LeakIX - Host staging-api.pagodalog.com

Domain staging-api.pagodalog.com

United States

AMAZON-02

Software information

Heroku

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 52.223.53.203
Domain: staging-api.pagodalog.com
Port: 443
URL: https://staging-api.pagodalog.com

First seen 2025-10-26 00:07
Last seen 2026-01-09 01:30
Open for 75 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 01:30
Create report

Open service 52.223.53.203:443 · staging-api.pagodalog.com

2026-01-09 01:30

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 01:30:39 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=dKNLYi5NVZgGarHf296JJOTb4MubPGYtdMwy34AHqag%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767922239"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=dKNLYi5NVZgGarHf296JJOTb4MubPGYtdMwy34AHqag%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767922239"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 52.223.53.203:443 · staging-api.pagodalog.com

2026-01-02 01:50

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 01:50:35 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JhTl7vmrA1p6jSWZ5K4O4CIbvwzGgNeZ4iuZNLuxuyE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767318635"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=JhTl7vmrA1p6jSWZ5K4O4CIbvwzGgNeZ4iuZNLuxuyE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767318635"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 52.223.53.203:443 · staging-api.pagodalog.com

2025-12-30 09:09

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Tue, 30 Dec 2025 09:09:34 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=NBExFN4%2FAcoOwG%2Bw5EjhW7cbfY2ma8SGMN5lwwdzqQo%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767085774"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=NBExFN4%2FAcoOwG%2Bw5EjhW7cbfY2ma8SGMN5lwwdzqQo%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767085774"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 52.223.53.203:443 · staging-api.pagodalog.com

2025-12-23 04:44

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 04:44:50 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=EWFygH2JJLINpYFYFQndmrZo7MRitwFvNDXaVNFTjgM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766465090"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=EWFygH2JJLINpYFYFQndmrZo7MRitwFvNDXaVNFTjgM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766465090"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 52.223.53.203:443 · staging-api.pagodalog.com

2025-12-20 15:54

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 15:54:43 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=V7bBpaYvi8tqz74FSAvGcBS8WJUHImgyY7GvvuMzDX8%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766246083"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=V7bBpaYvi8tqz74FSAvGcBS8WJUHImgyY7GvvuMzDX8%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766246083"
Server: Heroku
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

staging-api.pagodalog.com

Fingerprint:

023bcc3281939de511280ef4e2c8aa7e9cbd9cad6fde768870712cfa1eba7270

CN:

staging-api.pagodalog.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-24 23:44

Not after:

2026-03-24 23:44

staging-api.pagodalog.com

Fingerprint:

f2fa167b247ebaeaa856b5cd1537f1ffad34d0121e42d7a81526710aa07b3653

CN:

staging-api.pagodalog.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-10-25 23:08

Not after:

2026-01-23 23:08

Domain summary

staging-api.pagodalog.com 5

1 recorded

IP summary

52.223.53.203 2

1 recorded

Domain staging-api.pagodalog.com

United States

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

staging-api.pagodalog.com

staging-api.pagodalog.com

Domain summary

IP summary