Host 2.16.1.242
Germany
Software information
AkamaiGHost
tcp/80
istio-envoy
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 2.16.1.242
Domain: whitehorse-api-uat.vmonline.com.au
Port: 443
URL: https://whitehorse-api-uat.vmonline.com.auFirst seen 2025-12-04 21:55
Last seen 2026-01-09 06:27
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496fec35e198c771c7063b67d4e68a0001fbf72084Public Swagger UI/API detected at path: /swagger/index.html - sample paths: POST /BuildingPermit POST /Land POST /Lease POST /Owners POST /PlanningPermit POST /Properties POST /Sales POST /SouthAustraliaProperties POST /Token POST /Valuation
Found on 2026-01-09 06:27
-
-
Open service 2.16.1.242:80 · www.valoriza.philips.com.br
2026-01-23 10:47
HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://philipsvaloriza.com.br Expires: Fri, 23 Jan 2026 10:48:04 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 23 Jan 2026 10:48:04 GMT Connection: close
Found 2026-01-23 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · whitehorse-api-uat.vmonline.com.au
2026-01-23 10:04
HTTP/1.1 503 Service Unavailable Content-Type: text/html Content-Length: 162 Expires: Fri, 23 Jan 2026 10:04:49 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 23 Jan 2026 10:04:49 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> </body> </html>
Found 2026-01-23 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · st-connect.doda.jp
2026-01-10 12:41
HTTP/1.1 403 Forbidden Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 376 Expires: Sat, 10 Jan 2026 12:41:55 GMT Date: Sat, 10 Jan 2026 12:41:55 GMT Connection: close Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://st-connect.doda.jp/" on this server.<P> Reference #18.ee011002.1768048915.448480d1 <P>https://errors.edgesuite.net/18.ee011002.1768048915.448480d1</P> </BODY> </HTML>
Found 2026-01-10 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · www.valoriza.philips.com.br
2026-01-09 16:46
HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://philipsvaloriza.com.br Expires: Fri, 09 Jan 2026 16:47:30 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 16:47:30 GMT Connection: close
Found 2026-01-09 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · whitehorse-api-uat.vmonline.com.au
2026-01-09 06:27
HTTP/1.1 404 Not Found Expires: Fri, 09 Jan 2026 06:27:10 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 06:27:10 GMT Content-Length: 0 Connection: close Alt-Svc: h3=":443"; ma=93600
Found 2026-01-09 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · plangrid-dev.planfront.net
2026-01-05 03:21
HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate,no-cache, no-store, must-revalidate Content-Security-Policy: frame-ancestors 'self' *.zoom.us *.optimizely.com *.optimizelyedit.com go.pardot.com Content-Type: text/html; charset=utf-8 ETag: W/"50929526946fd299a4582cc6af2bbce9" Expires: 0 Pragma: no-cache Rerouted-From: plangrid-dev.planfront.net-dev Rerouted-To: planweb-dev Rerouting-Rule: default Server: istio-envoy Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Envoy-Upstream-Service-Time: 7 X-Frame-Options: SAMEORIGIN X-Request-Id: 9556d716-2da7-41a4-bdf5-992849b4b103 X-Runtime: 0.005502 X-Xss-Protection: 1; mode=block Date: Mon, 05 Jan 2026 03:21:56 GMT Content-Length: 34740 Connection: close Set-Cookie: _planweb_session=ODVPT2p6eDE0SUxUQnllZTFwWmIyYWJFQTYrMUZwd01rTWhENkZiQXRPZmEyTElTMFBFL2QxaWl4TWZPQWJYOWQ5VDkxUU9mNDNQWFpvOUc1WkF0QTdaVnBZbG0weGNXd0RWa3dSRlhTTFgxZEs3YzRkSE82Y01OMHRoYkRLT0o0UkEvWFp3T0R1OEtDZUtEQTdoY2k4YWIvUnQxdnZCcXNGWnVFWlRIWWVGWjc3bXFHWHV4UHJzdDFwRGgrakJKLS1nUFBIelUzWUE0K3p2c24zdE80TnBBPT0%3D--d7bc78427b7fcfe464003054571400e92ff63ad3; path=/; HttpOnly Page title: PlanGrid - the construction app that works for you. <!DOCTYPE html> <html> <head> <!-- Segment snippet v4.1.0 --> <script type="text/javascript"> !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on", "addSourceMiddleware"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t,e){var n=document.createElement("script");n.type="text/javascript";n.async=!0;n.src="https://cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(n,a);analytics._loadOptions=e};analytics.SNIPPET_VERSION="4.1.0"; function removeResetPasswordTokenFromPayload({ payload, next }) { const re = /(reset-password)\/(.{8}-.{4}-.{4}-.{4}-.{12})$/g; function replaceReferrer(obj) { obj.referrer = obj.referrer.replace(re, '$1/password-token'); } function replacePath(obj) { obj.path = obj.path.replace(re, '$1/password-token'); } function replaceUrl(obj) { obj.url = obj.url.replace(re, '$1/password-token'); } if (payload.type() === "page") { if (payload.obj.context.page.path.match(re)) replacePath(payload.obj.context.page); if (payload.obj.context.page.referrer.match(re)) replaceReferrer(payload.obj.context.page) if (payload.obj.context.page.url.match(re)) replaceUrl(payload.obj.context.page) if (payload.obj.properties.path.match(re)) replacePath(payload.obj.properties); if (payload.obj.properties.referrer.match(re)) replaceReferrer(payload.obj.properties); if (payload.obj.properties.url.match(re)) replaceUrl(payload.obj.properties); } next(payload); }; analytics.addSourceMiddleware(removeResetPasswordTokenFromPayload); analytics.load("65z751kouu"); analytics.page(); }}(); </script> <title>PlanGrid - the construction app that works for you.</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Log in to your PlanGrid construction management app. Easily share plans, markups, photos, and reports with the entire project team no matter where you are."> <link rel="canonical" href="https://app.plangrid.com/" /> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="EOLr4Jnm6f8wYRygXQv2R6Io046TckoJ+AqJaRAJC3+vwELHIcjwNdm9idePHopdJGugGYRC/8czjgmEtCGa9w==" /> <link href="" rel='preconnect' crossorigin> <link href="https://photos.planfront-assets.net" rel='preconnect' crossorigin> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-41152083-4', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.googletagmanager.com/gtag/js?id=AW-145-974-4726"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'AW-145-974-4726'); </script> <link rel="stylesheet" media="screen" href="/assets/manifests/application-440d8674f5426bbd37aa4f53f38024d26d0ac0f2f939f2701758e0adc15870b3.css" /> <meta charset="UTF-8"> <meta name="robots" content="noindex"> <meta name="googleFound 2026-01-05 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · plangrid-dev.planfront.net
2026-01-05 03:21
HTTP/1.1 301 Moved Permanently Location: https://plangrid-dev.planfront.net/ Server: istio-envoy Vary: Accept-Encoding Content-Length: 0 Date: Mon, 05 Jan 2026 03:21:58 GMT Connection: close
Found 2026-01-05 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · plangrid-test.planfront.net
2026-01-05 03:21
HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate,no-cache, no-store, must-revalidate Content-Security-Policy: frame-ancestors 'self' *.zoom.us *.optimizely.com *.optimizelyedit.com go.pardot.com Content-Type: text/html; charset=utf-8 ETag: W/"6523f3bdaa7f6c0e6df5bb7d5ce8f6f4" Expires: 0 Pragma: no-cache Server: istio-envoy Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Envoy-Upstream-Service-Time: 9 X-Frame-Options: SAMEORIGIN X-Request-Id: 7ccc8dc9-410e-971b-b1c1-11c846c1e4e1 X-Runtime: 0.006133 X-Xss-Protection: 1; mode=block Date: Mon, 05 Jan 2026 03:21:56 GMT Content-Length: 34483 Connection: close Set-Cookie: _planweb_session=RU52V0NqT2llU0xzVlgzanJkN1ZkbDMrb2tFK0JIUUsyMEUzRDlid2FUUUFISVJsVXpvemhiR0RpWm0rWXYwL3NzOUZFanFCbWNtMXQvMGllWTcycGFxZUlmSEkyNFhsRE8rSThtNSt0VG5oWkdoUlFYN1hsb1JBNlBOQjF5emkxZW5jM0NLMURObjlUOWtyWmZQakNPUFpwRkpDUVZFMjBId21ZbVNwaXBmMTdDM3d2cWJ4WmM0dThtVnJXVk9iLS1Nb0VDcEtRU1lsOENRUTQwS3BOQytBPT0%3D--7682b3af3f04487fc360e09a038f5c1e815bc724; path=/; HttpOnly Set-Cookie: akacd_planweb-test=3945036115~rv=56~id=761f676220ed8956e0923a1cae90f0a6; path=/; Secure; SameSite=None Page title: PlanGrid - the construction app that works for you. <!DOCTYPE html> <html> <head> <!-- Segment snippet v4.1.0 --> <script type="text/javascript"> !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on", "addSourceMiddleware"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t,e){var n=document.createElement("script");n.type="text/javascript";n.async=!0;n.src="https://cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(n,a);analytics._loadOptions=e};analytics.SNIPPET_VERSION="4.1.0"; function removeResetPasswordTokenFromPayload({ payload, next }) { const re = /(reset-password)\/(.{8}-.{4}-.{4}-.{4}-.{12})$/g; function replaceReferrer(obj) { obj.referrer = obj.referrer.replace(re, '$1/password-token'); } function replacePath(obj) { obj.path = obj.path.replace(re, '$1/password-token'); } function replaceUrl(obj) { obj.url = obj.url.replace(re, '$1/password-token'); } if (payload.type() === "page") { if (payload.obj.context.page.path.match(re)) replacePath(payload.obj.context.page); if (payload.obj.context.page.referrer.match(re)) replaceReferrer(payload.obj.context.page) if (payload.obj.context.page.url.match(re)) replaceUrl(payload.obj.context.page) if (payload.obj.properties.path.match(re)) replacePath(payload.obj.properties); if (payload.obj.properties.referrer.match(re)) replaceReferrer(payload.obj.properties); if (payload.obj.properties.url.match(re)) replaceUrl(payload.obj.properties); } next(payload); }; analytics.addSourceMiddleware(removeResetPasswordTokenFromPayload); analytics.load("65z751kouu"); analytics.page(); }}(); </script> <title>PlanGrid - the construction app that works for you.</title> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Log in to your PlanGrid construction management app. Easily share plans, markups, photos, and reports with the entire project team no matter where you are."> <link rel="canonical" href="https://app.plangrid.com/" /> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="w1x6hRQ0ejOuTaAFmbyXRAmKQvs77nkxOnto/6AW2++Rp5XIVQAIejFS7mbAZ6k+WPgAIYySiICoJzgsV1+LAg==" /> <link href="" rel='preconnect' crossorigin> <link href="https://photos.planfront-assets.net" rel='preconnect' crossorigin> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-41152083-4', 'auto'); ga('send', 'pageview'); </script> <script async src="https://www.googletagmanager.com/gtag/js?id=AW-145-974-4726"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'AW-145-974-4726'); </script> <link rel="stylesheet" media="screen" href="/assets/manifests/application-440d8674f5426bbd37aa4f53f38024d26d0ac0f2f939f2701758e0adc15870b3.css" /> <meta charset="UTF-8"> <meta name="robots" content="noindex"> <meta name="googleFound 2026-01-05 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · plangrid-test.planfront.net
2026-01-05 03:21
HTTP/1.1 301 Moved Permanently Location: https://plangrid-test.planfront.net/ Server: istio-envoy Vary: Accept-Encoding Content-Length: 0 Date: Mon, 05 Jan 2026 03:21:57 GMT Connection: close Set-Cookie: akacd_planweb-test=3945036116~rv=70~id=2626ec2130272154c8c4eef48ecb99d1; path=/
Found 2026-01-05 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · www.valoriza.philips.com.br
2026-01-02 18:09
HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://philipsvaloriza.com.br Expires: Fri, 02 Jan 2026 18:09:53 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 18:09:53 GMT Connection: close
Found 2026-01-02 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · whitehorse-api-uat.vmonline.com.au
2026-01-02 03:13
HTTP/1.1 404 Not Found Expires: Fri, 02 Jan 2026 03:13:28 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 03:13:28 GMT Content-Length: 0 Connection: close Alt-Svc: h3=":443"; ma=93600
Found 2026-01-02 by HttpPluginCreate report
-
Open service 2.16.1.242:80 · www.valoriza.philips.com.br
2025-12-22 20:15
HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://philipsvaloriza.com.br Expires: Mon, 22 Dec 2025 20:15:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 20:15:18 GMT Connection: close
Found 2025-12-22 by HttpPluginCreate report
-
Open service 2.16.1.242:443 · whitehorse-api-uat.vmonline.com.au
2025-12-22 10:48
HTTP/1.1 503 Service Unavailable Content-Type: text/html Content-Length: 162 Expires: Mon, 22 Dec 2025 10:48:55 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 10:48:55 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> </body> </html>
Found 2025-12-22 by HttpPluginCreate report