LeakIX - Host 20.50.64.5

Host 20.50.64.5

Ireland

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Apache Apache

tcp/443

Kestrel Kestrel

tcp/443 tcp/80

Microsoft-IIS 10.0

tcp/443

Server

tcp/443

gunicorn

tcp/443 tcp/80

nginx nginx 1.28.0

tcp/443 tcp/80

nginx nginx

tcp/443 tcp/80

nginx nginx 1.29.2

tcp/443

nginx nginx 1.21.6

tcp/443

nginx nginx 1.28.1

tcp/443

nginx nginx 1.29.3

tcp/443

swoole-http-server

tcp/443

uvicorn

tcp/443

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.50.64.5
Domain: api.core.cappy.se
Port: 80
URL: http://api.core.cappy.se

First seen 2026-01-04 03:01
Last seen 2026-02-08 19:24
Open for 35 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34b3a8eeb1d8488a9a8b83bbb54cd397a82e66c46

GraphQL introspection enabled at /graphql
Types: 119 (by kind: ENUM: 35, INPUT_OBJECT: 3, INTERFACE: 1, OBJECT: 71, SCALAR: 9)
Operations:
- Query: Query | fields: loginMessage, notificationSettings, notifications, payout, transactionsByPayday
- Mutation: Mutation | fields: initiateAndSignPayout, loginUser, updateEmail, updatePayoutBudgetCategory, verifyEmailByCode
Directives: include, skip (total: 2)

Found on 2026-02-08 19:24

140.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a3ef196fb160b63d34cb714fb1b3c7eee571b612

GraphQL introspection enabled at /graphql
Types: 118 (by kind: ENUM: 35, INPUT_OBJECT: 3, INTERFACE: 1, OBJECT: 70, SCALAR: 9)
Operations:
- Query: Query | fields: loginMessage, notificationSettings, notifications, payout, transactionsByPayday
- Mutation: Mutation | fields: initiateAndSignPayout, loginUser, updateEmail, updatePayoutBudgetCategory, verifyEmailByCode
Directives: include, skip (total: 2)

Found on 2026-01-23 01:04

136.1 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: staging-bookings.airpark.app
Port: 443
URL: https://staging-bookings.airpark.app

First seen 2026-01-09 01:18
Last seen 2026-02-06 07:33
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035495c39938655549f13ada69da8a8f12a3a1260e0c9
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Bookings/get-bookings-for-parking-spots-and-subletts
GET /Bookings/get-number-of-bookings-for-parking-spots-and-sublets
GET /Bookings/organization/{organizationExtId}/{page}/{take}
GET /Bookings/parking-area/{parkingAreaExtId}
GET /Bookings/user
GET /Bookings/user/history/{page}/{take}
GET /Bookings/user/ongoing/{page}/{take}
GET /Bookings/user/upcoming/{page}/{take}
GET /Bookings/user/{bookingExtId}
POST /Bookings/get-bookings-for-parking-spot
POST /Bookings/parkingarea
POST /Bookings/parkingspot
POST /WhiteList/white-list-car
PUT /Bookings
```
  Found on 2026-02-06 07:33
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.64.5
Domain: icons.ssab.com
Port: 443
URL: https://icons.ssab.com

First seen 2023-03-29 03:06
Last seen 2026-02-06 05:50
Open for 1045 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c39aac35b39aac35b9dd4fa7cddf1d50cded1b61c14e9564f
```
Found 14 files trough .DS_Store spidering:

/.git
/assets
/assets/css
/assets/fonts
/assets/img
/assets/js
/download
/icons
/includes
/index.php
/README.md
/tmpicons
/vendor
/vendor/bootstrap
```
  Found on 2026-02-06 05:50
- Severity: low
  Fingerprint: 5f32cf5d6962f09cccdd54a0ccdd54a0904d808d525f517bb77cc2759a92ede6
```
Found 13 files trough .DS_Store spidering:

/.git
/assets
/assets/css
/assets/fonts
/assets/img
/assets/js
/download
/icons
/includes
/index.php
/README.md
/tmpicons
/vendor
```
  Found on 2025-11-30 10:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: staging-charging.airpark.app
Port: 443
URL: https://staging-charging.airpark.app

First seen 2025-12-11 07:07
Last seen 2026-02-05 11:10
Open for 56 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549d8eece7f4ecfa8c11eaf660ce7cdcf51e7cdcf51
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /Charging/get-charging-session/{chargingSessionExtId}
GET /Charging/get-charging-station/{chargingStationExtId}
POST /Charging/start-charging
POST /Charging/stop-charging/{chargingSessionExtId}
```
  Found on 2026-02-05 11:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: learning-tool-lincase-api-staging.livis.nl
Port: 443
URL: https://learning-tool-lincase-api-staging.livis.nl

First seen 2025-12-26 12:29
Last seen 2026-02-05 09:21
Open for 40 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354959976750b12ebd776fb9fa6384b4e1730e6fe345
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Authentication/elearningparticipation
GET /api/Authentication/keys
GET /api/Authentication/login
GET /api/Authentication/moduleparticipation
GET /api/Authentication/token/access
GET /api/Authentication/token/refresh
GET /api/Info
POST /api/ModuleParticipation/send-module-info
POST /api/ScormData/startelearning
PUT /api/ScormData
```
  Found on 2026-02-05 09:21
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: pmvikebojorgensen.kundesjekk.no
Port: 443
URL: https://pmvikebojorgensen.kundesjekk.no

First seen 2026-01-04 03:29
Last seen 2026-02-05 04:27
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 04:27
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: ingebrigtsen.kundesjekk.no
Port: 443
URL: https://ingebrigtsen.kundesjekk.no

First seen 2025-12-28 08:08
Last seen 2026-02-05 04:10
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 04:10
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: utleiejessheim.kundesjekk.no
Port: 443
URL: https://utleiejessheim.kundesjekk.no

First seen 2025-12-24 02:58
Last seen 2026-02-05 03:59
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 03:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: torpregnskap.kundesjekk.no
Port: 443
URL: https://torpregnskap.kundesjekk.no

First seen 2025-12-25 05:54
Last seen 2026-02-05 03:55
Open for 41 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 03:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: borg.kundesjekk.no
Port: 443
URL: https://borg.kundesjekk.no

First seen 2025-12-22 05:31
Last seen 2026-02-05 03:54
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 03:54
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: ecofinans.kundesjekk.no
Port: 443
URL: https://ecofinans.kundesjekk.no

First seen 2025-12-22 05:30
Last seen 2026-02-05 03:53
Open for 44 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-05 03:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: staging-vehicles.airpark.app
Port: 443
URL: https://staging-vehicles.airpark.app

First seen 2026-01-09 01:18
Last seen 2026-02-04 22:55
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354977a85c410e4f591bad7ce2c636771fd636771fd6
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Vehicles/{vehicleExtId}
GET /Vehicles
GET /Vehicles/latestUsed
GET /Vehicles/vehicleTypes
```
  Found on 2026-02-04 22:55
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: api.ltcloud.lextools.com
Port: 443
URL: https://api.ltcloud.lextools.com

First seen 2026-01-04 03:17
Last seen 2026-02-04 22:53
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6024f00ab8edabf7f2fb3d66ce6bbca63bf8272c9d

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /IdentificationDocumentSubType
GET /IdentificationDocumentSubType/{id}
GET /IdentificationDocumentType/{id}
GET /LawSchool/{id}
GET /LegalIssues/All
GET /LegalIssues/Search
GET /LegalIssues/{id}
GET /LegalIssues/{id}/Childs
GET /LegalStates/All
GET /LegalStates/Search
GET /LegalStates/{id}
GET /LegalStates/{id}/Childs
GET /LextoolsBi/GetAzureToken
GET /PartTypes/All
GET /PersonCategory/code/{code}
GET /PersonCategory/{id}
GET /PersonType/{id}
GET /SendGridTemplate/{id}
GET /UserRoles/Security
GET /additionalContactDataType/{id}
GET /additionalContactDetail/{id}
GET /address/{id}
GET /addressType/{id}
GET /auth/RenewToken
GET /companies/{id}
GET /contactPerson/{id}
GET /country/{id}
GET /health
GET /persons/{id}
GET /personsIdentificationDocument/{id}
GET /tenant/ModernInvoice
GET /tenant/{externalId}
GET /tenant/{externalId}/GetLextoolsBiClientToken
GET /tenant/{id}
GET /tenant/{id}/HiredComponents
GET /typeOfRoad/{id}
GET /user
GET /user/GetPermalinkPowerBi/{login}
GET /user/{email}
GET /user/{id}
POST /Burofax/Search
POST /CourtRecords/Search
POST /LTCloudAuth
POST /LextoolsBi/CreateClientToken
POST /Parties/Search
POST /SendGridTemplate
POST /SendGridTemplate/SendWelcomeMessage
POST /States/Search
POST /additionalContactDetail
POST /address
POST /auth/log-in
POST /auth/loginByProduct
POST /auth/sign-up
POST /companies
POST /contactPerson
POST /persons
POST /personsIdentificationDocument
POST /tenant
POST /tenant/{externalId}/ImportUsersFromLegacyDatabase
POST /user/RestartPasswordByEmail
POST /user/RestartPasswordByLogin
POST /user/{ExternalId}

Found on 2026-02-04 22:53

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.50.64.5
Domain: api.core.cappy.se
Port: 443
URL: https://api.core.cappy.se

First seen 2026-01-04 03:01
Last seen 2026-02-04 14:41
Open for 31 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa34b3a8eeb1d8488a9a8b83bbb54cd397a82e66c46

GraphQL introspection enabled at /graphql
Types: 119 (by kind: ENUM: 35, INPUT_OBJECT: 3, INTERFACE: 1, OBJECT: 71, SCALAR: 9)
Operations:
- Query: Query | fields: loginMessage, notificationSettings, notifications, payout, transactionsByPayday
- Mutation: Mutation | fields: initiateAndSignPayout, loginUser, updateEmail, updatePayoutBudgetCategory, verifyEmailByCode
Directives: include, skip (total: 2)

Found on 2026-02-04 14:41

140.2 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a3ef196fb160b63d34cb714fb1b3c7eee571b612

GraphQL introspection enabled at /graphql
Types: 118 (by kind: ENUM: 35, INPUT_OBJECT: 3, INTERFACE: 1, OBJECT: 70, SCALAR: 9)
Operations:
- Query: Query | fields: loginMessage, notificationSettings, notifications, payout, transactionsByPayday
- Mutation: Mutation | fields: initiateAndSignPayout, loginUser, updateEmail, updatePayoutBudgetCategory, verifyEmailByCode
Directives: include, skip (total: 2)

Found on 2026-01-15 20:17

136.1 kBytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: midspar.amlalert.dk
Port: 443
URL: https://midspar.amlalert.dk

First seen 2025-12-10 03:46
Last seen 2026-02-02 10:38
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 10:38
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: tsseirik.kundesjekk.no
Port: 443
URL: https://tsseirik.kundesjekk.no

First seen 2026-01-01 03:28
Last seen 2026-02-02 09:04
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 09:04
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: tssvegard.kundesjekk.no
Port: 443
URL: https://tssvegard.kundesjekk.no

First seen 2026-01-01 03:30
Last seen 2026-02-02 09:04
Open for 32 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-02 09:04
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: digital-friend-dashboard.symanto.ai
Port: 443
URL: https://digital-friend-dashboard.symanto.ai

First seen 2025-12-26 18:28
Last seen 2026-02-02 05:03
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b9596202911b4640c6a8bace74825d108b4c6ed3

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/agents/{agentId}/data-collection-actions/{actionId}
DELETE /api/agents/{agentId}/integrations/{integrationId}
DELETE /api/agents/{agentId}/knowledge-bases/crawl/{id}
DELETE /api/agents/{agentId}/knowledge-bases/{id}
DELETE /api/agents/{agentId}/mcp-servers/{mcpServerId}
DELETE /api/organizations/{organizationId}
DELETE /api/organizations/{organizationId}/api-secrets/{secretKeyId}
DELETE /api/organizations/{organizationId}/users/{userId}
DELETE /api/projects/{id}/contacts/{contactNumber}
DELETE /api/projects/{id}/contacts/{contactNumber}/variables/{variableName}
GET /api/agents
GET /api/agents/phone/{phoneNumber}
GET /api/agents/{agentId}/available-conversation-aspects
GET /api/agents/{agentId}/crm-integrations
GET /api/agents/{agentId}/data-collection-actions
GET /api/agents/{agentId}/data-retention-policies
GET /api/agents/{agentId}/email-notifications
GET /api/agents/{agentId}/knowledge-bases
GET /api/agents/{agentId}/mcp-servers
GET /api/agents/{agentId}/prompt-variables
GET /api/agents/{agentId}/tools
GET /api/agents/{agentId}/tools/webhooks
GET /api/agents/{agentId}/tools/webhooks/{id}
GET /api/agents/{agentId}/tools/{id}
GET /api/agents/{id}
GET /api/conversations
GET /api/conversations/aggregate-by-country-code
GET /api/conversations/aggregates
GET /api/conversations/count-for-days-of-week
GET /api/conversations/count-for-hours-of-day
GET /api/conversations/dashboard-metrics
GET /api/conversations/{id}
GET /api/mcp-servers
GET /api/me
GET /api/models
GET /api/organizations
GET /api/organizations/{organizationId}/api-secrets
GET /api/organizations/{organizationId}/filters
GET /api/organizations/{organizationId}/filters/conversation-count-by-number-of-messages
GET /api/organizations/{organizationId}/logo
GET /api/organizations/{organizationId}/phone-numbers
GET /api/organizations/{organizationId}/phone-numbers/available
GET /api/organizations/{organizationId}/predefined-data-collections
GET /api/organizations/{organizationId}/roles
GET /api/organizations/{organizationId}/users
GET /api/permissions
GET /api/projects/organizations/{organizationId}
GET /api/projects/{id}
GET /api/speech-recognition-providers
GET /api/users
GET /api/voices
PATCH /api/organizations/{organizationId}/rotate-secret-keys/{secretKeyId}
POST /api/agents/copy
POST /api/agents/{agentId}/knowledge-bases/crawl
POST /api/agents/{agentId}/knowledge-bases/tags
POST /api/agents/{agentId}/tools/webhooks/{id}/run
POST /api/agents/{id}/data-collection-actions
POST /api/conversations/start-outbound-call
POST /api/conversations/{conversationId}/run-data-collection-action/{actionId}
POST /api/organizations/{organizationId}/phone-numbers/{phoneNumberId}/assign
POST /api/projects
POST /api/projects/{id}/archive
POST /api/projects/{id}/contacts
POST /api/projects/{id}/contacts/bulk
POST /api/projects/{id}/contacts/{contactNumber}/blacklist
PUT /api/agents/{agentId}/crm-integrations/{integrationId}
PUT /api/agents/{agentId}/data-collection-actions/{actionId}/aggregation-type/{aggregationTypeName}
PUT /api/agents/{agentId}/data-retention-policies/{policyId}
PUT /api/agents/{agentId}/email-notifications/{notificationId}
PUT /api/agents/{agentId}/prompt-variables/{id}
PUT /api/agents/{agentId}/tools/{toolId}
PUT /api/conversations/{id}/mark-as-completed
PUT /api/organizations/{organizationId}/change-display-name
PUT /api/organizations/{organizationId}/phone-numbers/{phoneNumberId}
PUT /api/organizations/{organizationId}/predefined-data-collections/{predefinedDataCollectionId}
PUT /api/organizations/{organizationId}/roles/{roleId}
PUT /api/projects/{id}/contacts/{contactNumber}/variables
PUT /api/projects/{id}/contacts/{contactNumber}/variables/bulk
PUT /api/users/{id}

Found on 2026-02-02 05:03

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.50.64.5
Domain: direksjonsmusikken.no
Port: 443
URL: https://direksjonsmusikken.no

First seen 2024-10-24 20:24
Last seen 2026-02-01 22:43
Open for 465 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2026-02-01 22:43
  
  380 Bytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: thorconsulting.kundesjekk.no
Port: 443
URL: https://thorconsulting.kundesjekk.no

First seen 2025-12-28 08:08
Last seen 2026-01-23 11:22
Open for 26 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 11:22
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: external-api.palletline.services
Port: 443
URL: https://external-api.palletline.services

First seen 2025-12-03 08:27
Last seen 2026-01-23 09:16
Open for 51 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60178509fb35177e8508c8a037a41a3b0db267d72d

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/v2/reports/{reportGuid}
GET /api/v1/CCTVReqForm
GET /api/v1/FLTCCTV_Forms
GET /api/v1/FLT_Forms
GET /api/v1/Form-Courier/summary
GET /api/v1/Form-Courier/summary/{jobId}
GET /api/v1/Form-Courier/{jobId}
GET /api/v1/Form-Courier/{jobId}/costs
GET /api/v1/Form-Courier/{jobId}/notes
GET /api/v1/chats/conversations
GET /api/v1/chats/{conversationId}
GET /api/v1/directory/users/all
GET /api/v1/drivers
GET /api/v1/form-assignments
GET /api/v1/profile
GET /api/v1/profile/all
GET /api/v1/reports
GET /api/v1/users/mobilefunc
GET /api/v2/reports
GET /api/v2/users
GET /api/v2/users/{email}
POST /api/v1/Form-Courier/cancel
POST /api/v1/Form-Courier/complete
POST /api/v1/Form-Courier/submit
POST /api/v1/chats
POST /api/v1/chats/send
POST /api/v1/chats/start
POST /api/v1/chats/{conversationId}/name
POST /api/v1/labels/print
POST /api/v1/reports/assign
POST /api/v1/users
PUT /api/v1/drivers/bulk
PUT /api/v1/mobile/driver-sign
PUT /api/v1/reports/rls
PUT /api/v1/users/role
PUT /api/v1/users/status

Found on 2026-01-23 09:16

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60178509fb72157a49c44912b7d7680e50c2b9bc3f

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/v2/reports/{reportGuid}
GET /api/v1/FLTCCTV_Forms
GET /api/v1/FLT_Forms
GET /api/v1/Form-Courier/summary
GET /api/v1/Form-Courier/summary/{jobId}
GET /api/v1/Form-Courier/{jobId}
GET /api/v1/Form-Courier/{jobId}/costs
GET /api/v1/Form-Courier/{jobId}/notes
GET /api/v1/chats/conversations
GET /api/v1/chats/{conversationId}
GET /api/v1/directory/users/all
GET /api/v1/drivers
GET /api/v1/form-assignments
GET /api/v1/profile
GET /api/v1/profile/all
GET /api/v1/reports
GET /api/v1/users/mobilefunc
GET /api/v2/reports
GET /api/v2/users
GET /api/v2/users/{email}
POST /api/v1/Form-Courier/cancel
POST /api/v1/Form-Courier/complete
POST /api/v1/Form-Courier/submit
POST /api/v1/chats
POST /api/v1/chats/send
POST /api/v1/chats/start
POST /api/v1/chats/{conversationId}/name
POST /api/v1/labels/print
POST /api/v1/reports/assign
POST /api/v1/users
PUT /api/v1/drivers/bulk
PUT /api/v1/mobile/driver-sign
PUT /api/v1/reports/rls
PUT /api/v1/users/role
PUT /api/v1/users/status

Found on 2026-01-16 16:35

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60178509fb72157a49c44912b7d7680e50cf36be1a

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/v2/reports/{reportGuid}
GET /api/v1/FLTCCTV_Forms
GET /api/v1/FLT_Forms
GET /api/v1/Form-Courier/summary
GET /api/v1/Form-Courier/summary/{jobId}
GET /api/v1/Form-Courier/{jobId}
GET /api/v1/Form-Courier/{jobId}/costs
GET /api/v1/Form-Courier/{jobId}/notes
GET /api/v1/chats/conversations
GET /api/v1/chats/{conversationId}
GET /api/v1/directory/users/all
GET /api/v1/drivers
GET /api/v1/form-assignments
GET /api/v1/profile
GET /api/v1/profile/all
GET /api/v1/reports
GET /api/v1/users/mobilefunc
GET /api/v2/reports
GET /api/v2/users
GET /api/v2/users/{email}
POST /api/v1/Form-Courier/cancel
POST /api/v1/Form-Courier/complete
POST /api/v1/Form-Courier/submit
POST /api/v1/chats
POST /api/v1/chats/send
POST /api/v1/chats/start
POST /api/v1/chats/{conversationId}/name
POST /api/v1/reports/assign
POST /api/v1/users
PUT /api/v1/drivers/bulk
PUT /api/v1/mobile/driver-sign
PUT /api/v1/reports/rls
PUT /api/v1/users/role
PUT /api/v1/users/status

Found on 2025-12-16 23:59

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: public.api.dev.verilocation.com
Port: 443
URL: https://public.api.dev.verilocation.com

First seen 2025-11-25 23:16
Last seen 2026-01-23 08:15
Open for 58 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b554b43a29a96e37ae8107028cbfabbeed8d8de3

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /public/v1/geofences/{id}
DELETE /public/v1/tags/{id}
GET /public/v1/accelerometer/vehicle/{vehicleId}
GET /public/v1/alcolock/results
GET /public/v1/alcolock/{vehicleId}/results
GET /public/v1/drivers
GET /public/v1/drivers/assignments
GET /public/v1/drivers/ref/{externalReferenceId}
GET /public/v1/drivers/{driverId}
GET /public/v1/events/speeding
GET /public/v1/events/speeding/last30days
GET /public/v1/events/speeding/last60days
GET /public/v1/events/speeding/last90days
GET /public/v1/events/{vehicleId}
GET /public/v1/externalreferences
GET /public/v1/externalreferences/driver/{driverId}
GET /public/v1/externalreferences/drivers
GET /public/v1/externalreferences/geofence/{geofenceId}
GET /public/v1/externalreferences/geofences
GET /public/v1/externalreferences/types/{externalReferenceType}
GET /public/v1/externalreferences/vehicle/{vehicleId}
GET /public/v1/externalreferences/vehicles
GET /public/v1/geofenceVisits
GET /public/v1/geofenceVisits/geofence/{geofenceId}
GET /public/v1/geofenceVisits/vehicle/{vehicleId}
GET /public/v1/geofences
GET /public/v1/geofences/ref/{externalReference}
GET /public/v1/geofences/tag/{tagId}
GET /public/v1/geofences/{geofenceId}
GET /public/v1/groups
GET /public/v1/inputs
GET /public/v1/inputs/histories
GET /public/v1/inputs/histories/{vehicleId}
GET /public/v1/inputs/public/v1/vehicles/{vehicleId}/inputs
GET /public/v1/inputs/types
GET /public/v1/inputs/types/{inputTypeId}
GET /public/v1/inputs/{inputId}
GET /public/v1/journeys/last30days
GET /public/v1/journeys/last60days
GET /public/v1/journeys/last90days
GET /public/v1/journeys/{includeCan}
GET /public/v1/plannedroutes
GET /public/v1/plannedroutes/driver/{driverId}
GET /public/v1/plannedroutes/ref/{externalReference}
GET /public/v1/plannedroutes/status/{status}
GET /public/v1/plannedroutes/status/{status}/driver/{driverId}
GET /public/v1/plannedroutes/status/{status}/vehicle/{vehicleId}
GET /public/v1/plannedroutes/vehicle/{vehicleId}
GET /public/v1/plannedroutes/{plannedRouteId}
GET /public/v1/sensordata
GET /public/v1/sensordata/last30days
GET /public/v1/sensordata/last60days
GET /public/v1/sensordata/last90days
GET /public/v1/sensordata/vehicle/{vehicleId}
GET /public/v1/tags
GET /public/v1/tags/name/{tagName}
GET /public/v1/tags/type/{tagType}
GET /public/v1/tags/{tagId}
GET /public/v1/temperature/alarms
GET /public/v1/temperature/alarms/{vehicleId}
GET /public/v1/temperature/probes
GET /public/v1/temperature/probes/vehicles/{vehicleId}
GET /public/v1/temperature/probes/{probeId}/profile
GET /public/v1/temperature/profiles
GET /public/v1/temperature/profiles/vehicles/{vehicleId}
GET /public/v1/temperature/profiles/{profileId}
GET /public/v1/temperature/{vehicleId}
GET /public/v1/vehicleInput/recordHistory/{vehicleId}
GET /public/v1/vehicleInput/records
GET /public/v1/vehicleInput/records/{vehicleId}
GET /public/v1/vehicleInput/recordsHistory
GET /public/v1/vehicles
GET /public/v1/vehicles/journeys
GET /public/v1/vehicles/plots
GET /public/v1/vehicles/plots/latest
GET /public/v1/vehicles/plots/{id}
GET /public/v1/vehicles/ref/{externalReference}
GET /public/v1/vehicles/temperatureRecords
GET /public/v1/vehicles/temperatureRecords/latest
GET /public/v1/vehicles/{vehicleId}
GET /public/v1/vehicles/{vehicleId}/journeys
GET /public/v1/vehicles/{vehicleId}/journeys/current
GET /public/v1/vehicles/{vehicleId}/journeys/{journeyId}
GET /public/v1/vehicles/{vehicleId}/messages
GET /public/v1/vehicles/{vehicleId}/plots
GET /public/v1/vehicles/{vehicleId}/plots/latest
GET /public/v1/vehicles/{vehicleId}/temperatureRecords
GET /public/v1/vehicles/{vehicleId}/temperatureRecords/latest
GET /public/v1/vehicles/{vehicleId}/tyreRecords
GET /public/v1/vehicles/{vehicleId}/tyreRecords/latest
POST /public/v1/drivers/assignments/end
POST /public/v1/drivers/assignments/start
POST /public/v1/externalreferences/driverExternalReference
POST /public/v1/externalreferences/geofenceExternalReference
POST /public/v1/externalreferences/types/{type}
POST /public/v1/externalreferences/vehicleExternalReference
POST /public/v1/messages
POST /public/v1/plannedroutes/ref/{externalReferenceId}/cancel
POST /public/v1/plannedroutes/{id}/cancel
POST /token

Found on 2026-01-23 08:15

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b554b43a29a96e37ae8107028cbfabbe4769e130

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /public/v1/geofences/{id}
DELETE /public/v1/tags/{id}
GET /public/v1/accelerometer/vehicle/{vehicleId}
GET /public/v1/alcolock/results
GET /public/v1/alcolock/{vehicleId}/results
GET /public/v1/drivers
GET /public/v1/drivers/assignments
GET /public/v1/drivers/ref/{externalReferenceId}
GET /public/v1/drivers/{driverId}
GET /public/v1/events/speeding
GET /public/v1/events/speeding/last30days
GET /public/v1/events/speeding/last60days
GET /public/v1/events/speeding/last90days
GET /public/v1/events/{vehicleId}
GET /public/v1/externalreferences
GET /public/v1/externalreferences/driver/{driverId}
GET /public/v1/externalreferences/drivers
GET /public/v1/externalreferences/geofence/{geofenceId}
GET /public/v1/externalreferences/geofences
GET /public/v1/externalreferences/types/{externalReferenceType}
GET /public/v1/externalreferences/vehicle/{vehicleId}
GET /public/v1/externalreferences/vehicles
GET /public/v1/geofenceVisits
GET /public/v1/geofenceVisits/geofence/{geofenceId}
GET /public/v1/geofenceVisits/vehicle/{vehicleId}
GET /public/v1/geofences
GET /public/v1/geofences/ref/{externalReference}
GET /public/v1/geofences/tag/{tagId}
GET /public/v1/geofences/{geofenceId}
GET /public/v1/groups
GET /public/v1/inputs
GET /public/v1/inputs/histories
GET /public/v1/inputs/histories/{vehicleId}
GET /public/v1/inputs/public/v1/vehicles/{vehicleId}/inputs
GET /public/v1/inputs/types
GET /public/v1/inputs/types/{inputTypeId}
GET /public/v1/inputs/{inputId}
GET /public/v1/journeys/last30days
GET /public/v1/journeys/last60days
GET /public/v1/journeys/last90days
GET /public/v1/journeys/{includeCan}
GET /public/v1/plannedroutes
GET /public/v1/plannedroutes/driver/{driverId}
GET /public/v1/plannedroutes/ref/{externalReference}
GET /public/v1/plannedroutes/status/{status}
GET /public/v1/plannedroutes/status/{status}/driver/{driverId}
GET /public/v1/plannedroutes/status/{status}/vehicle/{vehicleId}
GET /public/v1/plannedroutes/vehicle/{vehicleId}
GET /public/v1/plannedroutes/{plannedRouteId}
GET /public/v1/sensordata
GET /public/v1/sensordata/last30days
GET /public/v1/sensordata/last60days
GET /public/v1/sensordata/last90days
GET /public/v1/sensordata/vehicle/{vehicleId}
GET /public/v1/tags
GET /public/v1/tags/name/{tagName}
GET /public/v1/tags/type/{tagType}
GET /public/v1/tags/{tagId}
GET /public/v1/temperature/alarms
GET /public/v1/temperature/alarms/{vehicleId}
GET /public/v1/temperature/probes
GET /public/v1/temperature/probes/vehicles/{vehicleId}
GET /public/v1/temperature/probes/{probeId}/profile
GET /public/v1/temperature/profiles
GET /public/v1/temperature/profiles/vehicles/{vehicleId}
GET /public/v1/temperature/profiles/{profileId}
GET /public/v1/temperature/{vehicleId}
GET /public/v1/vehicleInput/recordHistory/{vehicleId}
GET /public/v1/vehicleInput/records
GET /public/v1/vehicleInput/records/{vehicleId}
GET /public/v1/vehicleInput/recordsHistory
GET /public/v1/vehicles
GET /public/v1/vehicles/journeys
GET /public/v1/vehicles/plots
GET /public/v1/vehicles/plots/latest
GET /public/v1/vehicles/plots/{id}
GET /public/v1/vehicles/ref/{externalReference}
GET /public/v1/vehicles/temperatureRecords
GET /public/v1/vehicles/temperatureRecords/latest
GET /public/v1/vehicles/{vehicleId}
GET /public/v1/vehicles/{vehicleId}/journeys
GET /public/v1/vehicles/{vehicleId}/journeys/current
GET /public/v1/vehicles/{vehicleId}/journeys/{journeyId}
GET /public/v1/vehicles/{vehicleId}/messages
GET /public/v1/vehicles/{vehicleId}/plots
GET /public/v1/vehicles/{vehicleId}/plots/latest
GET /public/v1/vehicles/{vehicleId}/temperatureRecords
GET /public/v1/vehicles/{vehicleId}/temperatureRecords/latest
GET /public/v1/vehicles/{vehicleId}/tyreRecords
GET /public/v1/vehicles/{vehicleId}/tyreRecords/latest
GET /token/sso/login
POST /public/v1/drivers/assignments/end
POST /public/v1/drivers/assignments/start
POST /public/v1/externalreferences/driverExternalReference
POST /public/v1/externalreferences/geofenceExternalReference
POST /public/v1/externalreferences/types/{type}
POST /public/v1/externalreferences/vehicleExternalReference
POST /public/v1/messages
POST /public/v1/plannedroutes/ref/{externalReferenceId}/cancel
POST /public/v1/plannedroutes/{id}/cancel
POST /token
POST /token/sso/handler

Found on 2025-12-01 06:52

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-11-29 05:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: api.app.psm.papioconsulting.eu
Port: 80
URL: http://api.app.psm.papioconsulting.eu

First seen 2025-11-02 06:12
Last seen 2026-01-23 05:52
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354937bb4b8fd7745c0237238a7b0e51b2553145cc31
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/import/{id}
GET /api/emissions/summary
GET /api/emissions/summary-by-activities
GET /api/emissions/summary-by-sources
GET /api/emissions/trends
GET /api/export/carbon-emissions
GET /api/import/audit
GET /api/import/excel/{id}
GET /api/login/verify
POST /api/import/excel
```
  Found on 2026-01-23 05:52
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609dc500bcd543cab524ac59cc35e27a888cc47d92
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/import/{id}
GET /api/emissions/summary
GET /api/emissions/summary-by-activities
GET /api/emissions/summary-by-sources
GET /api/emissions/trends
GET /api/export/carbon-emissions
GET /api/import/audit
GET /api/import/excel/{id}
GET /api/login/verify
POST /api/import/excel
```
  Found on 2025-11-12 04:56
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: completum.kundesjekk.no
Port: 443
URL: https://completum.kundesjekk.no

First seen 2025-12-10 13:46
Last seen 2026-01-23 00:48
Open for 43 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-23 00:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: imodelsearchapi-neu-staging.bentley.com
Port: 443
URL: https://imodelsearchapi-neu-staging.bentley.com

First seen 2025-11-13 07:20
Last seen 2026-01-21 12:15
Open for 69 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60b688dff38864d712250de57bcd5b323b499a6377
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/search/configuration/elements/custom-data/aspect-properties
GET /api/v1/search/configuration/elements/custom-data/element-properties
GET /api/v1/search/configuration/elements/index-statuses
POST /api/v1/search/configuration/elements/index
POST /api/v1/search/elements
POST /api/v1/search/metadata
```
  Found on 2026-01-21 12:15
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: api.app.psm.papioconsulting.eu
Port: 443
URL: https://api.app.psm.papioconsulting.eu

First seen 2025-11-02 06:12
Last seen 2026-01-16 12:42
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354937bb4b8fd7745c0237238a7b0e51b2553145cc31
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/import/{id}
GET /api/emissions/summary
GET /api/emissions/summary-by-activities
GET /api/emissions/summary-by-sources
GET /api/emissions/trends
GET /api/export/carbon-emissions
GET /api/import/audit
GET /api/import/excel/{id}
GET /api/login/verify
POST /api/import/excel
```
  Found on 2026-01-16 12:42
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d609dc500bcd543cab524ac59cc35e27a888cc47d92
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/import/{id}
GET /api/emissions/summary
GET /api/emissions/summary-by-activities
GET /api/emissions/summary-by-sources
GET /api/emissions/trends
GET /api/export/carbon-emissions
GET /api/import/audit
GET /api/import/excel/{id}
GET /api/login/verify
POST /api/import/excel
```
  Found on 2025-11-12 12:07
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: staging-rewards.airpark.app
Port: 443
URL: https://staging-rewards.airpark.app

First seen 2025-12-19 04:33
Last seen 2026-01-16 06:04
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad0354988060dbb32aa29c54a44e90c6077d8ee5156545f
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /Rewards/delete-reward
DELETE /Rewards/delete-reward-date-from-reward
GET /BookingRewards/get-booking-reward/{bookingExtId}
GET /Rewards/get-reward-date-winners/{rewardDateExtId}
GET /Rewards/get-reward-dates/{rewardExtId}
GET /Rewards/get-rewards
POST /Rewards/add-reward-date-to-reward
POST /Rewards/create-reward
PUT /Rewards/update-reward
```
  Found on 2026-01-16 06:04
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 20.50.64.5
Domain: dev-bo.farmaciespecializzate.it
Port: 443
URL: https://dev-bo.farmaciespecializzate.it

First seen 2025-12-26 14:31
Last seen 2026-01-16 03:05
Open for 20 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3327c188f71518b9dca153267c0c3e223fd2aac33
```
GraphQL introspection enabled at /graphql
Types: 23 (by kind: ENUM: 3, OBJECT: 12, SCALAR: 8)
Operations:
- Query: Query | fields: _empty
- Subscription: Subscription | fields: directus_files_mutated
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-16 03:05
  
  25.7 kBytes
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: itwinsearchapi-neu-staging.bentley.com
Port: 443
URL: https://itwinsearchapi-neu-staging.bentley.com

First seen 2025-10-14 16:35
Last seen 2025-12-29 05:11
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d602db570334bc979450e53d6fb0e53d6fb0e53d6fb
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /api/v1/discover
POST /api/v1/search
POST /api/v1/suggest
```
  Found on 2025-12-29 05:11
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.50.64.5
Domain: regnskaphoussein.kundesjekk.no
Port: 443
URL: https://regnskaphoussein.kundesjekk.no

First seen 2025-10-15 05:26
Last seen 2025-12-27 03:54
Open for 72 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2025-12-27 03:54
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.50.64.5
Domain: ny.direksjonsmusikken.no
Port: 443
URL: https://ny.direksjonsmusikken.no

First seen 2022-06-20 18:21
Last seen 2024-10-24 17:56
Open for 856 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-10-24 17:56
  
  380 Bytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.64.5
Domain: ahjokeskuksenpk.fi
Port: 443
URL: https://ahjokeskuksenpk.fi

First seen 2022-09-11 21:30
Last seen 2024-01-20 13:17
Open for 495 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d89a8fd6d89a8fd6d89a8fd6d89a8fd6d
```
Found 1 files trough .DS_Store spidering:

/img
```
  Found on 2024-01-20 13:17
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.64.5
Domain: www.ahjokeskuksenpk.fi
Port: 443
URL: https://www.ahjokeskuksenpk.fi

First seen 2022-12-21 21:28
Last seen 2024-01-07 01:59
Open for 381 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d89a8fd6d89a8fd6d89a8fd6d89a8fd6d
```
Found 1 files trough .DS_Store spidering:

/img
```
  Found on 2024-01-07 01:59
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.50.64.5
Domain: ny.direksjonsmusikken.no
Port: 80
URL: http://ny.direksjonsmusikken.no

First seen 2022-06-20 18:21
Last seen 2024-01-06 02:38
Open for 564 days
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2024-01-06 02:38
  
  380 Bytes
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.64.5
Domain: solarinventar.info
Port: 443
URL: https://solarinventar.info

First seen 2023-11-06 07:34
Last seen 2023-11-17 03:30
Open for 10 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c3af247253af2472509f4ef999e145972d0dfad423d87c1cd
```
Found 9 files trough .DS_Store spidering:

/platform
/platform/AboutPage
/platform/ar
/platform/attatchs
/platform/en
/platform/TermsConditions
/wp-admin
/wp-content
/wp-includes
```
  Found on 2023-11-17 03:30
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 20.50.64.5
Domain: www.solarinventar.info
Port: 443
URL: https://www.solarinventar.info

First seen 2023-06-20 11:36
Last seen 2023-11-16 23:46
Open for 149 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c3af247253af2472509f4ef999e145972d0dfad423d87c1cd
```
Found 9 files trough .DS_Store spidering:

/platform
/platform/AboutPage
/platform/ar
/platform/attatchs
/platform/en
/platform/TermsConditions
/wp-admin
/wp-content
/wp-includes
```
  Found on 2023-11-16 23:46
- Severity: low
  Fingerprint: 5f32cf5d6962f09c8329733f8329733fa5ef89115c42547b87a1024e8bc37eb5
```
Found 10 files trough .DS_Store spidering:

/wp-admin
/wp-admin/css
/wp-admin/images
/wp-admin/includes
/wp-admin/js
/wp-admin/maint
/wp-admin/network
/wp-admin/user
/wp-content
/wp-includes
```
  Found on 2023-06-20 11:36
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 20.50.64.5
Domain: www.sustainabilityunfolded.com
Port: 443
URL: https://www.sustainabilityunfolded.com

First seen 2023-05-12 11:17
- Severity: medium
  Fingerprint: 2580fa947178c88602b1737db148c044baa2727ab8135b5bbc521bbb3ad39a5a
```
[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
	ignorecase = true
[remote "origin"]
	url = https://github.com/azureappserviceoss/wordpress-azure
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
[branch "linux-appservice"]
	remote = origin
	merge = refs/heads/linux-appservice
```
  Found on 2023-05-12 11:17
  
  380 Bytes
Create report

Open service 20.50.64.5:80 · epicweb.optimizely.blog

2026-02-08 17:22

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Sun, 08 Feb 2026 17:23:03 GMT
Location: https://epicweb.optimizely.blog/

Found 14 hours ago by HttpPlugin

Host 20.50.64.5

Ireland

Software information

GraphQL introspection is enabled.

Swagger API description is publicly available

MacOS file listing through .DS_Store file

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

GraphQL introspection is enabled.

Swagger API description is publicly available

Swagger API description is publicly available

Git configuration and history exposed

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Git configuration and history exposed

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Git configuration and history exposed