LeakIX - Host app.firma.dev

Domain app.firma.dev

Germany

CLOUDFLARENET

Software information

cloudflare

tcp/443 tcp/8443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 185.158.133.1
Domain: app.firma.dev
Port: 443
URL: https://app.firma.dev

First seen 2025-10-23 11:29
Last seen 2026-01-09 19:41
Open for 78 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff4322c93aff22c93aff22c93aff22c93aff22c93aff
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /templates
```
  Found on 2026-01-09 19:41
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 185.158.133.1
Domain: app.firma.dev
Port: 8443
URL: https://app.firma.dev:8443

First seen 2025-10-23 11:29
Last seen 2026-01-09 13:01
Open for 78 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff4322c93aff22c93aff22c93aff22c93aff22c93aff
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /templates
```
  Found on 2026-01-09 13:01
Create report

Open service 185.158.133.1:443 · app.firma.dev

2026-01-09 19:41

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 19:41:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9bb6698799bfa22f-YYZ

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/29f3e768-209a-47f5-ad92-7e4a322ac502/id-preview-c9d69ed9--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1767959138986.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 185.158.133.1:8443 · app.firma.dev

2026-01-09 13:01

HTTP/1.1 200 OK
Date: Fri, 09 Jan 2026 13:01:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9bb41f1bed343731-FRA

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/29f3e768-209a-47f5-ad92-7e4a322ac502/id-preview-c9d69ed9--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1767959138986.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 185.158.133.1:443 · app.firma.dev

2026-01-02 18:21

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 18:21:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b7c46c12a4b165e-BLR

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/d0379f14-9c10-4057-9050-5dbe8b64ce40/id-preview-c182745e--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1767115605783.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 185.158.133.1:8443 · app.firma.dev

2026-01-02 15:05

HTTP/1.1 200 OK
Date: Fri, 02 Jan 2026 15:05:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b7b28024d61f795-EWR

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/d0379f14-9c10-4057-9050-5dbe8b64ce40/id-preview-c182745e--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1767115605783.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 185.158.133.1:8443 · app.firma.dev

2025-12-22 21:30

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 21:30:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b22b7f74d7ad35c-FRA

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/6731310e-1989-4236-9d30-31b1aa464399/id-preview-912c737c--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1766437371601.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 185.158.133.1:443 · app.firma.dev

2025-12-22 19:33

HTTP/1.1 200 OK
Date: Mon, 22 Dec 2025 19:33:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b220d91faaadb9d-FRA

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/f8c8bc4d-fb91-4b46-95b6-645b9dfeb622/id-preview-b04564fb--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1766430658837.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 185.158.133.1:8443 · app.firma.dev

2025-12-20 21:29

HTTP/1.1 200 OK
Date: Sat, 20 Dec 2025 21:29:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b123c93fcad1ef7-AMS

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/02dd2df7-4c3c-4de8-8bd4-a7ed3cb9e8c8/id-preview-5cf6c6f0--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1766247415058.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 185.158.133.1:443 · app.firma.dev

2025-12-20 20:02

HTTP/1.1 200 OK
Date: Sat, 20 Dec 2025 20:02:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
ETag: "4b82f723880a7d33ac93d1db297c8dfc"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Vary: accept-encoding
Server: cloudflare
CF-RAY: 9b11bcffced027f6-EWR

Page title: Firma


<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://js.paddle.com https://www.googletagmanager.com https://unpkg.com https://kit.fontawesome.com https://ka-f.fontawesome.com; worker-src 'self' blob: https://unpkg.com; child-src 'self' blob:; object-src 'self'; connect-src 'self' https://*.paddle.com https://sandbox-checkout-service.paddle.com https://checkout-service.paddle.com https://*.supabase.co https://www.google-analytics.com; frame-src 'self' https://sandbox-buy.paddle.com https://buy.paddle.com https://sandbox-checkout.paddle.com https://checkout.paddle.com; img-src 'self' data: https://*.paddle.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://ka-f.fontawesome.com;" /> -->
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Expires" content="0" />
    <title>Firma</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Parisienne&display=swap">
    <link href="https://fonts.cdnfonts.com/css/satoshi" rel="stylesheet">
    
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-5HPYFJWV8R"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());

      gtag('config', 'G-5HPYFJWV8R');
    </script>
    <script type="module" crossorigin src="/assets/main-Czw9ZH8W.js"></script>
    
  <script defer src="https://app.firma.dev/~flock.js" data-proxy-url="https://app.firma.dev/~api/analytics"></script><meta name="twitter:image" content="https://pub-bb2e103a32db4e198524a2e9ed8f35b4.r2.dev/02dd2df7-4c3c-4de8-8bd4-a7ed3cb9e8c8/id-preview-5cf6c6f0--810748b7-baab-4438-8899-cfe5b8331a1f.lovable.app-1766247415058.png" /></head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

app.firma.dev

Fingerprint:

cc879c186c24e7cab27a6d56a7f9aa59b1038cc9ec9e7c45fb989363f7e3d38f

CN:

app.firma.dev

Key:

ECDSA-256

Issuer:

WE1

Not before:

2025-10-23 10:29

Not after:

2026-01-21 11:29

Domain summary

app.firma.dev 9

1 recorded

IP summary

185.158.133.1 2

1 recorded

Domain app.firma.dev

Germany

Software information

Swagger API description is publicly available

Swagger API description is publicly available

app.firma.dev

Domain summary

IP summary