LeakIX - Host 2.16.183.18

Host 2.16.183.18

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443 tcp/80

AkamaiNetStorage

tcp/443 tcp/80

AmazonS3

tcp/443 tcp/80

Heroku

tcp/443 tcp/80

Kestrel Kestrel

tcp/443

Microsoft-IIS 10.0

tcp/443

Microsoft-IIS 8.5

tcp/443 tcp/80

Vercel

tcp/443 tcp/80

awselb awselb 2.0

tcp/80

cloudflare

tcp/443

istio-envoy

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.18
Domain: online.cardif.co.kr
Port: 443
URL: https://online.cardif.co.kr

First seen 2025-10-18 00:05
Last seen 2026-01-10 01:18
Open for 84 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2026-01-10 01:18
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.18
Domain: ga.cardif.co.kr
Port: 443
URL: https://ga.cardif.co.kr

First seen 2025-10-18 00:05
Last seen 2025-10-18 00:05
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2025-10-18 00:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.18
Domain: nps.cardif.co.kr
Port: 443
URL: https://nps.cardif.co.kr

First seen 2025-10-18 00:05
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2025-10-18 00:05
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.18
Domain: b2b.cardif.co.kr
Port: 443
URL: https://b2b.cardif.co.kr

First seen 2025-10-18 00:05
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656
```
Public Swagger UI/API detected at path: /swagger-ui.html
```
  Found on 2025-10-18 00:05
Create report

Open service 2.16.183.18:443 · online.cardif.co.kr

2026-01-10 01:18

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 8989
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self';upgrade-insecure-requests;
Content-Type: text/html; charset=UTF-8
Content-Language: ko-KR
Date: Sat, 10 Jan 2026 01:18:38 GMT
Connection: close
Set-Cookie: WMONID=D6JJTJM9Dl0; Expires=Sun, 10-Jan-27 10:18:37 GMT; Path=/; Secure; HttpOnly
Set-Cookie: JSESSIONID=0000a24qghjhpS0XPHrbtU7xj_G:-1; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=15768000






<!DOCTYPE html>
<html lang="ko">
	<head>
		<meta name="autocomplete" content="off"/>
		<meta name="title" content="BNP파리바 카디프생명 온라인보험"/>
		<meta name="description" content="한국 신용보험과의 20년 동행, 언제 어디서나 쉽고 빠른 BNP파리바 카디프생명 온라인 보험"/>
		<meta http-equiv="Pragma" content="no-cache"/>
		<meta http-equiv="Pragma" content="no-store"/>
		<meta http-equiv="Cache-Control" content="No-Cache"/>
		<meta http-equiv="Expires" content="-1"/>
		<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
		<meta http-equiv="X-UA-Compatible" content="IE=edge">

		<meta property="og:url" content="https://online.cardif.co.kr/index.jsp"/>
		<meta property="og:title" content="BNP파리바 카디프생명"/>
		<meta property="og:description" content="BNP파리바 카디프생명 온라인 전자청약 사이트"/>
		<meta property="og:image" content="https://online.cardif.co.kr/resources/images/bnp_ogimg.jpg"/>

		<script type="text/javascript">
			var enterWayCd = '';
			var partnerCd = '';
			var packageId = '';
			var bankCd = '';
			var branchCd = '';
			var recruitCd = '';
			var mngNo = '';
			var initPartner = '';
			var recommenderId = '';

			//googleTagManager용 파라메터 추가
			var utm_source = '';
			var utm_medium = '';
			var utm_campaign = '';
			var utm_content = '';
			var utm_id = '';
			var utm_term = '';
			var gclid = '';


			function init() {
				var url = "";
				//gdk::20230223::online.cardif.co.kr 입력시 온라인상품몰로 이동 요청(prdF0501)
				if (enterWayCd == '' && partnerCd == '' && packageId == '') {
					//enterWayCd = '3';
					//partnerCd = 'L78'
					//packageId = 'e001';
					//googleTagManager용 파라메터 추가
					url = (utm_source==null || utm_source=='') ? url : url + 'utm_source='+utm_source;
					url = (utm_medium==null || utm_medium=='') ? url : url + '&utm_medium='+utm_medium;
					url = (utm_campaign==null || utm_campaign=='') ? url : url + '&utm_campaign='+utm_campaign;
					url = (utm_content==null || utm_content=='') ? url : url + '&utm_content='+utm_content;
					url = (utm_term==null || utm_term=='') ? url : url + '&utm_term='+utm_term;
					url = (initPartner==null || initPartner=='') ? url : url + '&initPartner='+initPartner; //gdk::20210910::initPartner 인입제휴사코드
					url = (recommenderId==null || recommenderId=='') ? url : url + '&recommenderId='+recommenderId; //gdk::20221027::추천인 ID

					var form = document.createElement("form")
					form.setAttribute("method", "POST");

					// 20250814 RBP25080025	[e-sub] online.cardif.co.kr 연결 페이지 변경
					//form.setAttribute("action", "/index.do");
					form.setAttribute("action", "/cpi-plan.do");


					var urlarry = url.split("&");
					for(var i=0; i<urlarry.length;i++){
						var sval = urlarry[i].split("=");
						var hField = document.createElement("input")
						hField.setAttribute("type", "hidden");
						hField.setAttribute("name", sval[0]);
						hField.setAttribute("value", sval[1]);
						form.appendChild(hField);
					}

					document.body.appendChild(form);
					form.submit();

					return;

				//gdk::20221103::모기지파트너스 일부URL 생성
				} else if (enterWayCd == '' && partnerCd == 'A0059') {
					enterWayCd = '1';
					bankCd = 'G48';
					branchCd = '00000';
					recruitCd = '25900001';
				//gdk::20221111::핀다오류로 수정반영
				} else if (enterWayCd == '2' && partnerCd == 'A0032') {
					branchCd = '00000';
					//recruitCd = '000001';
				} else if (enterWayCd == '3' && partnerCd == '') {
					enterWayCd = '3';
					partnerCd = 'L78'
				} else if (enterWayCd == '4' && partnerCd == '') {
					enterWayCd = '4';
					partnerCd = 'L78'
				}

				// 기존 세션값에 있던것
				if("2" == enterWayCd){
					bankCd = "CM1";
					branchCd = "00000";

					if(recruitCd == "" && (partnerCd == "A0032" ||partnerCd == "F008")
					) {
						recruitCd =

Found 2026-01-10 by HttpPlugin

Create report

Open service 2.16.183.18:443 · gapi.admin.kalundborg.dk

2026-01-09 13:49

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Content-Length: 151
Expires: Fri, 09 Jan 2026 13:49:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 13:49:32 GMT
Connection: close
Set-Cookie: GoPublicAffinity=1767966573.276.564620.27558|4782eab11d711089353f64b6dd66f484; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000


{"succeeded":false,"errors":{"general":[{"message":"Origin-headeren må ikke være tom","code":"ORIGIN_HEADER_EMPTY"}],"validation":[]},"successes":[]}

Found 2026-01-09 by HttpPlugin