LeakIX - Host api.ratehogs.com

Domain api.ratehogs.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.151.71
Domain: api.ratehogs.com
Port: 443
URL: https://api.ratehogs.com

First seen 2025-11-21 04:59
Last seen 2026-01-09 08:53
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 08:53
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.248.132.87
Domain: api.ratehogs.com
Port: 80
URL: http://api.ratehogs.com

First seen 2025-11-21 04:59
Last seen 2026-01-09 08:53
Open for 49 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 08:53
Create report

Open service 99.83.151.71:443 · api.ratehogs.com

2026-01-09 08:53

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 08:53:40 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=LyYTIGWLjMFuMyR%2BmUjTyaTfdJ8HKPrGvvtlUrJhjGc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767948820"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=LyYTIGWLjMFuMyR%2BmUjTyaTfdJ8HKPrGvvtlUrJhjGc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767948820"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 13.248.132.87:80 · api.ratehogs.com

2026-01-09 08:53

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 08:54:41 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=KD%2FNrks5uATxeKwOEFjCjXVU6qQ25duH3inV18GUID8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767948881"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=KD%2FNrks5uATxeKwOEFjCjXVU6qQ25duH3inV18GUID8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767948881"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 13.248.132.87:80 · api.ratehogs.com

2026-01-02 13:21

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 13:21:56 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vQ6MVvqj%2F2%2Fqr9tavBv%2BI%2BYI1Dsv6h4gIfbxQAOZieU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767360116"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vQ6MVvqj%2F2%2Fqr9tavBv%2BI%2BYI1Dsv6h4gIfbxQAOZieU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767360116"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api.ratehogs.com

2026-01-02 13:21

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 13:21:52 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Ad8VDjAANAs06CFv8p%2F1wkma0TPbl1bFKGI39m%2Fenqk%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767360112"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Ad8VDjAANAs06CFv8p%2F1wkma0TPbl1bFKGI39m%2Fenqk%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767360112"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 13.248.132.87:80 · api.ratehogs.com

2025-12-22 17:54

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Dec 2025 17:54:10 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=SCeNWIljkyR4rktulaBQ21oizt8g6rP8T2c5RydlpiM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766426050"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=SCeNWIljkyR4rktulaBQ21oizt8g6rP8T2c5RydlpiM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766426050"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api.ratehogs.com

2025-12-22 17:54

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Dec 2025 17:54:07 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=dO%2FA%2F5CF8%2FAjix2%2FpnkNC3lJ6Y7cbdNFkjC%2FDT2BuV4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766426047"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=dO%2FA%2F5CF8%2FAjix2%2FpnkNC3lJ6Y7cbdNFkjC%2FDT2BuV4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766426047"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.151.71:443 · api.ratehogs.com

2025-12-20 19:40

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 19:40:12 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=1%2BX8avq7dpi0LZa8FIjByG8G3e527xi6ApWn7jGPgRA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766259612"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=1%2BX8avq7dpi0LZa8FIjByG8G3e527xi6ApWn7jGPgRA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766259612"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 13.248.132.87:80 · api.ratehogs.com

2025-12-20 19:40

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OTIONS
Access-Control-Allow-Origin: *
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 19:40:14 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=HqZtwJAXCkQFfVr6SHaIax5dWzPs1cPWycH7SBIBYRg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766259615"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=HqZtwJAXCkQFfVr6SHaIax5dWzPs1cPWycH7SBIBYRg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766259615"
Server: Heroku
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

api.ratehogs.com

Fingerprint:

e184ca87f05038757e92f1a70c90fa5d0ee6e2cbb3cb278afab9851ffaf0213f

CN:

api.ratehogs.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-21 04:00

Not after:

2026-02-19 04:00

Domain summary

api.ratehogs.com 9

1 recorded

IP summary

99.83.151.71 1 13.248.132.87 1

2 recorded

Domain api.ratehogs.com

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

api.ratehogs.com

Domain summary

IP summary