Domain showcase.bluecopa.com
United States
Software information
Vercel
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-10 05:19
Last seen 2026-01-09 22:31
Open for 60 days-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf751adad8f389db912303a80adaa4254cd96849953Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: GET /allocations-build/run-results/{workbookId} GET /allocations-build/workflow-runs/{workflowId} GET /allocations/{id}/runs GET /api/fxRuntime/fxHelp GET /api/fxRuntime/fxSchema GET /api/fxRuntime/fxWorkbookSheets GET /api/test/pipelineV2Tools GET /api/v1/workflow/{id} GET /api/workflows/ledger-entries GET /apps-studio/input-table GET /apps-studio/view-table GET /apps/cost-allocation-group/{id} GET /apps/cost-allocation/{id}/runs GET /apps/cost-allocation/{id}/test GET /apps/input-table/name/{name} GET /apps/input-table/{id} GET /apps/ledger-entry/{id}/results GET /apps/ledger-entry/{id}/test GET /apps/portal/databox GET /apps/portal/filebox GET /apps/skillset/builder/{id} GET /apps/view-table/name/{name} GET /apps/view-table/{id} GET /authz/logout GET /automate/api/exportAsDatasets GET /automate/api/pipelines GET /automate/api/robots GET /bulk-exports/{id} GET /bulk-exports/{id}/results GET /catalog/api/datasetList GET /catalog/api/datasetquery GET /catalog/api/libraryDatasets GET /catalog/api/warehouseTables GET /catalog/api/warehouseTablesMetadata GET /data-studio/bulk-exports GET /data-studio/dbt-pipelines GET /data/api/sourceSpec GET /data/api/srcToBronzeWorkflowSync GET /data/api/srcToBronzeWorkflowTest GET /data/reconciliation/matches/config/{runId} GET /data/reconciliation/result/{id} GET /form/api GET /home GET /inbox/api/alertTemplate GET /inbox/api/inboxItems GET /integrations/external-connections GET /integrations/external-connections/actions GET /integrations/external-connections/specs GET /integrations/external-connections/test/{id} GET /integrations/external-connections/{id} GET /integrations/external-datasets GET /integrations/external-datasets/list GET /integrations/http-triggers GET /integrations/models/canonicalModels GET /library/catalog/datasets GET /library/data-access GET /library/data-access/{id} GET /library/exports GET /library/templates GET /library/virtual-datasets GET /mock/swagger GET /operations/bulk-exports GET /reconciliation-engine/data GET /settings/api/integrations/sources/config GET /settings/api/integrations/sources/getSavedConfigs GET /settings/api/integrations/sources/getSupported GET /settings/api/integrations/srcToBronzeWorkflows/getAll GET /settings/api/integrations/srcToBronzeWorkflows/getAllBySrcConfig GET /settings/api/integrations/srcToBronzeWorkflows/getById GET /settings/api/team GET /settings/api/teams GET /settings/api/user GET /settings/api/users GET /settings/api/users/directory GET /settings/api/users/directory/users GET /settings/api/workspace GET /status GET /team/{id} GET /workspace/api/board GET /workspace/api/components GET /workspace/api/statement/plan/template/{runId} GET /workspace/api/statement/viewWorkflow GET /workspace/api/statement/viewWorkflow/getBySheetId/{id} GET /workspace/api/statement/viewWorkflow/result/workflow/{id} GET /workspace/api/statement/viewWorkflow/result/{id} GET /workspace/api/statement/viewWorkflow/{id} POST /allocations-build/nodes-data POST /allocations-build/workflow POST /allocations/run/{instanceId} POST /allocations/trigger-run/{sheetId} POST /api/fxRuntime/fxAllocations/dfx/templated-pipeline/run/result POST /api/fxRuntime/fxAllocations/run/templated-pipeline POST /api/fxRuntime/fxAllocations/templated-pipeline-describe POST /api/fxRuntime/fxConversation POST /api/fxRuntime/fxDatasetColumnDataGroups POST /api/fxRuntime/fxDatasetDuplicateRows POST /api/fxRuntime/fxDatasetGenerate POST /api/fxRuntime/fxDatasetSample POST /api/fxRuntime/fxDefinition POST /api/fxRuntime/fxDescription POST /api/fxRuntime/fxDriveFileSchema POST /api/fxRuntime/fxFormCapture POST /api/fxRuntime/fxFormSchemaCapture POST /api/fxRuntime/fxInputTable POST /api/fxRuntime/fxLedger POST /api/fxRuntime/fxPublishedDefinition POST /api/fxRuntime/fxReconMatchSample POST /api/fxRuntime/fxReportDefinition POST /api/fxRuntime/fxReportDrilldown POST /api/fxRuntime/fxReportFormulaDrilldown POST /api/fxRuntime/fxScheduleAlert POST /api/fxRuntime/fxScheduleDataset POST /api/fxRuntime/fxStmtFormulaDrilldown POST /api/fxRuntime/fxTransformationModelSample POST /api/fxRuntime/fxTriggerAlert POST /api/fxRuntime/fxUDescribe POST /api/fxRuntime/fxUniqueColValues POST /api/fxRuntime/fxValidate POST /api/openAI/assistant POST /api/openAI/createAssistant POST /api/openAI/updateAssistant POST /api/v1/file/url POST /api/v1/http-trigger/{id} POST /api/v1/workflow/instances/status POST /api/v1/workflow/trigger POST /api/workspace/defaultDateFormat POST /apps/cost-allocation/{id} POST /apps/cost-allocation/{id}/publish POST /apps/ledger-entry/{id}/publish POST /apps/portal/permissions POST /apps/portal/publish POST /apps/portal/{id} POST /apps/skillset/permissions POST /apps/skillset/publish POST /catalog/api/publishLocalDataset POST /data/api/srcToBronzeWorkflowPause POST /data/reconciliation/matches/{workflowId} POST /inbox/settings POST /pusher/auth POST /settings/api/checkPermissions POST /settings/api/integrations/sources/getSchema POST /settings/api/integrations/sources/testConfig POST /settings/api/integrations/srcToBronzeWorkflows/schedule POST /settings/api/integrations/srcToBronzeWorkflows/test POST /settings/api/integrations/srcToBronzeWorkflows/update POST /settings/api/integrations/srcToBronzeWorkflows/updateCatalog POST /settings/api/objectPermissions POST /settings/api/teamAssignment POST /settings/api/userPermissionAssignment POST /team POST /workspace/api/fileStorage POST /workspace/api/fxRuntime/fxReportSheet POST /workspace/api/fxRuntime/fxReportSheetDrilldown POST /workspace/api/fxRuntime/fxReportViewDrilldown POST /workspace/api/publishedWorkbooks POST /workspace/api/statement/plan/preview POST /workspace/api/statement/plan/preview/drilldown POST /workspace/api/statement/plan/result POST /workspace/api/statement/plan/result/drilldown POST /workspace/api/statement/plan/template/definition POST /workspace/api/statement/viewWorkflow/all POST /workspace/api/statement/viewWorkflow/result POST /workspace/api/statement/viewWorkflow/result/data POST /workspace/api/statement/viewWorkflow/result/markOutdated POST /workspace/api/statement/viewWorkflow/run POST /workspace/api/statement/viewWorkflow/updateInputs POST /workspace/api/statement/viewWorkflow/updateViewFilters PUT /apps/portal/workbook PUT /users/api/userHomeFavoritesFound on 2026-01-09 22:31
-
-
Open service 66.33.60.129:443 · showcase.bluecopa.com
2026-01-09 22:31
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Fri, 09 Jan 2026 22:31:36 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: iad1::bom1::lgcbs-1767997896803-5e00fb9bea09 Connection: close Transfer-Encoding: chunked
Found 2026-01-09 by HttpPluginCreate report
-
Open service 66.33.60.129:80 · showcase.bluecopa.com
2026-01-09 22:31
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://showcase.bluecopa.com/ Refresh: 0;url=https://showcase.bluecopa.com/ server: Vercel Redirecting...
Found 2026-01-09 by HttpPluginCreate report
-
Open service 76.76.21.22:443 · showcase.bluecopa.com
2026-01-09 22:31
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Fri, 09 Jan 2026 22:31:36 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: iad1::bom1::rq7w6-1767997895904-7f7dfa269463 Connection: close Transfer-Encoding: chunked
Found 2026-01-09 by HttpPluginCreate report
-
Open service 76.76.21.22:80 · showcase.bluecopa.com
2026-01-09 22:31
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://showcase.bluecopa.com/ Refresh: 0;url=https://showcase.bluecopa.com/ server: Vercel Redirecting...
Found 2026-01-09 by HttpPluginCreate report
-
Open service 66.33.60.35:443 · showcase.bluecopa.com
2026-01-09 07:29
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Fri, 09 Jan 2026 07:29:57 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: fra1::bom1::5z2kg-1767943797146-4e84c59e3c49 Connection: close Transfer-Encoding: chunked
Found 2026-01-09 by HttpPluginCreate report
-
Open service 66.33.60.35:443 · showcase.bluecopa.com
2026-01-02 06:10
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Fri, 02 Jan 2026 06:10:11 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: sin1::bom1::pv49x-1767334211058-cb075276333a Connection: close Transfer-Encoding: chunked
Found 2026-01-02 by HttpPluginCreate report
-
Open service 66.33.60.35:443 · showcase.bluecopa.com
2025-12-22 20:46
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Mon, 22 Dec 2025 20:46:47 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: fra1::bom1::wcfkb-1766436407159-f031fb21412b Connection: close Transfer-Encoding: chunked
Found 2025-12-22 by HttpPluginCreate report
-
Open service 66.33.60.35:443 · showcase.bluecopa.com
2025-12-21 00:50
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, Cache-Control, X-COPA-TOKEN, X-COPA-WORKSPACE-ID, X-COMP-ID Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH Access-Control-Allow-Origin: http://localhost:8080 Access-Control-Max-Age: 86400 Age: 0 Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Content-Security-Policy: script-src 'self' 'unsafe-eval' 'nonce-swaggerui1' 'nonce-swaggerui2' 'nonce-swaggerui3' vercel.live accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net https://unpkg.com http://34.117.150.73; connect-src 'self' data: api.unisvg.com api.simplesvg.com api.iconify.design storage.googleapis.com browser-intake-datadoghq.com edge-config.vercel.com https://fonts.googleapis.com https://fonts.gstatic.com csi.gstatic.com https://api.xero.com cdn.jsdelivr.net wss://ws-ap2.pusher.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com graph.microsoft.com sockjs-ap2.pusher.com *.bluecopa.com *.blob.core.windows.net unpkg.com wss://pusher-play.bluecopa.com/websocket/connection http://34.117.150.73; frame-src 'self' content.googleapis.com docs.google.com fonts.gstatic.com fonts.googleapis.com blob: http://34.117.150.73; img-src 'self' data: fivetran.com www.leadsquared.com blob: https://s3.eu-west-2.amazonaws.com https://avatars.slack-edge.com http://34.117.150.73; worker-src 'self' blob: ; child-src 'self' blob: http://34.117.150.73; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com css.zohocdn.com cdn.jsdelivr.net http://34.117.150.73; script-src-elem 'self' 'unsafe-inline' accounts.google.com apis.google.com fonts.gstatic.com fonts.googleapis.com js.live.net www.datadoghq-browser-agent.com d3js.org cdn.jsdelivr.net unpkg.com http://34.117.150.73 Date: Sun, 21 Dec 2025 00:50:14 GMT Location: /welcome?error=invalid_user Permissions-Policy: interest-cohort=() Referrer-Policy: no-referrer Sec-Fetch-User: ?1 Server: Vercel Set-Cookie: redirectPath=%2F; Path=/; HttpOnly; Secure; SameSite=Lax Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Vercel-Cache: MISS X-Vercel-Id: iad1::bom1::8s2kj-1766278214302-8356e33e4c7f Connection: close Transfer-Encoding: chunked
Found 2025-12-21 by HttpPluginCreate report