Domain api.gtfinance.ca
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-10 00:16
Last seen 2026-01-09 15:22
Open for 30 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-01-09 15:22
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-10 00:16
Last seen 2026-01-09 20:17
Open for 30 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
Found on 2026-01-09 20:17
-
-
Open service 99.83.151.71:443 · api.gtfinance.ca
2026-01-09 20:17
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 09 Jan 2026 20:17:07 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=sAB7gqiB2pTF8pETPkvM1jjZdLdpeB7gJfFt517CA2k%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767989827"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=sAB7gqiB2pTF8pETPkvM1jjZdLdpeB7gJfFt517CA2k%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767989827" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2026-01-09T20:17:07.899+00:00","status":404,"error":"Not Found","path":"/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:80 · api.gtfinance.ca
2026-01-09 15:22
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 09 Jan 2026 15:23:45 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0YC3d4QTKM0zo9mcbQvXYHjM1US4TQGDIf8OVVBQg64%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767972225"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0YC3d4QTKM0zo9mcbQvXYHjM1US4TQGDIf8OVVBQg64%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767972225" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2026-01-09T15:23:45.640+00:00","status":404,"error":"Not Found","path":"/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · api.gtfinance.ca
2026-01-02 17:51
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 02 Jan 2026 17:51:06 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ND3%2BTcPxtEapbcwm6ahZPkIIq%2BX%2Bq74FDiPhDXZlVG4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767376266"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ND3%2BTcPxtEapbcwm6ahZPkIIq%2BX%2Bq74FDiPhDXZlVG4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767376266" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2026-01-02T17:51:06.447+00:00","status":404,"error":"Not Found","path":"/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.151.71:80 · api.gtfinance.ca
2026-01-02 17:29
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 02 Jan 2026 17:29:16 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=HXNIxY%2FMDgx70uVX0inCLbHbd%2BMKrAHdp7%2BWyw5k7wo%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767374956"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=HXNIxY%2FMDgx70uVX0inCLbHbd%2BMKrAHdp7%2BWyw5k7wo%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767374956" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2026-01-02T17:29:16.682+00:00","status":404,"error":"Not Found","path":"/"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.151.71:80 · api.gtfinance.ca
2025-12-23 09:11
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Tue, 23 Dec 2025 09:11:33 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=UfUJ39e40uPGpErVQxcGY2cu98BpLtlXTg5hCb1QXlw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766481093"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=UfUJ39e40uPGpErVQxcGY2cu98BpLtlXTg5hCb1QXlw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766481093" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-23T09:11:33.086+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · api.gtfinance.ca
2025-12-23 08:12
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Tue, 23 Dec 2025 08:12:32 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=NIj8KFkGr9tKGKkUwEuRTssmP%2BmOu7mEWnj9nhsDviE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766477552"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=NIj8KFkGr9tKGKkUwEuRTssmP%2BmOu7mEWnj9nhsDviE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766477552" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-23T08:12:32.958+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 99.83.151.71:80 · api.gtfinance.ca
2025-12-21 11:11
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Sun, 21 Dec 2025 11:12:00 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=VgTF6gUBzUXpIa2GmKU1UVgu8seQUzbV5Anv6JUZF8Y%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766315520"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=VgTF6gUBzUXpIa2GmKU1UVgu8seQUzbV5Anv6JUZF8Y%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766315520" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-21T11:12:00.150+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · api.gtfinance.ca
2025-12-21 07:08
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Sun, 21 Dec 2025 07:08:32 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FjoCoKdEqKI7L7Y7W35IXhyNzKiHyobYfTADVv9MxjY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766300912"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FjoCoKdEqKI7L7Y7W35IXhyNzKiHyobYfTADVv9MxjY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766300912" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-21T07:08:32.781+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.151.71:80 · api.gtfinance.ca
2025-12-19 07:42
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 19 Dec 2025 07:42:53 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hzP1xQq%2BviXyNiCuyhK5aUu7yiOqxxELfU5ji2nBNlY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766130173"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hzP1xQq%2BviXyNiCuyhK5aUu7yiOqxxELfU5ji2nBNlY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766130173" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-19T07:42:53.200+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-19 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · api.gtfinance.ca
2025-12-19 00:46
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, remember-me Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: Content-Type: application/json Date: Fri, 19 Dec 2025 00:46:39 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Permissions-Policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=() Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=d1RioUHZvQow6Jsg0xx%2F%2FeYqgatAUDSsPJALDr6moYk%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766105199"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=d1RioUHZvQow6Jsg0xx%2F%2FeYqgatAUDSsPJALDr6moYk%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766105199" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Content-Length: 89 Connection: close {"timestamp":"2025-12-19T00:46:39.446+00:00","status":404,"error":"Not Found","path":"/"}Found 2025-12-19 by HttpPluginCreate report