Domain api.cashlog.net
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-14 00:02
Last seen 2026-01-09 05:52
Open for 56 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c9bbb5636bPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/loans/count GET /api/loans/page GET /api/loans/stats GET /api/loans/top-profitable-customers GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate POST /api/voice/extract-loan-data PUT /api/loans/{id}Found on 2026-01-09 05:52 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c9208d3e33Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/loans/count GET /api/loans/page GET /api/loans/stats GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate POST /api/voice/extract-loan-data PUT /api/loans/{id}Found on 2025-12-18 18:11 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c93d1788bePublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate PUT /api/loans/{id}Found on 2025-12-10 19:58
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-14 00:02
Last seen 2026-01-02 11:33
Open for 49 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c9bbb5636bPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/loans/count GET /api/loans/page GET /api/loans/stats GET /api/loans/top-profitable-customers GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate POST /api/voice/extract-loan-data PUT /api/loans/{id}Found on 2026-01-02 11:33 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c9208d3e33Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/loans/count GET /api/loans/page GET /api/loans/stats GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate POST /api/voice/extract-loan-data PUT /api/loans/{id}Found on 2025-12-18 18:11 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b8817192b0207123cb73f32e6271ef5c93d1788bePublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/users/transaction-password GET /api/customers GET /api/customers/search GET /api/customers/{id} GET /api/customers/{id}/validate-deletion GET /api/loans GET /api/users/profile GET /api/users/transaction-password/status PATCH /api/loans/{id}/mark-as-paid POST /api/auth/activate-account POST /api/auth/login POST /api/auth/password-reset POST /api/auth/password-reset/confirm POST /api/backup POST /api/loans/batch-mark-as-paid POST /api/loans/process-overdue POST /api/loans/{id}/payments POST /api/users POST /api/users/transaction-password/set POST /api/users/transaction-password/validate PUT /api/loans/{id}Found on 2025-12-10 19:58
-
-
Open service 3.33.193.101:443 · api.cashlog.net
2026-01-09 05:52
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Fri, 09 Jan 2026 05:52:13 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=QQgiOZAaSaEVUllBUJMsLqm%2FeHs3aR3kdjM%2FbFBBXyw%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1767937933"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=QQgiOZAaSaEVUllBUJMsLqm%2FeHs3aR3kdjM%2FbFBBXyw%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1767937933" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2026-01-09T05:52:13","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2026-01-09 by HttpPluginCreate report
-
Open service 52.223.46.195:80 · api.cashlog.net
2026-01-09 05:33
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Fri, 09 Jan 2026 05:34:10 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7%2BjnaYMvBQM2HMUx9loZkpuuHHThzvLOMX5WkOfwbGE%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1767936850"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7%2BjnaYMvBQM2HMUx9loZkpuuHHThzvLOMX5WkOfwbGE%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1767936850" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2026-01-09T05:34:10","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2026-01-09 by HttpPluginCreate report
-
Open service 52.223.46.195:80 · api.cashlog.net
2026-01-02 11:33
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Fri, 02 Jan 2026 11:33:26 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FpdwtMU0NpAra1f7CYUb3AMrlHxro3IaN1bYPQDob5E%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1767353606"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FpdwtMU0NpAra1f7CYUb3AMrlHxro3IaN1bYPQDob5E%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1767353606" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2026-01-02T11:33:26","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.33.193.101:443 · api.cashlog.net
2026-01-02 10:59
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Fri, 02 Jan 2026 10:59:33 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vod4k%2F7gJUoGBv2EHdTN%2BPuoauKltBekjbfgm3l1Bm0%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1767351573"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vod4k%2F7gJUoGBv2EHdTN%2BPuoauKltBekjbfgm3l1Bm0%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1767351573" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2026-01-02T10:59:33","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2026-01-02 by HttpPluginCreate report
-
Open service 52.223.46.195:80 · api.cashlog.net
2025-12-30 14:13
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Tue, 30 Dec 2025 14:13:24 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=S7fmCjfl9tAAwy54X5wl%2F4U4VvpJrZJEpMrnPBvZrCM%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1767104004"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=S7fmCjfl9tAAwy54X5wl%2F4U4VvpJrZJEpMrnPBvZrCM%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1767104004" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2025-12-30T14:13:24","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2025-12-30 by HttpPluginCreate report
-
Open service 52.223.46.195:80 · api.cashlog.net
2025-12-22 19:09
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Mon, 22 Dec 2025 19:09:54 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ArpxvAmw9qK991uvgMad9DiDZe8ogzq0%2FbpdtFBDM8c%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1766430594"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ArpxvAmw9qK991uvgMad9DiDZe8ogzq0%2FbpdtFBDM8c%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1766430594" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2025-12-22T19:09:54","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2025-12-22 by HttpPluginCreate report
-
Open service 3.33.193.101:443 · api.cashlog.net
2025-12-20 20:40
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Sat, 20 Dec 2025 20:40:15 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=R5wy9xOh6VspafG%2FTh5pPRDAjjmz%2FdcGOe7bPZBygPw%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1766263216"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=R5wy9xOh6VspafG%2FTh5pPRDAjjmz%2FdcGOe7bPZBygPw%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1766263216" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2025-12-20T20:40:16","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2025-12-20 by HttpPluginCreate report
-
Open service 52.223.46.195:80 · api.cashlog.net
2025-12-20 20:40
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 169 Content-Type: application/json;charset=UTF-8 Date: Sat, 20 Dec 2025 20:40:17 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xewv%2Bl5UBlnXdfUJVLD6nCjdKoUqwz40vgF0hFzz2mo%3D\u0026sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d\u0026ts=1766263217"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xewv%2Bl5UBlnXdfUJVLD6nCjdKoUqwz40vgF0hFzz2mo%3D&sid=e11707d5-02a7-43ef-b45e-2cf4d2036f7d&ts=1766263217" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close {"timestamp":"2025-12-20T20:40:17","status":401,"error":"Unauthorized","message":"Acesso negado. Token de autenticação necessário","path":"/","validationErrors":null}Found 2025-12-20 by HttpPluginCreate report