LeakIX - Host 85.208.145.196

Host 85.208.145.196

France

NXT Initiative SAS

Software information

envoy

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: staging-standalone.vrcxp.com
Port: 443
URL: https://staging-standalone.vrcxp.com

First seen 2025-11-08 23:19
Last seen 2026-02-02 14:14
Open for 85 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6ba1b2fa06

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /device/data
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /turn/credentials
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-02-02 14:14

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6b2857e481

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-01-17 00:46

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: staging-inversive-sites-inversive-web-standalone.k8s.vrc.cloud
Port: 443
URL: https://staging-inversive-sites-inversive-web-standalone.k8s.vrc.cloud

First seen 2025-12-17 15:19
Last seen 2026-02-02 14:14
Open for 46 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6ba1b2fa06

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /device/data
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /turn/credentials
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-02-02 14:14

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6bf1fabde6

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /turn/credentials
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-01-15 20:47

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6b2857e481

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-01-02 09:13

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: inversive-sites-inversive-web-sdk.k8s.vrc.cloud
Port: 443
URL: https://inversive-sites-inversive-web-sdk.k8s.vrc.cloud

First seen 2025-12-11 14:47
Last seen 2026-02-01 23:45
Open for 52 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60bbf16caa188b5e2c6cf374eeaac1bc803ce86fa4
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/get-experience
GET /account/get-session
GET /chapter
GET /dev/changelog/get-latest
GET /dev/version
GET /end
GET /initialize
GET /manage/close
GET /manage/retry
GET /manage/start
GET /reporting/check
POST /account/generate-access-token
POST /account/save-experience
POST /action
POST /dev/changelog/set
POST /manage/update
POST /reporting/send
POST /reporting/upload-screenshot
POST /save
```
  Found on 2026-02-01 23:45
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: develop-inversive-sites-inversive-web-sdk.k8s.vrc.cloud
Port: 443
URL: https://develop-inversive-sites-inversive-web-sdk.k8s.vrc.cloud

First seen 2025-12-19 03:14
Last seen 2026-01-16 12:47
Open for 28 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60bbf16caa188b5e2c6cf374eeaac1bc803ce86fa4
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/get-experience
GET /account/get-session
GET /chapter
GET /dev/changelog/get-latest
GET /dev/version
GET /end
GET /initialize
GET /manage/close
GET /manage/retry
GET /manage/start
GET /reporting/check
POST /account/generate-access-token
POST /account/save-experience
POST /action
POST /dev/changelog/set
POST /manage/update
POST /reporting/send
POST /reporting/upload-screenshot
POST /save
```
  Found on 2026-01-16 12:47
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: inversive-sites-inversive-web-standalone.k8s.vrc.cloud
Port: 443
URL: https://inversive-sites-inversive-web-standalone.k8s.vrc.cloud

First seen 2025-12-11 14:45
Last seen 2026-01-16 12:47
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6bf1fabde6

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /turn/credentials
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-01-16 12:47

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6b2857e481

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2026-01-02 05:22

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: le-138.k8s.vrc.cloud
Port: 443
URL: https://le-138.k8s.vrc.cloud

First seen 2025-12-10 17:25
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f3d88d60bbf16caa188b5e2c6cf374eeaac1bc803ce86fa4
```
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/get-experience
GET /account/get-session
GET /chapter
GET /dev/changelog/get-latest
GET /dev/version
GET /end
GET /initialize
GET /manage/close
GET /manage/retry
GET /manage/start
GET /reporting/check
POST /account/generate-access-token
POST /account/save-experience
POST /action
POST /dev/changelog/set
POST /manage/update
POST /reporting/send
POST /reporting/upload-screenshot
POST /save
```
  Found on 2025-12-10 17:25
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.145.196
Domain: le-137.k8s.vrc.cloud
Port: 443
URL: https://le-137.k8s.vrc.cloud

First seen 2025-12-10 16:01

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6b2857e481

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
GET /account/profile
GET /auth/register
GET /auth/rotate-secret
GET /customlobby
GET /device
GET /experiences
GET /experiences/{experienceId}/invitation
GET /headsetcenters
GET /langs
GET /lobby/get-version
GET /lobbycore
GET /servicecore
GET /setup/download/{id}
GET /setup/get-last-version
GET /videoplayer
GET /videoplayer/get-download-url
GET /videoplayer/get-last-version
PATCH /experiences/{experienceId}/installed
PATCH /experiences/{experienceId}/removed
POST /auth/login
POST /auth/refresh
POST /experiences/session/{experienceId}/{experienceType}/started
POST /experiences/session/{sessionId}/stopped
POST /experiences/{experienceId}/notations
POST /experiences/{experienceId}/notations/{notationId}/screenshot

Found on 2025-12-10 16:01

Create report

Open service 85.208.145.196:443 · staging-standalone.vrcxp.com

2026-01-23 16:29

HTTP/1.1 301 Moved Permanently
content-length: 0
date: Fri, 23 Jan 2026 16:29:32 GMT
server: envoy
location: index.html
x-envoy-upstream-service-time: 1
connection: close

Found 2026-01-23 by HttpPlugin

Host 85.208.145.196

France

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

Swagger API description is publicly available

staging-standalone.vrcxp.com

inversive-sites-inversive-web-sdk.k8s.vrc.cloud

staging-inversive-sites-inversive-web-standalone.k8s.vrc.cloudstaging-standalone.vrcxp.com

inversive-sites-inversive-web-standalone.k8s.vrc.cloud

dev-sdk.vrcxp.comdevelop-inversive-sites-inversive-web-sdk.k8s.vrc.cloud

api.inversive.frapi.vrcxp.cominversive-sites-inversive-web-api.k8s.vrc.cloud

e-mersive-btp.fr

commons-k8s-drawio.k8s.vrc.clouddraw.k8s.vrc.clouddraw.vrc.cloud

inversive-webapp-production.k8s.vrc.cloud

inversive-webapp-staging.k8s.vrc.cloud

Domain summary