Domain trade.ebsec.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-24 06:28
Last seen 2026-01-09 22:13
Open for 77 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ecd727da0432070f2a3c056fbc732c047491816155Public Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /trade/v1/asset/get-asset-detail GET /trade/v1/asset/get-buying-power GET /trade/v1/asset/get-funds GET /trade/v1/asset/get-position-list GET /trade/v1/asset/get-rate GET /trade/v1/asset/get-template-info GET /trade/v1/asset/get-user-position-list GET /trade/v1/asset/get-user-total-asset GET /trade/v1/deposit/currency GET /trade/v1/deposit/eb-account GET /trade/v1/ipo-client/cancel GET /trade/v1/ipo-client/ipo-calendar-data GET /trade/v1/ipo-client/issue-info GET /trade/v1/ipo-client/margin-info GET /trade/v1/ipo-client/results GET /trade/v1/ipo-client/schedule-list GET /trade/v1/ipo-client/subscription-detail GET /trade/v1/ipo-client/subscription-detail-by-record-id GET /trade/v1/ipo-client/verify-create GET /trade/v1/message/get-msg-count GET /trade/v1/message/get-push-switch GET /trade/v1/message/list-message-info GET /trade/v1/message/list-msg-classify GET /trade/v1/message/list-msg-classify-user GET /trade/v1/message/list-web-message GET /trade/v1/order/get-default-symbol GET /trade/v1/order/get-max-trd-qty GET /trade/v1/position-deposit/detail GET /trade/v1/position-deposit/list GET /trade/v1/position-deposit/market GET /trade/v1/position-withdraw/detail GET /trade/v1/position-withdraw/list GET /trade/v1/position/get-account-position GET /trade/v1/withdraw/query-asset POST /trade/v1/asset/get-user-currency POST /trade/v1/currency/get-all-rate POST /trade/v1/currency/get-currency-list POST /trade/v1/currency/get-list POST /trade/v1/deposit/create POST /trade/v1/deposit/list POST /trade/v1/ipo-client/delivered POST /trade/v1/ipo-client/financing-cash-rate POST /trade/v1/ipo-client/listed POST /trade/v1/ipo-client/offering POST /trade/v1/ipo-client/offering-confirm-msg POST /trade/v1/ipo-client/offering-msg POST /trade/v1/ipo-client/subscription-list POST /trade/v1/ipo-client/to-be-listed POST /trade/v1/market/check-market-status POST /trade/v1/message/msg-read POST /trade/v1/message/update-msg-push-switch POST /trade/v1/order-fill/get-history-order-fill-list POST /trade/v1/order-fill/get-order-fill-list POST /trade/v1/order/add POST /trade/v1/order/amend POST /trade/v1/order/cancel POST /trade/v1/order/cancel-order POST /trade/v1/order/currency-exchange POST /trade/v1/order/get-history-order-list POST /trade/v1/order/get-order-list POST /trade/v1/order/modify-order POST /trade/v1/order/place-order POST /trade/v1/order/query-all-end-order-list POST /trade/v1/order/query-all-order-list POST /trade/v1/order/query-check-info POST /trade/v1/order/query-estimate-charge POST /trade/v1/order/query-order-detail POST /trade/v1/order/query-pending-order-list POST /trade/v1/order/query-web-currency-exchange-list POST /trade/v1/order/query-web-order-list POST /trade/v1/position-deposit/create-by-app POST /trade/v1/position-withdraw/get-user-available-position POST /trade/v1/position-withdraw/submit POST /trade/v1/position/get-user-position-list POST /trade/v1/statement/get-statement-list POST /trade/v1/subscription-record/client-cancel POST /trade/v1/subscription-record/create POST /trade/v1/withdraw/create POST /trade/v1/withdraw/list
Found on 2026-01-09 22:13
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-24 06:28
Last seen 2026-01-09 14:51
Open for 77 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ecd727da0432070f2a3c056fbc732c047491816155Public Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /trade/v1/asset/get-asset-detail GET /trade/v1/asset/get-buying-power GET /trade/v1/asset/get-funds GET /trade/v1/asset/get-position-list GET /trade/v1/asset/get-rate GET /trade/v1/asset/get-template-info GET /trade/v1/asset/get-user-position-list GET /trade/v1/asset/get-user-total-asset GET /trade/v1/deposit/currency GET /trade/v1/deposit/eb-account GET /trade/v1/ipo-client/cancel GET /trade/v1/ipo-client/ipo-calendar-data GET /trade/v1/ipo-client/issue-info GET /trade/v1/ipo-client/margin-info GET /trade/v1/ipo-client/results GET /trade/v1/ipo-client/schedule-list GET /trade/v1/ipo-client/subscription-detail GET /trade/v1/ipo-client/subscription-detail-by-record-id GET /trade/v1/ipo-client/verify-create GET /trade/v1/message/get-msg-count GET /trade/v1/message/get-push-switch GET /trade/v1/message/list-message-info GET /trade/v1/message/list-msg-classify GET /trade/v1/message/list-msg-classify-user GET /trade/v1/message/list-web-message GET /trade/v1/order/get-default-symbol GET /trade/v1/order/get-max-trd-qty GET /trade/v1/position-deposit/detail GET /trade/v1/position-deposit/list GET /trade/v1/position-deposit/market GET /trade/v1/position-withdraw/detail GET /trade/v1/position-withdraw/list GET /trade/v1/position/get-account-position GET /trade/v1/withdraw/query-asset POST /trade/v1/asset/get-user-currency POST /trade/v1/currency/get-all-rate POST /trade/v1/currency/get-currency-list POST /trade/v1/currency/get-list POST /trade/v1/deposit/create POST /trade/v1/deposit/list POST /trade/v1/ipo-client/delivered POST /trade/v1/ipo-client/financing-cash-rate POST /trade/v1/ipo-client/listed POST /trade/v1/ipo-client/offering POST /trade/v1/ipo-client/offering-confirm-msg POST /trade/v1/ipo-client/offering-msg POST /trade/v1/ipo-client/subscription-list POST /trade/v1/ipo-client/to-be-listed POST /trade/v1/market/check-market-status POST /trade/v1/message/msg-read POST /trade/v1/message/update-msg-push-switch POST /trade/v1/order-fill/get-history-order-fill-list POST /trade/v1/order-fill/get-order-fill-list POST /trade/v1/order/add POST /trade/v1/order/amend POST /trade/v1/order/cancel POST /trade/v1/order/cancel-order POST /trade/v1/order/currency-exchange POST /trade/v1/order/get-history-order-list POST /trade/v1/order/get-order-list POST /trade/v1/order/modify-order POST /trade/v1/order/place-order POST /trade/v1/order/query-all-end-order-list POST /trade/v1/order/query-all-order-list POST /trade/v1/order/query-check-info POST /trade/v1/order/query-estimate-charge POST /trade/v1/order/query-order-detail POST /trade/v1/order/query-pending-order-list POST /trade/v1/order/query-web-currency-exchange-list POST /trade/v1/order/query-web-order-list POST /trade/v1/position-deposit/create-by-app POST /trade/v1/position-withdraw/get-user-available-position POST /trade/v1/position-withdraw/submit POST /trade/v1/position/get-user-position-list POST /trade/v1/statement/get-statement-list POST /trade/v1/subscription-record/client-cancel POST /trade/v1/subscription-record/create POST /trade/v1/withdraw/create POST /trade/v1/withdraw/list
Found on 2026-01-09 14:51
-
-
Open service 23.50.131.140:80 · trade.ebsec.com
2026-01-09 22:13
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Expires: Fri, 09 Jan 2026 22:13:44 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 22:13:44 GMT Content-Length: 30 Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=201 Server-Timing: cdn-cache; desc=MISS Server-Timing: ak_p; desc="1767996824744_389224204_2812954458_20132_5342_0_0_-";dur=1 {"msg":"Not Found","code":404}Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.50.131.136:443 · trade.ebsec.com
2026-01-09 14:51
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Strict-Transport-Security: max-age=15724800; includeSubDomains Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Content-Length: 30 Expires: Fri, 09 Jan 2026 14:51:44 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 14:51:44 GMT Connection: close Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=582 Server-Timing: origin; dur=8 Alt-Svc: h3=":443"; ma=93600 Server-Timing: ak_p; desc="1767970303562_389224204_2647797222_58889_9468_81_98_-";dur=1 {"msg":"Not Found","code":404}Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.50.131.136:443 · trade.ebsec.com
2026-01-02 18:02
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Strict-Transport-Security: max-age=15724800; includeSubDomains Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Content-Length: 30 Expires: Fri, 02 Jan 2026 18:02:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 18:02:18 GMT Connection: close Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=199 Server-Timing: origin; dur=6 Alt-Svc: h3=":443"; ma=93600 Server-Timing: ak_p; desc="1767376937999_389224204_1000038065_20418_5780_212_216_-";dur=1 {"msg":"Not Found","code":404}Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.50.131.140:80 · trade.ebsec.com
2026-01-02 16:01
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Expires: Fri, 02 Jan 2026 16:01:26 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 16:01:26 GMT Content-Length: 30 Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=221 Server-Timing: cdn-cache; desc=MISS Server-Timing: ak_p; desc="1767369686269_389224204_966396993_22130_5426_0_0_-";dur=1 {"msg":"Not Found","code":404}Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.50.131.136:443 · trade.ebsec.com
2025-12-23 08:41
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Strict-Transport-Security: max-age=15724800; includeSubDomains Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Content-Length: 30 Expires: Tue, 23 Dec 2025 08:41:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Dec 2025 08:41:22 GMT Connection: close Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=179 Server-Timing: origin; dur=5 Alt-Svc: h3=":443"; ma=93600 Server-Timing: ak_p; desc="1766479282266_389224204_1200801369_18386_4903_99_116_-";dur=1 {"msg":"Not Found","code":404}Found 2025-12-23 by HttpPluginCreate report
-
Open service 23.50.131.140:80 · trade.ebsec.com
2025-12-22 09:29
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Expires: Mon, 22 Dec 2025 09:29:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 09:29:25 GMT Content-Length: 30 Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=198 Server-Timing: cdn-cache; desc=MISS Server-Timing: ak_p; desc="1766395765266_389224204_1065148316_19805_4837_11_0_-";dur=1 {"msg":"Not Found","code":404}Found 2025-12-22 by HttpPluginCreate report
-
Open service 23.50.131.136:443 · trade.ebsec.com
2025-12-21 10:19
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Strict-Transport-Security: max-age=15724800; includeSubDomains Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Content-Length: 30 Expires: Sun, 21 Dec 2025 10:19:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 21 Dec 2025 10:19:38 GMT Connection: close Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=794 Server-Timing: origin; dur=5 Alt-Svc: h3=":443"; ma=93600 Server-Timing: ak_p; desc="1766312377628_389224204_872934272_79762_12723_0_26_-";dur=1 {"msg":"Not Found","code":404}Found 2025-12-21 by HttpPluginCreate report
-
Open service 23.50.131.140:80 · trade.ebsec.com
2025-12-20 12:05
HTTP/1.1 404 Not Found Content-Type: application/json Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,timezone Access-Control-Max-Age: 1728000 Expires: Sat, 20 Dec 2025 12:05:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 20 Dec 2025 12:05:25 GMT Content-Length: 30 Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=201 Server-Timing: cdn-cache; desc=MISS Server-Timing: ak_p; desc="1766232324957_389224204_713220485_20155_4932_129_0_-";dur=1 {"msg":"Not Found","code":404}Found 2025-12-20 by HttpPluginCreate report