LeakIX - Host api.kora.li

Domain api.kora.li

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.217.1
Domain: api.kora.li
Port: 443
URL: https://api.kora.li

First seen 2025-10-20 00:07
Last seen 2026-01-09 15:30
Open for 81 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 15:30
Create report

Open service 99.83.217.1:443 · api.kora.li

2026-01-09 15:30

HTTP/1.1 302 Found
Access-Control-Allow-Headers: Content-type,Accept,authorization,X-Access-Token,X-Key
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 30
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 15:30:13 GMT
Location: /swagger
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=NGaswGb0xfNPuvUtI8ez8%2BDOqXifWpfOmSJQFjF7WZg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767972613"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=NGaswGb0xfNPuvUtI8ez8%2BDOqXifWpfOmSJQFjF7WZg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767972613"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /swagger

Found 2026-01-09 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.kora.li

2026-01-02 11:07

HTTP/1.1 302 Found
Access-Control-Allow-Headers: Content-type,Accept,authorization,X-Access-Token,X-Key
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 30
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 11:07:31 GMT
Location: /swagger
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5EZtukLeyGOWCyZU%2B%2FQ8xsZ8WSXzzsce4r4Htfvpkgg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767352051"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5EZtukLeyGOWCyZU%2B%2FQ8xsZ8WSXzzsce4r4Htfvpkgg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767352051"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /swagger

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.kora.li

2025-12-23 02:42

HTTP/1.1 302 Found
Access-Control-Allow-Headers: Content-type,Accept,authorization,X-Access-Token,X-Key
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 30
Content-Type: text/plain; charset=utf-8
Date: Tue, 23 Dec 2025 02:42:00 GMT
Location: /swagger
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Kpd3HB%2BKVc%2BL9bvfu5c8Rpyx376GnJFU%2BDJltUywNM4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766457720"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Kpd3HB%2BKVc%2BL9bvfu5c8Rpyx376GnJFU%2BDJltUywNM4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766457720"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /swagger

Found 2025-12-23 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.kora.li

2025-12-20 20:07

HTTP/1.1 302 Found
Access-Control-Allow-Headers: Content-type,Accept,authorization,X-Access-Token,X-Key
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Content-Length: 30
Content-Type: text/plain; charset=utf-8
Date: Sat, 20 Dec 2025 20:07:57 GMT
Location: /swagger
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ybtO7yGkFiaAiWW0m06EssXnp35Y5E4iI5E35%2BgOUDk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766261277"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ybtO7yGkFiaAiWW0m06EssXnp35Y5E4iI5E35%2BgOUDk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766261277"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /swagger

Found 2025-12-20 by HttpPlugin