Host 3.78.250.23
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 3.78.250.23
Domain: backend.employeeappnpd.deloitte.gr
Port: 443
URL: https://backend.employeeappnpd.deloitte.grFirst seen 2025-11-19 11:33
Last seen 2026-01-02 16:52
Open for 44 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-02 16:52
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-10 12:05
Last seen 2026-01-02 10:43
Open for 52 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-02 10:43
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 3.78.250.23
Domain: backend.employeeapp.banana-handler.pro
Port: 443
URL: https://backend.employeeapp.banana-handler.proFirst seen 2025-11-23 05:26
Last seen 2026-01-02 06:37
Open for 40 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-02 06:37
-
-
Open service 3.78.250.23:443 · backend.employeeappnpd.deloitte.gr
2026-01-02 16:52
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 16:52:22 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1767373643 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.ddcustomer.com
2026-01-02 10:43
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 10:43:58 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1767351539 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeapp.banana-handler.pro
2026-01-02 06:37
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 06:37:24 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1767336745 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeappnpd.deloitte.gr
2025-12-30 14:10
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 30 Dec 2025 14:10:24 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1767104725 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-30 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeapp.banana-handler.pro
2025-12-30 11:45
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 30 Dec 2025 11:45:07 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1767096008 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-30 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeappnpd.deloitte.gr
2025-12-23 05:24
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 23 Dec 2025 05:24:58 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1766468398 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-23 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.ddcustomer.com
2025-12-23 03:22
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 23 Dec 2025 03:22:21 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1766461042 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-23 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeapp.banana-handler.pro
2025-12-22 14:57
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 14:57:32 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1766416353 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-22 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeapp.banana-handler.pro
2025-12-20 20:23
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 20:23:51 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1766263132 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-20 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.employeeappnpd.deloitte.gr
2025-12-20 15:22
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 15:22:35 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9998 X-Ratelimit-Reset: 1766245056 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-20 by HttpPluginCreate report
-
Open service 3.78.250.23:443 · backend.ddcustomer.com
2025-12-20 13:57
HTTP/1.1 302 Found Access-Control-Allow-Origin: * Alt-Svc: h3=":443"; ma=2592000 Content-Length: 44 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: text/plain; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 13:57:37 GMT Location: employeeapp://redirect Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept Via: 1.1 Caddy X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Ratelimit-Limit: 10000 X-Ratelimit-Remaining: 9997 X-Ratelimit-Reset: 1766239816 X-Xss-Protection: 0 Connection: close Found. Redirecting to employeeapp://redirect
Found 2025-12-20 by HttpPluginCreate report