Domain gha-embed.egov.gi
United States
Software information
Heroku
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-30 00:10
Last seen 2026-01-09 08:01
Open for 40 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 08:01
-
-
Open service 99.83.217.1:443 · gha-embed.egov.gi
2026-01-09 08:01
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://gha-embed.egov.gi/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=sBgOLh8vj9Qc%2BN%2BvTvdq6IvIDxcARdnA1X86cjCEKpg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767945688"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=sBgOLh8vj9Qc%2BN%2BvTvdq6IvIDxcARdnA1X86cjCEKpg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767945688" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 5d495acf-cda4-9ef1-889e-176502eccd42 X-Runtime: 0.046797 X-Xss-Protection: 0 Date: Fri, 09 Jan 2026 08:01:28 GMT Content-Length: 108 Connection: close <html><body>You are being <a href="https://gha-embed.egov.gi/patients/sign-in">redirected</a>.</body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · gha-embed.egov.gi
2026-01-02 05:28
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://gha-embed.egov.gi/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Ow%2BRtHiffXalSIr1zATWcd2PXCltbXOB8MfkMU34F%2B8%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767331701"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Ow%2BRtHiffXalSIr1zATWcd2PXCltbXOB8MfkMU34F%2B8%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767331701" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 74717617-e478-a526-c0a1-0f46b10b80d7 X-Runtime: 0.037379 X-Xss-Protection: 0 Date: Fri, 02 Jan 2026 05:28:21 GMT Content-Length: 108 Connection: close <html><body>You are being <a href="https://gha-embed.egov.gi/patients/sign-in">redirected</a>.</body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · gha-embed.egov.gi
2025-12-22 06:39
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://gha-embed.egov.gi/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7lw2omy4UUJdvA7tp%2F8aAwUmefGjiLficPGB23VAT6o%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766385593"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7lw2omy4UUJdvA7tp%2F8aAwUmefGjiLficPGB23VAT6o%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766385593" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 9082f2dc-c5f1-9447-54de-2c7e8d1cbc11 X-Runtime: 0.049342 X-Xss-Protection: 0 Date: Mon, 22 Dec 2025 06:39:53 GMT Content-Length: 108 Connection: close <html><body>You are being <a href="https://gha-embed.egov.gi/patients/sign-in">redirected</a>.</body></html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · gha-embed.egov.gi
2025-12-20 17:51
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://gha-embed.egov.gi/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=i2y81iw76WeJ6HwIs4X3vw5OTWm5CZ%2BXAcGo9D0RA7U%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766253097"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=i2y81iw76WeJ6HwIs4X3vw5OTWm5CZ%2BXAcGo9D0RA7U%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766253097" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 5eea8511-13ee-d62f-77fb-ff908f286294 X-Runtime: 0.048938 X-Xss-Protection: 0 Date: Sat, 20 Dec 2025 17:51:37 GMT Content-Length: 108 Connection: close <html><body>You are being <a href="https://gha-embed.egov.gi/patients/sign-in">redirected</a>.</body></html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · gha-embed.egov.gi
2025-12-19 03:02
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://gha-embed.egov.gi/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=tZKSzQsH9v6jtGimk%2FVMwtha4%2FdbP35uIFX6sprwMDw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766113364"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=tZKSzQsH9v6jtGimk%2FVMwtha4%2FdbP35uIFX6sprwMDw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766113364" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: b87646ec-842a-04b0-45a5-816a4fcabbb2 X-Runtime: 0.051800 X-Xss-Protection: 0 Date: Fri, 19 Dec 2025 03:02:44 GMT Content-Length: 108 Connection: close <html><body>You are being <a href="https://gha-embed.egov.gi/patients/sign-in">redirected</a>.</body></html>Found 2025-12-19 by HttpPluginCreate report