Host 95.217.18.112
Finland
Software information
nginx
tcp/443
-
SSH is potenitally vulnerable
WARNING: This plugin will generate false positive and is purely informative:
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
First seen 2025-12-11 03:56
Last seen 2026-01-08 17:53
Open for 28 days-
Severity: info
Fingerprint: 3f43e0ebb5dce37ab8b59eb581e37d9f0be3b35a0be3b35a0be3b35a0be3b35aFound potentially vulnerable SSH version: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.14 WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
Found on 2026-01-08 17:53
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-23 01:17
Last seen 2025-11-14 01:16
Open for 21 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f9105e74e334d74628b57fc78677e2c1e7110c63Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/ConsultantProfile/{id} GET /api/ConsultantProfile GET /api/ConsultantProfile/byId/{id} GET /api/ConsultantProfile/filtered-consultant GET /api/Departments GET /api/Departments/filtered-departments GET /api/Departments/uniqueName/{uniqueName} GET /api/Departments/{id} GET /api/account GET /api/activate GET /api/admin/Users GET /api/admin/Users/authorities GET /api/admin/Users/home-page GET /api/admin/Users/{login} GET /api/authenticate GET /api/skills GET /api/skills/filtered-skills GET /api/skills/{id} GET /management/info GET /swagger-resources POST /api/account/change-password POST /api/account/profileImage POST /api/account/reset-password/finish POST /api/account/reset-password/init POST /api/registerFound on 2025-11-14 01:16
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-21 20:20
Last seen 2025-11-12 15:05
Open for 21 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f9105e74e334d74628b57fc78677e2c1e7110c63Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/ConsultantProfile/{id} GET /api/ConsultantProfile GET /api/ConsultantProfile/byId/{id} GET /api/ConsultantProfile/filtered-consultant GET /api/Departments GET /api/Departments/filtered-departments GET /api/Departments/uniqueName/{uniqueName} GET /api/Departments/{id} GET /api/account GET /api/activate GET /api/admin/Users GET /api/admin/Users/authorities GET /api/admin/Users/home-page GET /api/admin/Users/{login} GET /api/authenticate GET /api/skills GET /api/skills/filtered-skills GET /api/skills/{id} GET /management/info GET /swagger-resources POST /api/account/change-password POST /api/account/profileImage POST /api/account/reset-password/finish POST /api/account/reset-password/init POST /api/registerFound on 2025-11-12 15:05
-
-
Open service 95.217.18.112:443 · cv-staging.zendev.se
2026-01-08 21:15
HTTP/1.1 200 OK Server: nginx Date: Thu, 08 Jan 2026 21:15:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: MCSESSID=ca4b2c6e4f7b6ca93c31704e1d225fff; path=/; secure; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin
Found 2026-01-08 by HttpPluginCreate report
-
Open service 95.217.18.112:22
2026-01-08 17:53
Found 2026-01-08 by SSHOpenPluginCreate report
-
Open service 95.217.18.112:443 · cv-staging.zendev.se
2026-01-01 21:39
HTTP/1.1 200 OK Server: nginx Date: Thu, 01 Jan 2026 21:39:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: MCSESSID=228e6b89de885bb86a9033ba680af434; path=/; secure; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin
Found 2026-01-01 by HttpPluginCreate report
-
Open service 95.217.18.112:22
2026-01-01 19:05
Found 2026-01-01 by SSHOpenPluginCreate report
-
Open service 95.217.18.112:443 · cv-staging.zendev.se
2025-12-30 05:03
HTTP/1.1 200 OK Server: nginx Date: Tue, 30 Dec 2025 05:03:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: MCSESSID=513831b4a4974033f9fca0cfc4d3437a; path=/; secure; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin
Found 2025-12-30 by HttpPluginCreate report
-
Open service 95.217.18.112:22
2025-12-30 01:58
Found 2025-12-30 by SSHOpenPluginCreate report
-
Open service 95.217.18.112:443 · cv-staging.zendev.se
2025-12-22 06:02
HTTP/1.1 200 OK Server: nginx Date: Mon, 22 Dec 2025 06:02:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: MCSESSID=9a7eb9db04b81c4aa50b8a94eed1408b; path=/; secure; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin
Found 2025-12-22 by HttpPluginCreate report
-
Open service 95.217.18.112:22
2025-12-22 03:16
Found 2025-12-22 by SSHOpenPluginCreate report
-
Open service 95.217.18.112:443 · cv-staging.zendev.se
2025-12-20 06:33
HTTP/1.1 200 OK Server: nginx Date: Sat, 20 Dec 2025 06:33:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: MCSESSID=0b3cf9e3754b332df710e59e75e45a98; path=/; secure; HttpOnly; SameSite=Lax Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin
Found 2025-12-20 by HttpPluginCreate report
-
Open service 95.217.18.112:22
2025-12-20 03:54
Found 2025-12-20 by SSHOpenPluginCreate report