LeakIX - Host app.holdthisplease.com

Domain app.holdthisplease.com

United States

AMAZON-02

Software information

Heroku

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 35.71.179.82
Domain: app.holdthisplease.com
Port: 443
URL: https://app.holdthisplease.com

First seen 2025-12-02 01:04
Last seen 2026-01-09 21:17
Open for 38 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 21:17
Create report

Open service 35.71.179.82:443 · app.holdthisplease.com

2026-01-09 21:17

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=0
Content-Length: 964
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Jan 2026 21:18:00 GMT
Etag: W/"3c4-1984de1dac0"
Last-Modified: Sun, 27 Jul 2025 21:55:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=C3j7Zb9NrtuS8T4JII91wRa16lY%2Fpk4JIKiaCM74Jak%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767993480"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=C3j7Zb9NrtuS8T4JII91wRa16lY%2Fpk4JIKiaCM74Jak%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767993480"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close

Page title: Hold this please app

<!doctype html><html lang="en"><head><script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyD4zoMIosG6-lPGt8__7LvwiXJoeosN5RU&libraries=places"></script><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="Hold This" content="Hold This website"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link href="https://fonts.googleapis.com/css?family=Questrial" rel="stylesheet"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet"/><title>Hold this please app</title><script src="/firebase-config.js"></script><script defer="defer" src="/static/js/main.4fcfa569.js"></script><link href="/static/css/main.baca899a.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 35.71.179.82:443 · app.holdthisplease.com

2026-01-02 14:12

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=0
Content-Length: 964
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Jan 2026 14:12:24 GMT
Etag: W/"3c4-1984de1dac0"
Last-Modified: Sun, 27 Jul 2025 21:55:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=zUuKudS%2F98eDSgT8I%2FnrTI6YAeAOQr7KBf8bKTQ3OmQ%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767363144"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=zUuKudS%2F98eDSgT8I%2FnrTI6YAeAOQr7KBf8bKTQ3OmQ%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767363144"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close

Page title: Hold this please app

<!doctype html><html lang="en"><head><script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyD4zoMIosG6-lPGt8__7LvwiXJoeosN5RU&libraries=places"></script><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="Hold This" content="Hold This website"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link href="https://fonts.googleapis.com/css?family=Questrial" rel="stylesheet"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet"/><title>Hold this please app</title><script src="/firebase-config.js"></script><script defer="defer" src="/static/js/main.4fcfa569.js"></script><link href="/static/css/main.baca899a.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 35.71.179.82:443 · app.holdthisplease.com

2025-12-22 17:16

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=0
Content-Length: 964
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Dec 2025 17:16:17 GMT
Etag: W/"3c4-1984de1dac0"
Last-Modified: Sun, 27 Jul 2025 21:55:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6X7hD1NlwtZTANdS7APLbuR7vp3s4qJWbyKFFRRJ%2BLc%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766423777"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=6X7hD1NlwtZTANdS7APLbuR7vp3s4qJWbyKFFRRJ%2BLc%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766423777"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close

Page title: Hold this please app

<!doctype html><html lang="en"><head><script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyD4zoMIosG6-lPGt8__7LvwiXJoeosN5RU&libraries=places"></script><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="Hold This" content="Hold This website"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link href="https://fonts.googleapis.com/css?family=Questrial" rel="stylesheet"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet"/><title>Hold this please app</title><script src="/firebase-config.js"></script><script defer="defer" src="/static/js/main.4fcfa569.js"></script><link href="/static/css/main.baca899a.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 35.71.179.82:443 · app.holdthisplease.com

2025-12-20 17:19

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=0
Content-Length: 964
Content-Type: text/html; charset=UTF-8
Date: Sat, 20 Dec 2025 17:19:29 GMT
Etag: W/"3c4-1984de1dac0"
Last-Modified: Sun, 27 Jul 2025 21:55:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Hn3Xsh99TnUX0xxmSpE4whVNTxdAGbyuihqWIGiEn6U%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766251169"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Hn3Xsh99TnUX0xxmSpE4whVNTxdAGbyuihqWIGiEn6U%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766251169"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close

Page title: Hold this please app

<!doctype html><html lang="en"><head><script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyD4zoMIosG6-lPGt8__7LvwiXJoeosN5RU&libraries=places"></script><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="Hold This" content="Hold This website"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link href="https://fonts.googleapis.com/css?family=Questrial" rel="stylesheet"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet"/><title>Hold this please app</title><script src="/firebase-config.js"></script><script defer="defer" src="/static/js/main.4fcfa569.js"></script><link href="/static/css/main.baca899a.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 35.71.179.82:443 · app.holdthisplease.com

2025-12-19 06:44

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=0
Content-Length: 964
Content-Type: text/html; charset=UTF-8
Date: Fri, 19 Dec 2025 06:44:57 GMT
Etag: W/"3c4-1984de1dac0"
Last-Modified: Sun, 27 Jul 2025 21:55:04 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3jTBN6JOgZpGn69XH2k%2F8uET%2BEWGFguTy0%2Fgsv%2BTf%2Bs%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766126697"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3jTBN6JOgZpGn69XH2k%2F8uET%2BEWGFguTy0%2Fgsv%2BTf%2Bs%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766126697"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close

Page title: Hold this please app

<!doctype html><html lang="en"><head><script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyD4zoMIosG6-lPGt8__7LvwiXJoeosN5RU&libraries=places"></script><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="Hold This" content="Hold This website"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link href="https://fonts.googleapis.com/css?family=Questrial" rel="stylesheet"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet"/><title>Hold this please app</title><script src="/firebase-config.js"></script><script defer="defer" src="/static/js/main.4fcfa569.js"></script><link href="/static/css/main.baca899a.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

Found 2025-12-19 by HttpPlugin

Create report

app.holdthisplease.com

Fingerprint:

17df7f9fcfa11bd4bcd670ebc43751851d3f3dbf76a1756cd11211ca05367184

CN:

app.holdthisplease.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-02 00:04

Not after:

2026-03-02 00:04

Domain summary

app.holdthisplease.com 5

1 recorded

IP summary

35.71.179.82 2

1 recorded

Domain app.holdthisplease.com

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

app.holdthisplease.com

Domain summary

IP summary