LeakIX - Host api.spendify.dk

Domain api.spendify.dk

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.223.53.203
Domain: api.spendify.dk
Port: 443
URL: https://api.spendify.dk

First seen 2025-11-19 01:33
Last seen 2026-01-09 09:59
Open for 51 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 09:59
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 15.197.253.240
Domain: api.spendify.dk
Port: 80
URL: http://api.spendify.dk

First seen 2025-11-19 01:33
Last seen 2026-01-09 15:25
Open for 51 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 15:25
Create report

Open service 15.197.253.240:80 · api.spendify.dk

2026-01-09 15:25

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 15:26:31 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 29
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BngZQwJCdFZQcy8vgP5XwDX6U9FTP4E9a%2BYORi6ph0A%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767972391"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BngZQwJCdFZQcy8vgP5XwDX6U9FTP4E9a%2BYORi6ph0A%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767972391"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2026-01-09 by HttpPlugin

Create report

Open service 52.223.53.203:443 · api.spendify.dk

2026-01-09 09:59

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 09:59:20 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 58
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=F9lszHSKE9RKOPuoCcDhJB8skfZxBTWT8vwyRXwRGvQ%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767952760"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=F9lszHSKE9RKOPuoCcDhJB8skfZxBTWT8vwyRXwRGvQ%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767952760"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2026-01-09 by HttpPlugin

Create report

Open service 52.223.53.203:443 · api.spendify.dk

2026-01-02 14:56

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 14:56:29 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=af2wmxgWuiFH%2BpRNSq3W96u17EkR6UkvSnvKpa8Q8R8%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767365789"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=af2wmxgWuiFH%2BpRNSq3W96u17EkR6UkvSnvKpa8Q8R8%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767365789"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2026-01-02 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.spendify.dk

2025-12-22 18:31

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 18:31:40 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=2%2Fj2Xsnod8lKKwDTDNA4chMFB4SxHRnXvydRx1LWXfE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766428300"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=2%2Fj2Xsnod8lKKwDTDNA4chMFB4SxHRnXvydRx1LWXfE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766428300"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2025-12-22 by HttpPlugin

Create report

Open service 52.223.53.203:443 · api.spendify.dk

2025-12-22 16:51

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 16:51:03 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aX5bLXdPe9WNk8kDz1XrC4TW9nz4IQ2ujVTeuEX7cvo%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766422263"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aX5bLXdPe9WNk8kDz1XrC4TW9nz4IQ2ujVTeuEX7cvo%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766422263"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2025-12-22 by HttpPlugin

Create report

Open service 15.197.253.240:80 · api.spendify.dk

2025-12-20 18:28

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 18:28:55 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=k3y9vkMALy6qEYIzCPPW%2FmGc25Qs9WVIts6%2F9pkYvN8%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766255335"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=k3y9vkMALy6qEYIzCPPW%2FmGc25Qs9WVIts6%2F9pkYvN8%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766255335"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2025-12-20 by HttpPlugin

Create report

Open service 52.223.53.203:443 · api.spendify.dk

2025-12-20 17:46

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 17:46:38 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wbHGljYV0zxJ%2Bv1ENi4fugGpX%2BhtoDNTUuMcc8KgTPQ%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766252798"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wbHGljYV0zxJ%2Bv1ENi4fugGpX%2BhtoDNTUuMcc8KgTPQ%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766252798"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2025-12-20 by HttpPlugin

Create report

Open service 52.223.53.203:443 · api.spendify.dk

2025-12-19 06:28

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 12
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 19 Dec 2025 06:28:04 GMT
Etag: W/"c-XyEn2VMo3WRe2oC+HNQsvM6kfqQ"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Ratelimit-Limit: 30
Ratelimit-Policy: 30;w=60
Ratelimit-Remaining: 28
Ratelimit-Reset: 60
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2FZtkyo2O87mxFEvkW2wSaQB4aYw5KKAks5svY%2BUuVLE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766125684"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2FZtkyo2O87mxFEvkW2wSaQB4aYw5KKAks5svY%2BUuVLE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766125684"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Spendify API

Found 2025-12-19 by HttpPlugin

Create report

api.spendify.dk

Fingerprint:

2e7e2c4eb82808a3b9e1a87d5dc26d60833a26eb90eb282a69c072c7deb695e9

CN:

api.spendify.dk

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-19 00:33

Not after:

2026-02-17 00:33

Domain summary

api.spendify.dk 9

1 recorded

IP summary

15.197.253.240 1 52.223.53.203 1

2 recorded

Domain api.spendify.dk

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

api.spendify.dk

Domain summary

IP summary