LeakIX - Host ctr-qa-api.makehelsinki.com

Domain ctr-qa-api.makehelsinki.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 76.223.11.49
Domain: ctr-qa-api.makehelsinki.com
Port: 443
URL: https://ctr-qa-api.makehelsinki.com

First seen 2025-11-16 00:34
Last seen 2026-01-09 09:43
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 09:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 15.197.129.158
Domain: ctr-qa-api.makehelsinki.com
Port: 80
URL: http://ctr-qa-api.makehelsinki.com

First seen 2025-11-16 00:34
Last seen 2026-01-09 07:02
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 07:02
Create report

Open service 76.223.11.49:443 · ctr-qa-api.makehelsinki.com

2026-01-09 09:43

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 09:43:04 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=glZeJfnHrAgx92y2XuxfcZcLTBdjZw9Z8St6LYb56aQ%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767951784"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=glZeJfnHrAgx92y2XuxfcZcLTBdjZw9Z8St6LYb56aQ%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767951784"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2026-01-09 by HttpPlugin

Create report

Open service 15.197.129.158:80 · ctr-qa-api.makehelsinki.com

2026-01-09 07:02

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 07:03:24 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=yKpMv3YUPsquY%2BtKNxPbv1Sb0wDp6%2FJQ1S7EHXql3eY%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767942204"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=yKpMv3YUPsquY%2BtKNxPbv1Sb0wDp6%2FJQ1S7EHXql3eY%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767942204"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2026-01-09 by HttpPlugin

Create report

Open service 76.223.11.49:443 · ctr-qa-api.makehelsinki.com

2026-01-02 07:38

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 07:38:49 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vZOKM1jju5jQ3wBmsGAcAPyYydM35zfCURaftQ9YNFw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767339529"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vZOKM1jju5jQ3wBmsGAcAPyYydM35zfCURaftQ9YNFw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767339529"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2026-01-02 by HttpPlugin

Create report

Open service 15.197.129.158:80 · ctr-qa-api.makehelsinki.com

2026-01-02 06:45

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 06:45:24 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=XRvX9UUX%2FAPWoWfUIsOktLD1sWQfDX9QcdUsYkm5okY%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767336324"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=XRvX9UUX%2FAPWoWfUIsOktLD1sWQfDX9QcdUsYkm5okY%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767336324"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2026-01-02 by HttpPlugin

Create report

Open service 76.223.11.49:443 · ctr-qa-api.makehelsinki.com

2025-12-23 03:52

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Tue, 23 Dec 2025 03:52:49 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=O%2B56faFIMpyN9FPmgs9C6Ujl5GDQtBAqsujgik5nTY0%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766461969"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=O%2B56faFIMpyN9FPmgs9C6Ujl5GDQtBAqsujgik5nTY0%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766461969"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2025-12-23 by HttpPlugin

Create report

Open service 15.197.129.158:80 · ctr-qa-api.makehelsinki.com

2025-12-22 12:13

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Mon, 22 Dec 2025 12:13:10 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Nd3vfIHkYsQDCCY%2FDba5qNTTzEMGpJ0fia0U4Tub%2FFk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766405590"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Nd3vfIHkYsQDCCY%2FDba5qNTTzEMGpJ0fia0U4Tub%2FFk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766405590"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2025-12-22 by HttpPlugin

Create report

Open service 76.223.11.49:443 · ctr-qa-api.makehelsinki.com

2025-12-21 01:30

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Sun, 21 Dec 2025 01:30:53 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=reUSH2Dg7aMf2mJwzg3TwCr%2BWqeeHqs9Lr9jAzdUkLI%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766280653"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=reUSH2Dg7aMf2mJwzg3TwCr%2BWqeeHqs9Lr9jAzdUkLI%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766280653"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2025-12-21 by HttpPlugin

Create report

Open service 15.197.129.158:80 · ctr-qa-api.makehelsinki.com

2025-12-20 10:52

HTTP/1.1 302 Found
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Sat, 20 Dec 2025 10:52:28 GMT
Location: /api-docs
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=oLUDlCP%2BZjga%2FA1Lhbo0sgNoHOFBoTie9PWpuv3V%2FnA%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766227948"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=oLUDlCP%2BZjga%2FA1Lhbo0sgNoHOFBoTie9PWpuv3V%2FnA%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766227948"
Server: Heroku
Vary: Accept
Via: 1.1 heroku-router
X-Powered-By: Express
Connection: close


Found. Redirecting to /api-docs

Found 2025-12-20 by HttpPlugin

Create report

ctr-qa-api.makehelsinki.com

Fingerprint:

435cc90e5a74cbc76dde08b972c4ff2b676c4f444ae750f225bec0f2a219d3dd

CN:

ctr-qa-api.makehelsinki.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-15 23:35

Not after:

2026-02-13 23:35

Domain summary

ctr-qa-api.makehelsinki.com 9

1 recorded

IP summary

76.223.11.49 1 15.197.129.158 1

2 recorded

Domain ctr-qa-api.makehelsinki.com

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

ctr-qa-api.makehelsinki.com

Domain summary

IP summary