Domain api.almaalee.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-16 02:09
Last seen 2026-01-09 10:14
Open for 85 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b567f0269f10cd47d1959f54302f5053f32a8f8c4Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/access-codes/{id} DELETE /api/holidays/clear DELETE /api/holidays/{id} DELETE /api/news/delete/{id} DELETE /api/pdf/delete DELETE /api/teacher/delete/{id} DELETE /api/videos/{id} DELETE /student/app/delete/{id} DELETE /student/reset/appdevice/{num} GET /api/access-codes GET /api/date-ranges GET /api/date-ranges/{id} GET /api/download/apk GET /api/download/apk/admin GET /api/download/apk/courses GET /api/gallery/image/{id} GET /api/gallery/images GET /api/holidays GET /api/holidays/check/{date} GET /api/news GET /api/news/urgent GET /api/student/delete/weeklyExam GET /api/student/get/weeklyExam GET /api/student/{id} GET /api/teacher GET /api/videos GET /api/videos/{studentClass} GET /app/{studentNum} GET /check_notifications GET /clear_admin_notifications GET /deleteAdmin GET /deleteStudent GET /generateAdminQRCodeLogin GET /generateAllQRCodes GET /generateStudentQRCodeLogin GET /getAbsent GET /getAllAdmins GET /getAllStudents GET /getMessages GET /getOneStudentInfoAll GET /getPunishments GET /getRewards GET /getStudentAllPayment GET /getStudentExamInfo GET /getStudentFinalExamInfo GET /getStudentInfo GET /getStudentInfoAll GET /getStudentInfoAllFromSameFamilt GET /getYearlyCost GET /student/app GET /student/app/{studentClass} GET /student/reset/logindevice/{id} GET /student/validate-video GET /update_notifications POST /addPunishment POST /addReward POST /addStudentPayment POST /api/access-codes/bulk-update POST /api/access-codes/class POST /api/access-codes/validate POST /api/gallery/upload POST /api/news/add POST /api/notifications/save-token POST /api/notifications/send POST /api/pdf/upload/{videoId} POST /api/student/save/weeklyExam POST /api/students/upload-csv POST /api/teacher/create POST /api/update-student-info POST /api/upload POST /api/upload-student-image POST /auth/reset-password POST /auth/verify-identity POST /email/send POST /getClassAbsent POST /getStudentsExamInfo POST /login POST /saveAbsent POST /saveAdminInfo POST /saveStudentExamInfo POST /saveStudentInfo POST /saveStudentsExamInfo POST /saveYearlyCost POST /sendMessage POST /student/login POST /student/signup POST /student/update POST /updateAdminInfo PUT /api/news/update/{id}Found on 2026-01-09 10:14 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b567f0269f10cd47d1959f54302f5053f75bfa858Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/access-codes/{id} DELETE /api/holidays/clear DELETE /api/holidays/{id} DELETE /api/news/delete/{id} DELETE /api/pdf/delete DELETE /api/teacher/delete/{id} DELETE /api/videos/{id} DELETE /student/app/delete/{id} DELETE /student/reset/appdevice/{num} GET /api/access-codes GET /api/date-ranges GET /api/date-ranges/{id} GET /api/download/apk GET /api/download/apk/admin GET /api/download/apk/courses GET /api/gallery/image/{id} GET /api/gallery/images GET /api/holidays GET /api/holidays/check/{date} GET /api/news GET /api/news/urgent GET /api/student/delete/weeklyExam GET /api/student/get/weeklyExam GET /api/student/{id} GET /api/teacher GET /api/videos GET /api/videos/{studentClass} GET /app/{studentNum} GET /check_notifications GET /clear_admin_notifications GET /deleteAdmin GET /deleteStudent GET /generateAdminQRCodeLogin GET /generateStudentQRCodeLogin GET /getAbsent GET /getAllAdmins GET /getAllStudents GET /getMessages GET /getOneStudentInfoAll GET /getPunishments GET /getRewards GET /getStudentAllPayment GET /getStudentExamInfo GET /getStudentFinalExamInfo GET /getStudentInfo GET /getStudentInfoAll GET /getStudentInfoAllFromSameFamilt GET /getYearlyCost GET /student/app GET /student/app/{studentClass} GET /student/reset/logindevice/{id} GET /student/validate-video GET /update_notifications POST /addPunishment POST /addReward POST /addStudentPayment POST /api/access-codes/bulk-update POST /api/access-codes/class POST /api/access-codes/validate POST /api/gallery/upload POST /api/news/add POST /api/notifications/save-token POST /api/notifications/send POST /api/pdf/upload/{videoId} POST /api/student/save/weeklyExam POST /api/students/upload-csv POST /api/teacher/create POST /api/update-student-info POST /api/upload POST /api/upload-student-image POST /auth/reset-password POST /auth/verify-identity POST /email/send POST /getClassAbsent POST /getStudentsExamInfo POST /login POST /saveAbsent POST /saveAdminInfo POST /saveStudentExamInfo POST /saveStudentInfo POST /saveStudentsExamInfo POST /saveYearlyCost POST /sendMessage POST /student/login POST /student/signup POST /student/update POST /updateAdminInfo PUT /api/news/update/{id}Found on 2025-11-16 16:23
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-16 02:09
Last seen 2026-01-09 05:41
Open for 85 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b567f0269f10cd47d1959f54302f5053f32a8f8c4Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/access-codes/{id} DELETE /api/holidays/clear DELETE /api/holidays/{id} DELETE /api/news/delete/{id} DELETE /api/pdf/delete DELETE /api/teacher/delete/{id} DELETE /api/videos/{id} DELETE /student/app/delete/{id} DELETE /student/reset/appdevice/{num} GET /api/access-codes GET /api/date-ranges GET /api/date-ranges/{id} GET /api/download/apk GET /api/download/apk/admin GET /api/download/apk/courses GET /api/gallery/image/{id} GET /api/gallery/images GET /api/holidays GET /api/holidays/check/{date} GET /api/news GET /api/news/urgent GET /api/student/delete/weeklyExam GET /api/student/get/weeklyExam GET /api/student/{id} GET /api/teacher GET /api/videos GET /api/videos/{studentClass} GET /app/{studentNum} GET /check_notifications GET /clear_admin_notifications GET /deleteAdmin GET /deleteStudent GET /generateAdminQRCodeLogin GET /generateAllQRCodes GET /generateStudentQRCodeLogin GET /getAbsent GET /getAllAdmins GET /getAllStudents GET /getMessages GET /getOneStudentInfoAll GET /getPunishments GET /getRewards GET /getStudentAllPayment GET /getStudentExamInfo GET /getStudentFinalExamInfo GET /getStudentInfo GET /getStudentInfoAll GET /getStudentInfoAllFromSameFamilt GET /getYearlyCost GET /student/app GET /student/app/{studentClass} GET /student/reset/logindevice/{id} GET /student/validate-video GET /update_notifications POST /addPunishment POST /addReward POST /addStudentPayment POST /api/access-codes/bulk-update POST /api/access-codes/class POST /api/access-codes/validate POST /api/gallery/upload POST /api/news/add POST /api/notifications/save-token POST /api/notifications/send POST /api/pdf/upload/{videoId} POST /api/student/save/weeklyExam POST /api/students/upload-csv POST /api/teacher/create POST /api/update-student-info POST /api/upload POST /api/upload-student-image POST /auth/reset-password POST /auth/verify-identity POST /email/send POST /getClassAbsent POST /getStudentsExamInfo POST /login POST /saveAbsent POST /saveAdminInfo POST /saveStudentExamInfo POST /saveStudentInfo POST /saveStudentsExamInfo POST /saveYearlyCost POST /sendMessage POST /student/login POST /student/signup POST /student/update POST /updateAdminInfo PUT /api/news/update/{id}Found on 2026-01-09 05:41 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b567f0269f10cd47d1959f54302f5053f75bfa858Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/access-codes/{id} DELETE /api/holidays/clear DELETE /api/holidays/{id} DELETE /api/news/delete/{id} DELETE /api/pdf/delete DELETE /api/teacher/delete/{id} DELETE /api/videos/{id} DELETE /student/app/delete/{id} DELETE /student/reset/appdevice/{num} GET /api/access-codes GET /api/date-ranges GET /api/date-ranges/{id} GET /api/download/apk GET /api/download/apk/admin GET /api/download/apk/courses GET /api/gallery/image/{id} GET /api/gallery/images GET /api/holidays GET /api/holidays/check/{date} GET /api/news GET /api/news/urgent GET /api/student/delete/weeklyExam GET /api/student/get/weeklyExam GET /api/student/{id} GET /api/teacher GET /api/videos GET /api/videos/{studentClass} GET /app/{studentNum} GET /check_notifications GET /clear_admin_notifications GET /deleteAdmin GET /deleteStudent GET /generateAdminQRCodeLogin GET /generateStudentQRCodeLogin GET /getAbsent GET /getAllAdmins GET /getAllStudents GET /getMessages GET /getOneStudentInfoAll GET /getPunishments GET /getRewards GET /getStudentAllPayment GET /getStudentExamInfo GET /getStudentFinalExamInfo GET /getStudentInfo GET /getStudentInfoAll GET /getStudentInfoAllFromSameFamilt GET /getYearlyCost GET /student/app GET /student/app/{studentClass} GET /student/reset/logindevice/{id} GET /student/validate-video GET /update_notifications POST /addPunishment POST /addReward POST /addStudentPayment POST /api/access-codes/bulk-update POST /api/access-codes/class POST /api/access-codes/validate POST /api/gallery/upload POST /api/news/add POST /api/notifications/save-token POST /api/notifications/send POST /api/pdf/upload/{videoId} POST /api/student/save/weeklyExam POST /api/students/upload-csv POST /api/teacher/create POST /api/update-student-info POST /api/upload POST /api/upload-student-image POST /auth/reset-password POST /auth/verify-identity POST /email/send POST /getClassAbsent POST /getStudentsExamInfo POST /login POST /saveAbsent POST /saveAdminInfo POST /saveStudentExamInfo POST /saveStudentInfo POST /saveStudentsExamInfo POST /saveYearlyCost POST /sendMessage POST /student/login POST /student/signup POST /student/update POST /updateAdminInfo PUT /api/news/update/{id}Found on 2025-11-16 07:36
-
-
Open service 13.248.132.87:443 · api.almaalee.com
2026-01-09 10:14
HTTP/1.1 404 Not Found Content-Type: application/json Date: Fri, 09 Jan 2026 10:15:01 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=DBqa%2B68HEz0Zpr1yjkW0ysDKeIScU8SUOj48mZhoobU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767953701"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=DBqa%2B68HEz0Zpr1yjkW0ysDKeIScU8SUOj48mZhoobU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767953701" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1767953701720,"status":404,"error":"Not Found","path":"/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · api.almaalee.com
2026-01-09 05:41
HTTP/1.1 404 Not Found Content-Type: application/json Date: Fri, 09 Jan 2026 05:42:10 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=yTevBMk69alMBNUOsZ3jXPSKezOx8ByQXctqvriFQUQ%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767937330"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=yTevBMk69alMBNUOsZ3jXPSKezOx8ByQXctqvriFQUQ%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767937330" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1767937330400,"status":404,"error":"Not Found","path":"/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · api.almaalee.com
2026-01-02 14:18
HTTP/1.1 404 Not Found Content-Type: application/json Date: Fri, 02 Jan 2026 14:18:59 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BGCZ8kKfJ92FRUPfV0fpL%2BgH%2FcQ2R4%2FKNNSue2b3LdE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767363540"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BGCZ8kKfJ92FRUPfV0fpL%2BgH%2FcQ2R4%2FKNNSue2b3LdE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767363540" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1767363540284,"status":404,"error":"Not Found","path":"/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · api.almaalee.com
2026-01-02 04:55
HTTP/1.1 404 Not Found Content-Type: application/json Date: Fri, 02 Jan 2026 04:55:58 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JgCWQ1knnvl7%2B8fV2IMEBVO443%2FJB5t%2FOHAIdRC69YE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767329759"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=JgCWQ1knnvl7%2B8fV2IMEBVO443%2FJB5t%2FOHAIdRC69YE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767329759" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1767329759192,"status":404,"error":"Not Found","path":"/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · api.almaalee.com
2025-12-23 03:09
HTTP/1.1 404 Not Found Content-Type: application/json Date: Tue, 23 Dec 2025 03:09:22 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=c9N9dqQ23LL59FGcHav3K9%2BE2sl%2Bh%2FKz2uIEZyWcBgA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766459362"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=c9N9dqQ23LL59FGcHav3K9%2BE2sl%2Bh%2FKz2uIEZyWcBgA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766459362" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1766459362706,"status":404,"error":"Not Found","path":"/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · api.almaalee.com
2025-12-22 17:14
HTTP/1.1 404 Not Found Content-Type: application/json Date: Mon, 22 Dec 2025 17:14:32 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=pke7lR6aEC%2BR1uZLkUSQACeUpDAKWGxENvpmajm%2FmBI%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766423672"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=pke7lR6aEC%2BR1uZLkUSQACeUpDAKWGxENvpmajm%2FmBI%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766423672" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1766423672249,"status":404,"error":"Not Found","path":"/"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · api.almaalee.com
2025-12-20 14:06
HTTP/1.1 404 Not Found Content-Type: application/json Date: Sat, 20 Dec 2025 14:06:57 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ZC60wRG%2B2UOcjyUMAIp4q7n7HjL2OYFNKRNMnn2G%2BL8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766239617"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ZC60wRG%2B2UOcjyUMAIp4q7n7HjL2OYFNKRNMnn2G%2BL8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766239617" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1766239617991,"status":404,"error":"Not Found","path":"/"}Found 2025-12-20 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · api.almaalee.com
2025-12-20 12:29
HTTP/1.1 404 Not Found Content-Type: application/json Date: Sat, 20 Dec 2025 12:29:48 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hwhgOjiPDl65GuR54KnnO2bseN%2FrT6eej2z8Dvs6JiY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766233788"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hwhgOjiPDl65GuR54KnnO2bseN%2FrT6eej2z8Dvs6JiY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766233788" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router Content-Length: 71 Connection: close {"timestamp":1766233788353,"status":404,"error":"Not Found","path":"/"}Found 2025-12-20 by HttpPluginCreate report