LeakIX - Host 23.3.88.147

Host 23.3.88.147

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: chevron.linex.iot.linde-le.com
Port: 443
URL: https://chevron.linex.iot.linde-le.com

First seen 2025-12-05 06:47
Last seen 2026-02-10 00:40
Open for 66 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb44567673ee5a22cbf1ba4f3c131c893d22b878fe2

Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /get_eventtypes/
GET /get_lifetimeevents/
GET /groups/
POST /adgroups/
POST /create_eventtype/
POST /create_lifetimeevent/
POST /delete_lifetimeevents/
POST /get_KPIevents/
POST /get_comments/
POST /get_tag_alias/
POST /get_tag_metadata/
POST /insert_comment/
POST /kusto/get_asset_status/
POST /kusto/get_histogram_data/
POST /kusto/get_plot3D_TLt2/
POST /kusto/get_profile_data/
POST /kusto/get_profile_data_v2/
POST /kusto/get_trends_data/
POST /metadata/

Found on 2026-02-10 00:40

Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb44567673ee5a22cbf1ba4f3c131c893d2d8acca41

Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
GET /get_eventtypes/
GET /get_lifetimeevents/
GET /groups/
POST /adgroups/
POST /create_lifetimeevent/
POST /delete_lifetimeevents/
POST /get_KPIevents/
POST /get_comments/
POST /get_tag_alias/
POST /get_tag_metadata/
POST /insert_comment/
POST /kusto/get_asset_status/
POST /kusto/get_histogram_data/
POST /kusto/get_plot3D_TLt2/
POST /kusto/get_profile_data/
POST /kusto/get_profile_data_v2/
POST /kusto/get_trends_data/
POST /metadata/

Found on 2026-01-23 10:26

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.89
Domain: api.training.vr-staging.linde.com
Port: 443
URL: https://api.training.vr-staging.linde.com

First seen 2025-12-05 06:47
Last seen 2026-02-08 01:02
Open for 64 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-08 01:02

Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354914d7f30d18bc383787a899924ebf68afc6d5c0a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /companies/{id}/subscription/{courseId}
DELETE /trainingplans/{id}/accounts/{accountId}
GET /accounts
GET /accounts/current
GET /accounts/current/statistics
GET /accounts/current/statistics/usage.xlsx
GET /accounts/leaderboard
GET /accounts/sso/authorization-url/{provider}
GET /accounts/{id}
GET /accounts/{id}/statistics/courses
GET /accounts/{id}/statistics/sessions
GET /companies
GET /companies/{id}
GET /companies/{id}/plants
GET /companies/{id}/statistics
GET /companies/{id}/statistics/courses
GET /companies/{id}/statistics/sessions
GET /companies/{id}/statistics/trainees
GET /companies/{id}/statistics/usage.xlsx
GET /companies/{id}/subscription
GET /companies/{id}/subscription/courses
GET /companies/{id}/subscription/usage
GET /cores
GET /cores/courses/{id}
GET /cores/{id}
GET /courses
GET /courses/runnable
GET /courses/summary
GET /courses/{id}
GET /courses/{id}/runnable
GET /courses/{id}/sessions
GET /courses/{id}/sessions/statistics
GET /languages
GET /plants/{id}
GET /streamingvirtualmachine/status
GET /trainingplans
GET /trainingplans/accounts/{accountId}
GET /trainingplans/active
GET /trainingplans/{id}
GET /trainingplans/{id}/accounts
GET /trainingplans/{id}/accounts/{accountId}/progress
GET /trainingplans/{id}/accounts/{accountId}/sessions
GET /trainingplans/{id}/accounts/{accountId}/statistics
GET /trainingplans/{id}/courses
GET /trainingplans/{id}/statistics
POST /accounts/forgot-password
POST /accounts/login
POST /accounts/otp
POST /accounts/otp-login
POST /accounts/register-trial
POST /accounts/reset-password
POST /accounts/sso/callback/{provider}
POST /accounts/validate-reset-token
POST /accounts/{id}/activate
POST /accounts/{id}/deactivate
POST /assets/upload/core
POST /assets/upload/image
POST /assets/upload/video
POST /cores/{id}/version/{version}
POST /coursesessions
POST /coursesessions/create
POST /coursesessions/{id}/complete
POST /plants
POST /productinquiries
POST /streamingvirtualmachine/start
POST /streamingvirtualmachine/stop
PUT /companies/{id}/subscription/cancel
PUT /companies/{id}/subscription/update
PUT /courses/{id}/archive
PUT /courses/{id}/unarchive

Found on 2026-01-16 12:46

Create report

Open service 23.3.88.147:80

2026-01-26 15:03

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 15:04:04 GMT
Date: Mon, 26 Jan 2026 15:04:04 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;8f580317&#46;1769439844&#46;338fc220
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;8f580317&#46;1769439844&#46;338fc220</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 23.3.88.147:443 · chevron.linex.iot.linde-le.com

2026-01-23 10:26

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 10 Dec 2025 06:28:27 GMT
ETag: "6939130b-83c"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Akamai-Transformed: 9 2108 0 pmb=mRUM,1
Expires: Fri, 23 Jan 2026 10:26:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 10:26:45 GMT
Content-Length: 6409
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=12
Server-Timing: origin; dur=21
Server-Timing: ak_p; desc="1769164005387_386095247_649032317_3508_8690_82_180_-";dur=1

Page title: LINEX Portal

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="LINEX Project" content="Linde Linex"/><title>LINEX Portal</title><link href="/static/css/1.8e3e0948.chunk.css" rel="stylesheet"><link href="/static/css/main.ff935ea1.chunk.css" rel="stylesheet">
                              <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="URHNZ-JX3TA-TE52X-3MQ5R-V9FB7",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"URHNZ-JX3TA-TE52X-3MQ5R-V9FB7";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="z266dnixanmjg2ltjtsq-f-08b0c4e3e-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"1348234","ak.ai":parseInt("814052",10),"ak.ol":"0","ak.cr":82,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"26af727d","ak.r":35216,"ak.a2":n,"ak.m":"","ak.n":"essl","ak.bpcip":"206.189.225.0","ak.cport":49176,"ak.gh":"23.3.88.143","ak.quicv":"","ak.tlsv":"tls1.3","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"bbr","ak.t":"1769164005","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==lIu11NNp+vf3IDPPzmGMkMqnsOdLl46Wk0Hnl6TxFoaDP3n3E/Y0g5bgUT6CfZUx2BSOzJLPN/psxJNKTcoMG2k8Lo6bJA6oXjkOhfv4SFR/+eJgolpJav3gz4RYZGlToiydNYRUflPt9OXDyejnFPAd4TcHqvKuzXEWTtFczY5tYzHAdUb1Inp3aaYvjviJBs2HO1WLyC9B9Z1izWUlMI3ZVl+z7j6JbEfFynZY7NgzFJIM50c+oZVYWs4AJq0I/8EW9PxoHmitQ6jF8bv6bRPbjkZORvgS5XtJvbmzxTU5jxCTWk5hgCs0psAt/afTwaONuJMiln6gEAGugGJduBDG0mVofS1ia0UQPCAVllGflYqZMY7KLdmgpPU15EVsnwc9xekBUeo9Q+BJbY3ON9rgknBq56iUnx2oOQcAcjU=","ak.pv":"4","ak.dpoabenc":

Found 2026-01-23 by HttpPlugin

Create report

Open service 23.3.88.147:443 · api.training.vr-staging.linde.com

2026-01-23 08:23
Found 2026-01-23 by HttpPlugin
Create report

acs.exchange.gdmstest.linde-le.comadfs.sandbox.linde-le.comadfsletest.linde.nameakamtestle.linde-le.comapi-plantserv.linde-engineering.comapi-test.cms.linde-le.comapi.cms.linde-le.comapi.customersurvey.plantserv.linde.comapi.hchub.linde.comapi.lvf.iot.linde-le.comapi.training.vr-staging.linde.comapi.training.vr.linde.comautospir.linde-le.combasflu.lvf.iot.linde-le.comcf.procorr.linde-le.comchevron.linex.iot.linde-le.comclientconnect.linde-le.comcms.linde-le.comconfigurator.lhf.iot.linde-le.comcustomersurvey.plantserv.linde.comdahej.lvf.iot.linde-le.comdemo.lvf.iot.linde-le.comdes.mylindemarket.linde.ardev.launchpad.linde.comdev.leconnect.linde.comdev.procorr.linde-le.comexp.procorr.linde-le.comfab.linde-le.comflp.linde-le.comgrafana.test.iot.linde-le.comgrtd.launchpad.linde.comgrtp.launchpad.linde-le.comgrtp.launchpad.linde.comgrtq.launchpad.linde.comgrtq.test-launchpad.linde-le.comgrts.launchpad.linde.comguacamole.lhf.iot.linde-le.comhfcapp.linde-le.comhml.mylindemarket.linde.arignition.dev.iot.linde-le.comintel.asu-monitoring.iot.linde-le.comipp.rewprint.linde.comitp.software.quality.portal.iot.linde-le.comlaos.linde-le.comlaunchpad.linde-le.comlaunchpad.linde.comleconnect.linde.comlgree.motormonitoring-gui-prd.iot.linde-le.comlimang.linde.namelinde-brasil.com.brlinde.linex.iot.linde-le.comliquidos.linde.commylindemarket.linde.arns3.rewprint.linde.comorders.tmmgaswarehouse.linde.complantmonitoring.lhf.iot.linde-le.complantmonitoringapi.lhf.iot.linde-le.complantserv.linde-engineering.compresto.iot.linde-le.comprocorr.linde-le.comqa.launchpad.linde.comqa.leconnect.linde.comqa.procorr.linde-le.comreview.gdms.linde-le.comreview.gdmstest.linde-le.comruwais.lvf.iot.linde-le.comsbx.api.hchub.linde.comsbx.launchpad.linde.comscholven.lvf.iot.linde-le.comseclore.linde-le.comseclore2.linde-le.comsecloretest.linde-le.comservice.elgas.co.nzservice.elgas.com.ausubcontracting.linde-le.comsupplierconnect.linde-le.comtest-clientconnect.linde-le.comtest-launchpad.linde-le.comtest-supplierconnect.linde-le.comtickets.noxboxltd.comtimeseriesinsights.iot.linde-le.comtools.bocgases.co.uktools.bocgases.ietotalweld.com.autraining.vr-staging.linde.comtraining.vr.linde.comtst.api.lcrisp.linde.comtst.api.pricesmart.linde.comtst.tools.bocgases.co.uktst.tools.bocgases.ievr-staging.linde.comweb.cms.linde-le.comweldspot.com.auwvs.review.gdms.linde-le.comwvs.review.gdmstest.linde-le.comwww.cosec.linde-le.comwww.laos.linde-le.comwww.linde-brasil.com.brwww.totalweld.com.auwww.weldspot.com.au

Fingerprint:

9ac5264efba3cbc154c34908793f7dbdff6c5201848d4232548f68253137b519

CN:

cms.linde-le.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-19 03:47

Not after:

2026-03-19 03:47

Domain summary

chevron.linex.iot.linde-le.com 2 api.training.vr-staging.linde.com 2

2 recorded