Domain www.scale.cards
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-15 00:21
Last seen 2026-01-09 09:36
Open for 55 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea42efffd5Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /matchmaking/{playerId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /matchmaking POST /player POST /player/forgot-password/{username} POST /player/login POST /player/relation POST /player/reset-password POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2026-01-09 09:36 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea84207770Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /matchmaking/{playerId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /matchmaking POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-12-16 17:32 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea9c8174e9Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-12-01 01:59 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b31cd1bcd63b5abee1494f373eb2bb4379aaa06f8Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-11-22 21:57
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-15 00:21
Last seen 2026-01-09 09:36
Open for 55 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea42efffd5Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /matchmaking/{playerId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /matchmaking POST /player POST /player/forgot-password/{username} POST /player/login POST /player/relation POST /player/reset-password POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2026-01-09 09:36 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea84207770Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /matchmaking/{playerId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /matchmaking POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-12-16 17:32 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b483eb7ce5e15eb8ef989c6fbeab724ea9c8174e9Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /chest/{id} DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /chest POST /chest/open POST /chest/purchase POST /chest/search POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-12-01 01:59 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b31cd1bcd63b5abee1494f373eb2bb4379aaa06f8Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /deck/{deckId} DELETE /skin/{id} GET /card/{id} GET /chat/{playerId} GET /deck/{playerId} GET /game/{gameId}/check/{changeCode} GET /game/{gameId}/{playerId} GET /lobby/{lobbyId} GET /player/{playerId}/relations POST /card/search POST /card/upload POST /chat POST /deck POST /game/action POST /game/initialize/{lobbyId} POST /game/{gameId}/{playerId}/resign POST /lobby POST /lobby/search POST /player POST /player/login POST /player/relation POST /skin POST /skin/activate POST /skin/purchase POST /skin/searchFound on 2025-11-22 21:57
-
-
Open service 35.71.145.101:80 · www.scale.cards
2026-01-09 09:36
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Fri, 09 Jan 2026 09:37:46 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YKSFWXWyFqeo5NPhfwDn17TTVkzV0OUZEbowi37nOQE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767951466"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YKSFWXWyFqeo5NPhfwDn17TTVkzV0OUZEbowi37nOQE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767951466" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.97.79:443 · www.scale.cards
2026-01-09 09:36
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Fri, 09 Jan 2026 09:36:45 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6ZSgxD3FfymoztM7nCnip6c7cz0H0pcxxUvttceAs1Q%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767951405"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=6ZSgxD3FfymoztM7nCnip6c7cz0H0pcxxUvttceAs1Q%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767951405" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.97.79:443 · www.scale.cards
2026-01-02 07:48
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Fri, 02 Jan 2026 07:48:34 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=D5hBO1O7NS3pyJ6nWJ%2FS3Wc1EZZ%2B7w5uE8ffags7lic%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767340114"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=D5hBO1O7NS3pyJ6nWJ%2FS3Wc1EZZ%2B7w5uE8ffags7lic%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767340114" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.145.101:80 · www.scale.cards
2026-01-02 07:48
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Fri, 02 Jan 2026 07:48:37 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=S%2B8nvce1rbAjLYjujDjjUAR53reman0JT76i0FkjXkU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767340117"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=S%2B8nvce1rbAjLYjujDjjUAR53reman0JT76i0FkjXkU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767340117" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.145.101:80 · www.scale.cards
2025-12-23 03:41
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Tue, 23 Dec 2025 03:41:35 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FJ3Hu2HVwL6K6xNhcEAM3Rm5ukADr%2B8BM3Kr6ku%2FiwQ%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766461295"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FJ3Hu2HVwL6K6xNhcEAM3Rm5ukADr%2B8BM3Kr6ku%2FiwQ%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766461295" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2025-12-23 by HttpPluginCreate report
-
Open service 75.2.97.79:443 · www.scale.cards
2025-12-23 03:41
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Tue, 23 Dec 2025 03:41:31 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=zQfuy5wAP87UV6kNhpdtxkPE22fm3orRJIWwJV9j3VY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766461291"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=zQfuy5wAP87UV6kNhpdtxkPE22fm3orRJIWwJV9j3VY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766461291" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2025-12-23 by HttpPluginCreate report
-
Open service 75.2.97.79:443 · www.scale.cards
2025-12-21 01:22
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Sun, 21 Dec 2025 01:22:03 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Fkl7lGOPAQivRb4e3xbeLM0bzRRseEz%2BxkKbB4fgbZI%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766280123"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Fkl7lGOPAQivRb4e3xbeLM0bzRRseEz%2BxkKbB4fgbZI%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766280123" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2025-12-21 by HttpPluginCreate report
-
Open service 35.71.145.101:80 · www.scale.cards
2025-12-21 01:22
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Sun, 21 Dec 2025 01:22:06 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YBlRMpUdVypqQr8VgUba7Qe1lM8M8dip6c%2FDaYaAZWw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766280126"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YBlRMpUdVypqQr8VgUba7Qe1lM8M8dip6c%2FDaYaAZWw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766280126" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Transfer-Encoding: chunkedFound 2025-12-21 by HttpPluginCreate report