388a742daab6eaf4347b04be5a03

Found 19 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-09-20 18:41

Severity: medium
Fingerprint: 5f32cf5d6962f09c3e8b9cac3e8b9cac799d51cc6456abf0722eee55907f0a64

Found 48 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js
/js/admin
/js/admin/autocomplete
/js/admin/bootstrap-datepicker
/js/admin/bootstrap-select
/js/admin/bootstrap-touchspin
/js/admin/bootstrap-touchspin/css
/js/admin/bootstrap-touchspin/js
/js/admin/clockpicker
/js/admin/datatables
/js/admin/dropzone
/js/admin/morris
/js/admin/nestable
/js/admin/summernote
/js/admin/tagsinput

Found on 2024-09-14 21:37

Severity: low
Fingerprint: 5f32cf5d6962f09c2a439cf82a439cf805b43780cd4a3fbc2925f5318229bf5b

Found 31 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-09-13 01:12

Severity: medium
Fingerprint: 5f32cf5d6962f09ccbc000d9cbc000d9c48166898b1bcf21bc15e7da4ac019f8

Found 49 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js
/js/admin
/js/admin/autocomplete
/js/admin/bootstrap-datepicker
/js/admin/bootstrap-select
/js/admin/bootstrap-touchspin
/js/admin/bootstrap-touchspin/css
/js/admin/bootstrap-touchspin/js
/js/admin/clockpicker
/js/admin/clockpicker/js
/js/admin/datatables
/js/admin/dropzone
/js/admin/morris
/js/admin/nestable
/js/admin/summernote
/js/admin/tagsinput

Found on 2024-09-02 23:42

Severity: low
Fingerprint: 5f32cf5d6962f09c81c345f781c345f761e73e1fc2f5a9bf6f58b0189442e7d3

Found 32 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-08-30 14:38

Severity: medium
Fingerprint: 5f32cf5d6962f09ca629b8b1a629b8b15704f0b187f79c9910b83782c8a533f4

Found 34 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js

Found on 2024-06-28 20:30

Severity: medium
Fingerprint: 5f32cf5d6962f09c75d69a7675d69a76c232644e859e1e420a072aa7a8ec6d66

Found 51 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/clockpicker/css
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/admin/plugins/summernote/font
/css/fonts
/css/images
/files
/fonts
/img
/img/files
/img/icons
/js
/js/admin
/js/admin/autocomplete
/js/admin/bootstrap-datepicker
/js/admin/bootstrap-select
/js/admin/bootstrap-touchspin
/js/admin/bootstrap-touchspin/css
/js/admin/bootstrap-touchspin/js
/js/admin/clockpicker
/js/admin/clockpicker/js
/js/admin/datatables
/js/admin/dropzone
/js/admin/morris
/js/admin/nestable
/js/admin/summernote
/js/admin/summernote/lang
/js/admin/summernote/plugin
/js/admin/tagsinput

Found on 2024-05-30 08:51

Severity: low
Fingerprint: 5f32cf5d6962f09c7c3d3e457c3d3e45e7880e7d8822356debbc8bf6a89374e8

Found 30 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/bootstrap-touchspin/css
/css/admin/plugins/bootstrap-touchspin/js
/css/admin/plugins/clockpicker
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-05-27 21:06

Severity: low
Fingerprint: 5f32cf5d6962f09c31c2f0b631c2f0b6b7dfe00e3d0b090267a0f5e7fa634339

Found 28 files trough .DS_Store spidering:

/css
/css/admin
/css/admin/images
/css/admin/images/big
/css/admin/images/blogs
/css/admin/images/brand
/css/admin/images/dropzone
/css/admin/images/email
/css/admin/images/gallery
/css/admin/images/products
/css/admin/images/products/big
/css/admin/images/small
/css/admin/images/users
/css/admin/plugins
/css/admin/plugins/bootstrap-datepicker
/css/admin/plugins/bootstrap-select
/css/admin/plugins/bootstrap-touchspin
/css/admin/plugins/clockpicker
/css/admin/plugins/datatables
/css/admin/plugins/dropzone
/css/admin/plugins/nestable
/css/admin/plugins/summernote
/css/fonts
/css/images
/files
/fonts
/img
/js

Found on 2024-03-08 05:58

Create report

Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 20.50.2.68
Domain: vorsorge-api.rente.de
Port: 443
URL: https://vorsorge-api.rente.de/_profiler/empty/search/results

First seen 2023-07-17 09:48
Last seen 2024-06-16 19:04
Open for 335 days
- Fingerprint: 407cf4363b0e62fafca67e07fb7d602efb7d602efb7d602efb7d602efb7d602e
```
Symfony profiler enabled:
https://vorsorge-api.rente.de/_profiler/empty/search/results
```
  Found on 2024-06-16 19:04
Create report

Open service 20.50.2.68:443 · lionweldmeiser.com

2026-02-12 02:30

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 Feb 2026 02:30:39 GMT
Server: nginx/1.28.0
Location: https://www.lionweldmeiser.com/
Vary: Accept-Encoding, Cookie
X-Powered-By: PHP/8.2.29
X-Redirect-By: WordPress

Found 20 hours ago by HttpPlugin

Host 20.50.2.68

The Netherlands

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Symfony developement panel enabled