Domain api.testing.parzelo.com
Germany
Software information
BunnyCDN-DE1-1328
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-16 08:12
Last seen 2026-01-09 07:32
Open for 84 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 07:32
-
-
Open service 185.111.111.154:443 · api.testing.parzelo.com
2026-01-09 07:32
HTTP/1.1 200 OK Date: Fri, 09 Jan 2026 07:32:38 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1328 CDN-PullZone: 4417906 CDN-RequestCountryCode: DE Access-Control-Allow-Origin: https://testing.parzelo.com Cache-Control: public, max-age=0 X-Content-Type-Options: nosniff Content-Security-Policy: base-uri 'self'; object-src 'none'; default-src 'none'; frame-ancestors 'none' Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Opener-Policy: same-origin-allow-popups Cross-Origin-Resource-Policy: same-site Permissions-Policy: autoplay=*, bluetooth=*, camera=*, geolocation=*, payment=* X-Rate-Limit-Limit: 1d X-Rate-Limit-Remaining: 23999 X-Rate-Limit-Reset: 2026-01-10T07:32:38.0363821Z Strict-Transport-Security: max-age=63072000;includeSubDomains; preload X-Served-By: api.testing.parzelo.com CDN-ProxyVer: 1.43 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/09/2026 07:32:38 CDN-EdgeStorageId: 1331 CDN-RequestId: fa6b9b8b49ee7e5523f63ad68cbd08b5 CDN-Cache: BYPASS CDN-Status: 200 CDN-RequestTime: 0
Found 2026-01-09 by HttpPluginCreate report
-
Open service 185.111.111.154:443 · api.testing.parzelo.com
2026-01-02 06:06
HTTP/1.1 200 OK Date: Fri, 02 Jan 2026 06:06:36 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1328 CDN-PullZone: 4417906 CDN-RequestCountryCode: GB Access-Control-Allow-Origin: https://testing.parzelo.com Cache-Control: public, max-age=0 X-Content-Type-Options: nosniff Content-Security-Policy: base-uri 'self'; object-src 'none'; default-src 'none'; frame-ancestors 'none' Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Opener-Policy: same-origin-allow-popups Cross-Origin-Resource-Policy: same-site Permissions-Policy: autoplay=*, bluetooth=*, camera=*, geolocation=*, payment=* X-Rate-Limit-Limit: 1d X-Rate-Limit-Remaining: 23993 X-Rate-Limit-Reset: 2026-01-02T23:20:47.6872987Z Strict-Transport-Security: max-age=63072000;includeSubDomains; preload X-Served-By: api.testing.parzelo.com CDN-ProxyVer: 1.43 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/02/2026 06:06:36 CDN-EdgeStorageId: 1331 CDN-RequestId: 8b0ffd1c9da171e5b05d0d5f63be314c CDN-Cache: BYPASS CDN-Status: 200 CDN-RequestTime: 0
Found 2026-01-02 by HttpPluginCreate report
-
Open service 185.111.111.154:443 · api.testing.parzelo.com
2025-12-22 20:55
HTTP/1.1 200 OK Date: Mon, 22 Dec 2025 20:55:12 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1328 CDN-PullZone: 4417906 CDN-RequestCountryCode: DE Access-Control-Allow-Origin: https://testing.parzelo.com Cache-Control: public, max-age=0 X-Content-Type-Options: nosniff Content-Security-Policy: base-uri 'self'; object-src 'none'; default-src 'none'; frame-ancestors 'none' Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Opener-Policy: same-origin-allow-popups Cross-Origin-Resource-Policy: same-site Permissions-Policy: autoplay=*, bluetooth=*, camera=*, geolocation=*, payment=* X-Rate-Limit-Limit: 1d X-Rate-Limit-Remaining: 23994 X-Rate-Limit-Reset: 2025-12-23T11:20:22.2829988Z Strict-Transport-Security: max-age=63072000;includeSubDomains; preload X-Served-By: api.testing.parzelo.com CDN-ProxyVer: 1.41 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 12/22/2025 20:55:12 CDN-EdgeStorageId: 1331 CDN-RequestId: 5dcaaea755f521e01b5901f99fdbf3fa CDN-Cache: BYPASS CDN-Status: 200 CDN-RequestTime: 0
Found 2025-12-22 by HttpPluginCreate report
-
Open service 185.111.111.154:443 · api.testing.parzelo.com
2025-12-21 00:41
HTTP/1.1 200 OK Date: Sun, 21 Dec 2025 00:41:39 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1328 CDN-PullZone: 4417906 CDN-RequestCountryCode: CA Access-Control-Allow-Origin: https://testing.parzelo.com Cache-Control: public, max-age=0 X-Content-Type-Options: nosniff Content-Security-Policy: base-uri 'self'; object-src 'none'; default-src 'none'; frame-ancestors 'none' Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Opener-Policy: same-origin-allow-popups Cross-Origin-Resource-Policy: same-site Permissions-Policy: autoplay=*, bluetooth=*, camera=*, geolocation=*, payment=* X-Rate-Limit-Limit: 1d X-Rate-Limit-Remaining: 23997 X-Rate-Limit-Reset: 2025-12-21T23:46:24.2752871Z Strict-Transport-Security: max-age=63072000;includeSubDomains; preload X-Served-By: api.testing.parzelo.com CDN-ProxyVer: 1.41 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 12/21/2025 00:41:39 CDN-EdgeStorageId: 1331 CDN-RequestId: e558c572780c364d644791aeed45085e CDN-Cache: BYPASS CDN-Status: 200 CDN-RequestTime: 0
Found 2025-12-21 by HttpPluginCreate report