LeakIX - Host backend.trinitypad.com

Domain backend.trinitypad.com

United States

AMAZON-02

Software information

Vercel

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 66.33.60.193
Domain: backend.trinitypad.com
Port: 443
URL: https://backend.trinitypad.com

First seen 2025-10-23 13:48
Last seen 2026-01-09 17:11
Open for 78 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 17:11
Create report

Open service 66.33.60.193:443 · backend.trinitypad.com

2026-01-09 17:11

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 17:11:57 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1767979318
X-Vercel-Cache: MISS
X-Vercel-Id: bom1::iad1::t2j57-1767978714302-a8fd849a4454
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 3 days ago by HttpPlugin

Create report

Open service 66.33.60.193:443 · backend.trinitypad.com

2026-01-02 17:39

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 17:39:53 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1767376194
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::9v66d-1767375590168-981522b9aedc
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 76.76.21.241:80 · backend.trinitypad.com

2025-12-23 08:37

HTTP/1.0 308 Permanent Redirect
Content-Type: text/plain
Location: https://backend.trinitypad.com/
Refresh: 0;url=https://backend.trinitypad.com/
server: Vercel


Redirecting...

Found 2025-12-23 by HttpPlugin

Create report

Open service 76.76.21.241:443 · backend.trinitypad.com

2025-12-23 08:37

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Tue, 23 Dec 2025 08:37:17 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1766479638
X-Vercel-Cache: MISS
X-Vercel-Id: sfo1::iad1::29hff-1766479033976-4c63576b0aa4
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 66.33.60.193:443 · backend.trinitypad.com

2025-12-23 08:37

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Tue, 23 Dec 2025 08:37:17 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1766479638
X-Vercel-Cache: MISS
X-Vercel-Id: lhr1::iad1::9rvcn-1766479033866-0d76b1e254f2
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 66.33.60.193:80 · backend.trinitypad.com

2025-12-23 08:37

HTTP/1.0 308 Permanent Redirect
Content-Type: text/plain
Location: https://backend.trinitypad.com/
Refresh: 0;url=https://backend.trinitypad.com/
server: Vercel


Redirecting...

Found 2025-12-23 by HttpPlugin

Create report

Open service 66.33.60.193:443 · backend.trinitypad.com

2025-12-22 13:05

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 13:05:30 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 97
X-Ratelimit-Reset: 1766409067
X-Vercel-Cache: MISS
X-Vercel-Id: lhr1::iad1::jfj8n-1766408730376-214d2effae4d
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 2025-12-22 by HttpPlugin

Create report

Open service 66.33.60.193:443 · backend.trinitypad.com

2025-12-20 13:14

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 15
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 13:15:01 GMT
Etag: W/"f-VaSQ4oDUiZblZNAEkkN+sX+q3Sg"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1766237102
X-Vercel-Cache: MISS
X-Vercel-Id: bom1::iad1::4h9rj-1766236497652-587ef790822d
X-Xss-Protection: 0
Connection: close


{"status":"ok"}

Found 2025-12-20 by HttpPlugin

Create report

backend.trinitypad.com

Fingerprint:

7e96fb0bf0905601d8c673a5af56847ddb42bcf92d3c7986a90ffe6100efad22

CN:

backend.trinitypad.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-23 07:37

Not after:

2026-03-23 07:37

backend.trinitypad.com

Fingerprint:

b80182da6137c39eaaea6ca733ce3ce9dd45a46dfcab4ae78b924e010b86e62b

CN:

backend.trinitypad.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-10-23 12:49

Not after:

2026-01-21 12:49

Domain summary

backend.trinitypad.com 8

1 recorded

IP summary

66.33.60.193 2 76.76.21.241 1

2 recorded

Domain backend.trinitypad.com

United States

Software information

Swagger API description is publicly available

backend.trinitypad.com

backend.trinitypad.com

Domain summary

IP summary