LeakIX - Host api-v2.staging.searchsmartly.co

Domain api-v2.staging.searchsmartly.co

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.217.1
Domain: api-v2.staging.searchsmartly.co
Port: 443
URL: https://api-v2.staging.searchsmartly.co

First seen 2025-12-12 00:07
Last seen 2026-01-09 09:41
Open for 28 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff438b93e2adde6a7956dcb1494afcf2f21e311aabdd

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /area-comparison
GET /areas
GET /banners
GET /deals
GET /developments/{id}
GET /developments/{id}/properties
GET /lists
GET /lists/{id}
GET /portal-users/verify-user
GET /portal-users/{id}
GET /properties
GET /properties/{id}
GET /properties/{id}/pin-data
GET /referrals/fetch
GET /requests
GET /requests/{id}
GET /schools
GET /schools/{id}
GET /search-results/{id}/pins
POST /confirm-verification-email/{id}/{token}
POST /feeds/barratt/lead/{vr_id}
POST /isochrones/
POST /lists/add_editor
POST /lists/{id}/add_favourite
POST /lists/{id}/delete_favourite
POST /lists/{id}/remove_editor
POST /lists/{id}/share
POST /portal-users/change-password
POST /portal-users/login
POST /portal-users/logout
POST /portal-users/reset-password/
POST /portal-users/reset-password/confirm/{token}/{email}
POST /portal-users/signup
POST /portal-users/update-notes
POST /portal-users/{id}/update-score
POST /referrals/refer
POST /referrals/validate
POST /referrals/voucher
POST /requests/send-enquiry
POST /requests/{id}/cancel
POST /requests/{id}/resend-event
POST /resend-verification-email/{id}/{token}
POST /send-verification-email
POST /smartscore/
POST /travel-time/
POST /user-country

Found on 2026-01-09 09:41

Create report

Open service 99.83.217.1:443 · api-v2.staging.searchsmartly.co

2026-01-09 09:41

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 417
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Fri, 09 Jan 2026 09:41:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: same-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vna%2BRIexP7zlGm97FqbfPJMXYF3OC9rP4ypull5NNhM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767951664"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vna%2BRIexP7zlGm97FqbfPJMXYF3OC9rP4ypull5NNhM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767951664"
Server: Heroku
Set-Cookie: preSignUpId=492507; Domain=searchsmartly.co; Path=/
Vary: Accept, origin, Cookie
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: close


{"deals":"https://api-v2.staging.searchsmartly.co/deals","properties":"https://api-v2.staging.searchsmartly.co/properties","requests":"https://api-v2.staging.searchsmartly.co/requests","lists":"https://api-v2.staging.searchsmartly.co/lists","areas":"https://api-v2.staging.searchsmartly.co/areas","banners":"https://api-v2.staging.searchsmartly.co/banners","schools":"https://api-v2.staging.searchsmartly.co/schools"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api-v2.staging.searchsmartly.co

2026-01-02 11:06

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 417
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Fri, 02 Jan 2026 11:06:10 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: same-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=w0zkVeQvgHUYOWFUqAggC%2BRueNIak7kTRX%2FBJyUP6xM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767351969"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=w0zkVeQvgHUYOWFUqAggC%2BRueNIak7kTRX%2FBJyUP6xM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767351969"
Server: Heroku
Set-Cookie: preSignUpId=492401; Domain=searchsmartly.co; Path=/
Vary: Accept, origin, Cookie
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: close


{"deals":"https://api-v2.staging.searchsmartly.co/deals","properties":"https://api-v2.staging.searchsmartly.co/properties","requests":"https://api-v2.staging.searchsmartly.co/requests","lists":"https://api-v2.staging.searchsmartly.co/lists","areas":"https://api-v2.staging.searchsmartly.co/areas","banners":"https://api-v2.staging.searchsmartly.co/banners","schools":"https://api-v2.staging.searchsmartly.co/schools"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api-v2.staging.searchsmartly.co

2025-12-22 10:56

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 417
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Mon, 22 Dec 2025 10:56:42 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: same-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YFJwWQ7k2XQDRpLn%2BKQza7zkDJTXEl7pw6R5XQdBYnM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766401002"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YFJwWQ7k2XQDRpLn%2BKQza7zkDJTXEl7pw6R5XQdBYnM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766401002"
Server: Heroku
Set-Cookie: preSignUpId=491735; Domain=searchsmartly.co; Path=/
Vary: Accept, origin, Cookie
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: close


{"deals":"https://api-v2.staging.searchsmartly.co/deals","properties":"https://api-v2.staging.searchsmartly.co/properties","requests":"https://api-v2.staging.searchsmartly.co/requests","lists":"https://api-v2.staging.searchsmartly.co/lists","areas":"https://api-v2.staging.searchsmartly.co/areas","banners":"https://api-v2.staging.searchsmartly.co/banners","schools":"https://api-v2.staging.searchsmartly.co/schools"}

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api-v2.staging.searchsmartly.co

2025-12-21 10:46

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 417
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Sun, 21 Dec 2025 10:46:47 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: same-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jUuMXBtKWClqxfMhX7IUniDbVimkFue7tm9%2B5pY267E%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766314007"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jUuMXBtKWClqxfMhX7IUniDbVimkFue7tm9%2B5pY267E%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766314007"
Server: Heroku
Set-Cookie: preSignUpId=491687; Domain=searchsmartly.co; Path=/
Vary: Accept, origin, Cookie
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Connection: close


{"deals":"https://api-v2.staging.searchsmartly.co/deals","properties":"https://api-v2.staging.searchsmartly.co/properties","requests":"https://api-v2.staging.searchsmartly.co/requests","lists":"https://api-v2.staging.searchsmartly.co/lists","areas":"https://api-v2.staging.searchsmartly.co/areas","banners":"https://api-v2.staging.searchsmartly.co/banners","schools":"https://api-v2.staging.searchsmartly.co/schools"}

Found 2025-12-21 by HttpPlugin