LeakIX - Host app.edpay.co

Domain app.edpay.co

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 15.197.253.240
Domain: app.edpay.co
Port: 80
URL: http://app.edpay.co

First seen 2025-10-24 00:42
Last seen 2026-01-09 14:49
Open for 77 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b26756a6626756a6626756a6626756a6626756a66
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /events/{eventType}
```
  Found on 2026-01-09 14:49
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.223.53.203
Domain: app.edpay.co
Port: 443
URL: https://app.edpay.co

First seen 2025-10-24 00:42
Last seen 2026-01-09 00:56
Open for 77 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b26756a6626756a6626756a6626756a6626756a66
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /events/{eventType}
```
  Found on 2026-01-09 00:56
Create report

Open service 15.197.253.240:80 · app.edpay.co

2026-01-09 14:49

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 0
Date: Fri, 09 Jan 2026 14:50:17 GMT
Expires: 0
Location: http://app.edpay.co/user
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5NK%2FLlamcrLdK%2BGoZKcZoIZ0x%2FQ%2BDzz4HVYJflz0Q7Q%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767970217"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5NK%2FLlamcrLdK%2BGoZKcZoIZ0x%2FQ%2BDzz4HVYJflz0Q7Q%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767970217"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro=
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 52.223.53.203:443 · app.edpay.co

2026-01-09 00:56

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 0
Date: Fri, 09 Jan 2026 00:56:44 GMT
Expires: 0
Location: https://app.edpay.co/user
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=09NyHIV70sDXtAJHQHhStaFB2M9gve8wWPuTnRlcydw%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767920204"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=09NyHIV70sDXtAJHQHhStaFB2M9gve8wWPuTnRlcydw%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767920204"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro=
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 15.197.253.240:80 · app.edpay.co

2026-01-02 18:04

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 0
Date: Fri, 02 Jan 2026 18:04:56 GMT
Expires: 0
Location: http://app.edpay.co/user
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bjuXkBdNn8pNodIMbtuCjtGUn%2FbTfBaRcuHKuu%2B5kMs%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767377096"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bjuXkBdNn8pNodIMbtuCjtGUn%2FbTfBaRcuHKuu%2B5kMs%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767377096"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro=
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 52.223.53.203:443 · app.edpay.co

2026-01-01 23:42

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 0
Date: Thu, 01 Jan 2026 23:42:58 GMT
Expires: 0
Location: https://app.edpay.co/user
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=T4lwEKHgEMQWGpjqTga6Os1Ww%2BhIk4QDyRDfZaBVMko%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767310978"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=T4lwEKHgEMQWGpjqTga6Os1Ww%2BhIk4QDyRDfZaBVMko%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767310978"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro=
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Connection: close

Found 2026-01-01 by HttpPlugin

Create report

Open service 52.223.53.203:443 · app.edpay.co

2025-12-30 10:36

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Length: 0
Date: Tue, 30 Dec 2025 10:36:44 GMT
Expires: 0
Location: https://app.edpay.co/user
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=guwgklAWSV0ChfXFZsSRIiYAFheE6S81dcnVXvHRiDs%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767091004"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=guwgklAWSV0ChfXFZsSRIiYAFheE6S81dcnVXvHRiDs%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767091004"
Server: Heroku
Set-Cookie: heroku-session-affinity=Q38DAQERU3RpY2t5U2Vzc2lvbkRhdGEB/4AAAQMBBUFwcElEAQwAAQhEeW5vTmFtZQEMAAEJRHlub0NvdW50AQQAAAAM/4ACBXdlYi4xAQIARMPRiGUYPESFILe+D/Zb99ZRg5hULdX5K5efJpGPuro=
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Connection: close

Found 2025-12-30 by HttpPlugin