Domain api.been-journal.co
United States
Software information
Heroku
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-16 00:54
Last seen 2026-01-10 00:57
Open for 55 days-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf7251d45947bff0b67d5e114ddee6a632a2ca36fa9Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: DELETE /user/{user_id}/delete GET /auth/google-auth-status GET /auth/logout GET /checklists/categories GET /checklists/templates GET /countries/ GET /media/picker/items GET /media/picker/session GET /places/country GET /places/find GET /places/search GET /tags/ GET /trips/ GET /trips/{trip_id} GET /trips/{trip_id}/checklists GET /user/ GET /user/filters GET /user/list GET /user/mates GET /user/{user_id} GET /user/{user_id}/filters GET /user/{user_id}/trips GET /wishlist/ GET /wishlist/filters PATCH /trips/{trip_id}/checklists/{checklist_id}/items/{item_id} POST /auth/login POST /auth/refresh-token POST /auth/set-google-token POST /directions/ POST /media/avatar POST /media/clean POST /media/confirm-upload POST /media/extract-location POST /media/get-upload-url POST /media/image POST /media/picker/image POST /places/details POST /trips/{trip_id}/accept POST /trips/{trip_id}/reject POST /user/link-mate POST /user/{user_id}/activate POST /wishlist/check PUT /checklists/templates/{template_id} PUT /trips/{trip_id}/checklists/{checklist_id} PUT /wishlist/{item_id}Found on 2026-01-10 00:57 -
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf7251d45947bff0b67d5e114dd54339c71185a3689Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: DELETE /user/{user_id}/delete GET /auth/google-auth-status GET /auth/logout GET /countries/ GET /media/picker/items GET /media/picker/session GET /places/country GET /places/find GET /places/search GET /tags/ GET /trips/ GET /trips/{trip_id} GET /user/ GET /user/filters GET /user/list GET /user/mates GET /user/{user_id} GET /user/{user_id}/filters GET /user/{user_id}/trips GET /wishlist/ GET /wishlist/filters POST /auth/login POST /auth/refresh-token POST /auth/set-google-token POST /directions/ POST /media/avatar POST /media/clean POST /media/confirm-upload POST /media/extract-location POST /media/get-upload-url POST /media/image POST /media/picker/image POST /places/details POST /trips/{trip_id}/accept POST /trips/{trip_id}/reject POST /user/link-mate POST /user/{user_id}/activate POST /wishlist/check PUT /wishlist/{item_id}Found on 2025-12-12 21:22
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-16 00:54-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf7251d45947bff0b67d5e114dd54339c71185a3689Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: DELETE /user/{user_id}/delete GET /auth/google-auth-status GET /auth/logout GET /countries/ GET /media/picker/items GET /media/picker/session GET /places/country GET /places/find GET /places/search GET /tags/ GET /trips/ GET /trips/{trip_id} GET /user/ GET /user/filters GET /user/list GET /user/mates GET /user/{user_id} GET /user/{user_id}/filters GET /user/{user_id}/trips GET /wishlist/ GET /wishlist/filters POST /auth/login POST /auth/refresh-token POST /auth/set-google-token POST /directions/ POST /media/avatar POST /media/clean POST /media/confirm-upload POST /media/extract-location POST /media/get-upload-url POST /media/image POST /media/picker/image POST /places/details POST /trips/{trip_id}/accept POST /trips/{trip_id}/reject POST /user/link-mate POST /user/{user_id}/activate POST /wishlist/check PUT /wishlist/{item_id}Found on 2025-11-16 00:54
-
-
Open service 75.2.43.161:443 · api.been-journal.co
2026-01-10 00:57
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Authorization, Access-Control-Allow-Origin Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS Access-Control-Allow-Origin: * Content-Length: 207 Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: credentialless Cross-Origin-Opener-Policy: same-origin-allow-popups Date: Sat, 10 Jan 2026 00:57:15 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=8lGb03Ypddx9ElVY3pDC5ejfi%2FHSVS%2FSJeyr2dSlYeI%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768006634"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=8lGb03Ypddx9ElVY3pDC5ejfi%2FHSVS%2FSJeyr2dSlYeI%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768006634" Server: Heroku Via: 1.1 heroku-router Connection: close Page title: 404 Not Found <!doctype html> <html lang=en> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>Found 2026-01-10 by HttpPluginCreate report
-
Open service 75.2.43.161:443 · api.been-journal.co
2026-01-02 19:28
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Authorization, Access-Control-Allow-Origin Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS Access-Control-Allow-Origin: * Content-Length: 207 Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: credentialless Cross-Origin-Opener-Policy: same-origin-allow-popups Date: Fri, 02 Jan 2026 19:28:22 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=uCEvMi%2BquKQ%2B9nH882OyvYm1IrNdL1K7FD%2BeaA6Jy88%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767382102"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=uCEvMi%2BquKQ%2B9nH882OyvYm1IrNdL1K7FD%2BeaA6Jy88%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767382102" Server: Heroku Via: 1.1 heroku-router Connection: close Page title: 404 Not Found <!doctype html> <html lang=en> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>Found 2026-01-02 by HttpPluginCreate report
-
Open service 75.2.43.161:443 · api.been-journal.co
2025-12-22 21:01
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Authorization, Access-Control-Allow-Origin Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS Access-Control-Allow-Origin: * Content-Length: 207 Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: credentialless Cross-Origin-Opener-Policy: same-origin-allow-popups Date: Mon, 22 Dec 2025 21:01:13 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=4N%2F3bvkDslAJj4k38iCtzLBputNHUdYg32hh5UTA1H8%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766437273"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=4N%2F3bvkDslAJj4k38iCtzLBputNHUdYg32hh5UTA1H8%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766437273" Server: Heroku Via: 1.1 heroku-router Connection: close Page title: 404 Not Found <!doctype html> <html lang=en> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>Found 2025-12-22 by HttpPluginCreate report
-
Open service 75.2.43.161:443 · api.been-journal.co
2025-12-20 21:54
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Authorization, Access-Control-Allow-Origin Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS Access-Control-Allow-Origin: * Content-Length: 207 Content-Type: text/html; charset=utf-8 Cross-Origin-Embedder-Policy: credentialless Cross-Origin-Opener-Policy: same-origin-allow-popups Date: Sat, 20 Dec 2025 21:54:49 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=1e2bjR5iIjMo6BbHN4SH1McGtqFp0mjenV3o1mIMVJQ%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766267689"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=1e2bjR5iIjMo6BbHN4SH1McGtqFp0mjenV3o1mIMVJQ%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766267689" Server: Heroku Via: 1.1 heroku-router Connection: close Page title: 404 Not Found <!doctype html> <html lang=en> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>Found 2025-12-20 by HttpPluginCreate report