Domain api.agendabeauty.com.br
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-21 03:58
Last seen 2026-01-09 03:15
Open for 48 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656Public Swagger UI/API detected at path: /swagger-ui.html
Found on 2026-01-09 03:15
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-21 03:58
Last seen 2026-01-09 12:20
Open for 49 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656Public Swagger UI/API detected at path: /swagger-ui.html
Found on 2026-01-09 12:20
-
-
Open service 15.197.149.68:80 · api.agendabeauty.com.br
2026-01-09 12:20
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Fri, 09 Jan 2026 12:21:22 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=CVyiWH6mZ7zGMSstRA5sgGrGiiyIHR7ONQUeAWPu9ro%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767961283"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=CVyiWH6mZ7zGMSstRA5sgGrGiiyIHR7ONQUeAWPu9ro%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767961283" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 3 days ago by HttpPluginCreate report
-
Open service 3.33.241.96:443 · api.agendabeauty.com.br
2026-01-09 03:15
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Fri, 09 Jan 2026 03:15:58 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=a9ictojT6BbgwmDu9TSCJaydHG%2BgXPeKgqPYA38R%2FOs%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767928558"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=a9ictojT6BbgwmDu9TSCJaydHG%2BgXPeKgqPYA38R%2FOs%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767928558" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 3.33.241.96:443 · api.agendabeauty.com.br
2026-01-02 10:37
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Fri, 02 Jan 2026 10:37:16 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JOEUqRzdbS9jVsfDT1FBdb66fGXgMa13ACssqaL4KUM%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767350236"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=JOEUqRzdbS9jVsfDT1FBdb66fGXgMa13ACssqaL4KUM%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767350236" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · api.agendabeauty.com.br
2026-01-02 02:32
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Fri, 02 Jan 2026 02:32:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=csysDFhVf32pA8JUmCTf%2B8gzpKvOtZ9bekPtq6FYnCY%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767321171"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=csysDFhVf32pA8JUmCTf%2B8gzpKvOtZ9bekPtq6FYnCY%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767321171" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · api.agendabeauty.com.br
2025-12-30 10:56
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Tue, 30 Dec 2025 10:56:47 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=G9G66lO%2BWoc1BYgjn6G2bjolFYmTl%2BTcM6DQrkPILvc%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767092208"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=G9G66lO%2BWoc1BYgjn6G2bjolFYmTl%2BTcM6DQrkPILvc%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767092208" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2025-12-30 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · api.agendabeauty.com.br
2025-12-22 23:12
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Mon, 22 Dec 2025 23:12:09 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=w6dsBi%2FUwYjsKzXz0fkXYrLlYGzoLgISfH%2BrzeJtwB8%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766445130"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=w6dsBi%2FUwYjsKzXz0fkXYrLlYGzoLgISfH%2BrzeJtwB8%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766445130" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 3.33.241.96:443 · api.agendabeauty.com.br
2025-12-22 19:12
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Mon, 22 Dec 2025 19:12:50 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AgkqDpVC1aIfMPrH%2Bn6QjtkqD5vbpOoNfKkq3QRWvkg%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766430771"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AgkqDpVC1aIfMPrH%2Bn6QjtkqD5vbpOoNfKkq3QRWvkg%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766430771" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · api.agendabeauty.com.br
2025-12-21 01:56
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Sun, 21 Dec 2025 01:56:09 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=b9CPmRKeTenpujt3igiWCJsl4q16WEa1NcjIfC35i%2Fw%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766282169"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=b9CPmRKeTenpujt3igiWCJsl4q16WEa1NcjIfC35i%2Fw%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766282169" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 3.33.241.96:443 · api.agendabeauty.com.br
2025-12-20 20:36
HTTP/1.1 401 Unauthorized Cache-Control: no-store Content-Type: application/json Date: Sat, 20 Dec 2025 20:36:40 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=piJnTnKa4a1lwSspLTnd50atHqyplb6aAuPUdGvkFH4%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766263000"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=piJnTnKa4a1lwSspLTnd50atHqyplb6aAuPUdGvkFH4%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766263000" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Www-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 102 Connection: close {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}Found 2025-12-20 by HttpPluginCreate report