LeakIX - Host dev-app.whomie.com

Domain dev-app.whomie.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev-app.whomie.com
Port: 80
URL: http://dev-app.whomie.com

First seen 2025-10-19 00:09
Last seen 2026-01-09 03:24
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8cfe9986fd4d0bd11f3eb74b88bdaca4c03b8874

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /apple/flags
GET /apple/flags/with-version
GET /apple/redirect
GET /apple/url
GET /auth/check-password-reset-code
GET /auth/email-check/{email}
GET /chatrooms
GET /chatrooms/exists/{userId1}/{userId2}
GET /force-update/flags/with-version
GET /linkedin/callback
GET /linkedin/redirect
GET /linkedin/url
GET /profile/app-language
GET /profile/single
GET /room-pool
GET /room-pool/single
GET /room-pool/{roomPostId}
GET /user-pool
GET /user-pool/{userId}
POST /apple/callback
POST /apple/complete-registration/{tempToken}
POST /apple/signin/{tempToken}
POST /auth/forgot-password
POST /auth/image-upload
POST /auth/password-reset
POST /auth/resend/verification-email
POST /auth/signin
POST /auth/signup
POST /auth/verify
POST /chatrooms/block-user
POST /contact-us
POST /google/complete-registration/{tempToken}
POST /google/initial-registration
POST /google/signin/{tempToken}
POST /linkedin/complete-registration/{tempToken}
POST /linkedin/initial-registration
POST /linkedin/signin/{tempToken}
POST /notification/send
POST /profile/image-upload
POST /profile/logout
POST /profile/update-last-login-date
POST /profile/update-push-token
POST /report
POST /room-pool/image-upload
PUT /profile

Found on 2026-01-09 03:24

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.185.157
Domain: dev-app.whomie.com
Port: 443
URL: https://dev-app.whomie.com

First seen 2025-10-19 00:09
Last seen 2026-01-09 01:20
Open for 82 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8cfe9986fd4d0bd11f3eb74b88bdaca4c03b8874

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /apple/flags
GET /apple/flags/with-version
GET /apple/redirect
GET /apple/url
GET /auth/check-password-reset-code
GET /auth/email-check/{email}
GET /chatrooms
GET /chatrooms/exists/{userId1}/{userId2}
GET /force-update/flags/with-version
GET /linkedin/callback
GET /linkedin/redirect
GET /linkedin/url
GET /profile/app-language
GET /profile/single
GET /room-pool
GET /room-pool/single
GET /room-pool/{roomPostId}
GET /user-pool
GET /user-pool/{userId}
POST /apple/callback
POST /apple/complete-registration/{tempToken}
POST /apple/signin/{tempToken}
POST /auth/forgot-password
POST /auth/image-upload
POST /auth/password-reset
POST /auth/resend/verification-email
POST /auth/signin
POST /auth/signup
POST /auth/verify
POST /chatrooms/block-user
POST /contact-us
POST /google/complete-registration/{tempToken}
POST /google/initial-registration
POST /google/signin/{tempToken}
POST /linkedin/complete-registration/{tempToken}
POST /linkedin/initial-registration
POST /linkedin/signin/{tempToken}
POST /notification/send
POST /profile/image-upload
POST /profile/logout
POST /profile/update-last-login-date
POST /profile/update-push-token
POST /report
POST /room-pool/image-upload
PUT /profile

Found on 2026-01-09 01:20

Create report

Open service 99.83.185.157:80 · dev-app.whomie.com

2026-01-09 03:24

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 03:25:36 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=p4Zh%2BQLdlilcj36DrFY291s1VhabwPO4LjTrJdshf1A%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767929136"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=p4Zh%2BQLdlilcj36DrFY291s1VhabwPO4LjTrJdshf1A%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767929136"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 99.83.185.157:443 · dev-app.whomie.com

2026-01-09 01:20

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 01:20:53 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=dckHi1bqm1O3T1A7%2BZ0FwjWp07TDAAWO4bXkDJPgtlU%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767921653"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=dckHi1bqm1O3T1A7%2BZ0FwjWp07TDAAWO4bXkDJPgtlU%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767921653"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 99.83.185.157:80 · dev-app.whomie.com

2026-01-02 10:09

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 02 Jan 2026 10:09:55 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3e1kLdfZXKtxoX2cdPGlW8b1wWTavg7ilbMlXYiuXL0%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767348595"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3e1kLdfZXKtxoX2cdPGlW8b1wWTavg7ilbMlXYiuXL0%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767348595"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.185.157:443 · dev-app.whomie.com

2026-01-02 04:37

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 02 Jan 2026 04:37:15 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Mb9yOyWwbnjT5y8eFvBA%2BSbNA%2FHYYjS0j9sYBc%2FXytg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767328635"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Mb9yOyWwbnjT5y8eFvBA%2BSbNA%2FHYYjS0j9sYBc%2FXytg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767328635"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.185.157:443 · dev-app.whomie.com

2025-12-30 06:52

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 30 Dec 2025 06:52:39 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PGuMyE8z3car44lRrTR24RqEYCuu9rJim58w%2BTZSlWg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767077559"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PGuMyE8z3car44lRrTR24RqEYCuu9rJim58w%2BTZSlWg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767077559"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2025-12-30 by HttpPlugin

Create report

Open service 99.83.185.157:80 · dev-app.whomie.com

2025-12-22 19:34

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Mon, 22 Dec 2025 19:34:54 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xcKloBYV5FEUsIBdNDwWIERrAmIf7etOqMEZhjKEk%2B0%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766432094"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xcKloBYV5FEUsIBdNDwWIERrAmIf7etOqMEZhjKEk%2B0%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766432094"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.185.157:443 · dev-app.whomie.com

2025-12-22 14:14

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Mon, 22 Dec 2025 14:14:43 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=pk4uPO4dVA8ZrZrSjK8AbJLb5diWyuGfP00%2BnGZzd%2Bs%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766412883"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=pk4uPO4dVA8ZrZrSjK8AbJLb5diWyuGfP00%2BnGZzd%2Bs%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766412883"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.185.157:80 · dev-app.whomie.com

2025-12-20 20:01

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sat, 20 Dec 2025 20:01:13 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=T02vQFte7JECXGNFEQ14QcqTM4%2BsWIIpFNK3%2FD%2BeXDI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766260873"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=T02vQFte7JECXGNFEQ14QcqTM4%2BsWIIpFNK3%2FD%2BeXDI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766260873"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.185.157:443 · dev-app.whomie.com

2025-12-20 14:36

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sat, 20 Dec 2025 14:36:17 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hujemS%2F9kKyLdLpS9nuU9BxYYLNYEE83XTJP22ug4PQ%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766241377"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hujemS%2F9kKyLdLpS9nuU9BxYYLNYEE83XTJP22ug4PQ%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766241377"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

dev-app.whomie.com

Fingerprint:

da1ed1356da34e8e3ebfd6599caf6cf551488c3ec2510bbc027b11f5635d671c

CN:

dev-app.whomie.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-17 23:15

Not after:

2026-03-17 23:15

Domain summary

dev-app.whomie.com 10

1 recorded

IP summary

99.83.185.157 2

1 recorded