LeakIX - Host api-staging.totalhipaa.com

Domain api-staging.totalhipaa.com

United States

AMAZON-02

Software information

Heroku

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.151.71
Domain: api-staging.totalhipaa.com
Port: 443
URL: https://api-staging.totalhipaa.com

First seen 2025-10-26 12:19
Last seen 2026-01-10 00:17
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-10 00:17
Create report

Open service 99.83.151.71:443 · api-staging.totalhipaa.com

2026-01-10 00:17

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 77
Content-Type: application/json; charset=utf-8
Date: Sat, 10 Jan 2026 00:17:11 GMT
Etag: W/"4d-5ju42I1eUxWt5PDieuBpvE25big"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Snpbt8%2BHMm%2FAqOgPOxp1LIH552A9prskeOAtHpRB5UY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768004231"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Snpbt8%2BHMm%2FAqOgPOxp1LIH552A9prskeOAtHpRB5UY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768004231"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close


{"name":"totalhipaa","version":"2.0.1","dateTime":"2026-01-10T00:17:11.767Z"}

Found 2026-01-10 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api-staging.totalhipaa.com

2026-01-02 20:30

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 78
Content-Type: application/json; charset=utf-8
Date: Fri, 02 Jan 2026 20:30:47 GMT
Etag: W/"4e-5gufMImTXtlRNoi0F2dRsd5s2io"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bVfPEwy75pZ5%2FEXFyxZyPgPJ%2B6StKNuC2w9WrlEeeVg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767385847"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bVfPEwy75pZ5%2FEXFyxZyPgPJ%2B6StKNuC2w9WrlEeeVg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767385847"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close


{"name":"totalhipaa","version":"1.27.2","dateTime":"2026-01-02T20:30:47.046Z"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api-staging.totalhipaa.com

2025-12-23 02:45

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 78
Content-Type: application/json; charset=utf-8
Date: Tue, 23 Dec 2025 02:45:39 GMT
Etag: W/"4e-F64bCUeWCaGgh2Ct5K29iCXRTlU"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=rqDuMdfIsj%2Fi3tHHppfk0LPNWBHilErwEs52aBuNAPc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766457939"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=rqDuMdfIsj%2Fi3tHHppfk0LPNWBHilErwEs52aBuNAPc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766457939"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close


{"name":"totalhipaa","version":"1.27.2","dateTime":"2025-12-23T02:45:39.811Z"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api-staging.totalhipaa.com

2025-12-21 08:10

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 78
Content-Type: application/json; charset=utf-8
Date: Sun, 21 Dec 2025 08:10:07 GMT
Etag: W/"4e-4Sssyr8vyO1OXUB06Fi8uZZ1fJc"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=WmnJqeVAEfcUiCGGSufelOSK3%2FIX92iVMOItl4CwO4M%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766304607"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=WmnJqeVAEfcUiCGGSufelOSK3%2FIX92iVMOItl4CwO4M%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766304607"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close


{"name":"totalhipaa","version":"1.27.2","dateTime":"2025-12-21T08:10:07.842Z"}

Found 2025-12-21 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api-staging.totalhipaa.com

2025-12-19 06:06

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 78
Content-Type: application/json; charset=utf-8
Date: Fri, 19 Dec 2025 06:06:22 GMT
Etag: W/"4e-ZOj1vg3kMh7a6WUcJkDCiur1Ozs"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gul0rWPDIGAzuX6yW1FZ85mgXBdQ%2Fqu48dkRtgLZBUw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766124382"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gul0rWPDIGAzuX6yW1FZ85mgXBdQ%2Fqu48dkRtgLZBUw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766124382"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close


{"name":"totalhipaa","version":"1.27.2","dateTime":"2025-12-19T06:06:22.494Z"}

Found 2025-12-19 by HttpPlugin

Create report

api-staging.totalhipaa.com

Fingerprint:

b7ca58924aea3c2b01dbb6beaa665dcace12ead5c76f4259b05750f11a819bde

CN:

api-staging.totalhipaa.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-26 00:12

Not after:

2026-02-24 00:12

Domain summary

api-staging.totalhipaa.com 5

1 recorded

IP summary

99.83.151.71 2

1 recorded

Domain api-staging.totalhipaa.com

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

api-staging.totalhipaa.com

Domain summary

IP summary