LeakIX - Host api-dev.vortexbonus.com

Domain api-dev.vortexbonus.com

United States

RAILWAY

Software information

railway-edge

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 66.33.22.57
Domain: api-dev.vortexbonus.com
Port: 443
URL: https://api-dev.vortexbonus.com

First seen 2025-11-16 19:11
Last seen 2026-01-09 07:35
Open for 53 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 07:35
Create report

Open service 66.33.22.57:443 · api-dev.vortexbonus.com

2026-01-09 07:35

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range,X-Content-Range
Content-Length: 45
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:3000 http://localhost:* https://api-dev.vortexbonus.com https://api.vortexbonus.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: validator.swagger.io;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 07:35:24 GMT
Etag: W/"2d-cNj29RQ25Pprcj6a6edy/V2YndQ"
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 10000
Ratelimit-Policy: 10000;w=900
Ratelimit-Remaining: 9999
Ratelimit-Reset: 900
Referrer-Policy: no-referrer
Server: railway-edge
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Railway-Edge: railway/europe-west4-drams3a
X-Railway-Request-Id: ZvURurMrQbWkY3g45nX1uw
X-Xss-Protection: 0
Connection: close


{"success":false,"message":"Route not found"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 66.33.22.57:443 · api-dev.vortexbonus.com

2026-01-02 06:03

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range,X-Content-Range
Content-Length: 45
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:3000 http://localhost:* https://api-dev.vortexbonus.com https://api.vortexbonus.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: validator.swagger.io;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 06:03:38 GMT
Etag: W/"2d-cNj29RQ25Pprcj6a6edy/V2YndQ"
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 10000
Ratelimit-Policy: 10000;w=900
Ratelimit-Remaining: 9999
Ratelimit-Reset: 900
Referrer-Policy: no-referrer
Server: railway-edge
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Railway-Edge: railway/us-east4-eqdc4a
X-Railway-Request-Id: fmRIv5l5QfmNryWtg4a9AQ
X-Xss-Protection: 0
Connection: close


{"success":false,"message":"Route not found"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 66.33.22.57:443 · api-dev.vortexbonus.com

2025-12-22 21:00

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range,X-Content-Range
Content-Length: 45
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:3000 http://localhost:* https://api-dev.vortexbonus.com https://api.vortexbonus.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: validator.swagger.io;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 21:00:25 GMT
Etag: W/"2d-cNj29RQ25Pprcj6a6edy/V2YndQ"
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 10000
Ratelimit-Policy: 10000;w=900
Ratelimit-Remaining: 9999
Ratelimit-Reset: 900
Referrer-Policy: no-referrer
Server: railway-edge
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Railway-Edge: railway/us-east4-eqdc4a
X-Railway-Request-Id: K1eRtmZKTcGWiKoPCx5-qw
X-Xss-Protection: 0
Connection: close


{"success":false,"message":"Route not found"}

Found 2025-12-22 by HttpPlugin

Create report

Open service 66.33.22.57:443 · api-dev.vortexbonus.com

2025-12-21 00:36

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Range,X-Content-Range
Content-Length: 45
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:3000 http://localhost:* https://api-dev.vortexbonus.com https://api.vortexbonus.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: validator.swagger.io;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sun, 21 Dec 2025 00:36:34 GMT
Etag: W/"2d-cNj29RQ25Pprcj6a6edy/V2YndQ"
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 10000
Ratelimit-Policy: 10000;w=900
Ratelimit-Remaining: 9998
Ratelimit-Reset: 900
Referrer-Policy: no-referrer
Server: railway-edge
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Railway-Edge: railway/europe-west4-drams3a
X-Railway-Request-Id: _o7bhXDxQJGWHH0u5nX1uw
X-Xss-Protection: 0
Connection: close


{"success":false,"message":"Route not found"}

Found 2025-12-21 by HttpPlugin

Create report

api-dev.vortexbonus.com

Fingerprint:

7e80263e9b5a91c2cd8041389cd215d95a1e751fb6a2c36564495fe4cbf3a97d

CN:

api-dev.vortexbonus.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-16 18:12

Not after:

2026-02-14 18:12

Domain summary

api-dev.vortexbonus.com 4

1 recorded

IP summary

66.33.22.57 2

1 recorded

Domain api-dev.vortexbonus.com

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

api-dev.vortexbonus.com

Domain summary

IP summary