Domain control.sfhaccess.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-27 01:08
Last seen 2026-01-09 18:31
Open for 43 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 18:31
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-27 01:08
Last seen 2026-01-09 23:16
Open for 43 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 23:16
-
-
Open service 13.248.132.87:80 · control.sfhaccess.com
2026-01-09 23:16
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 23:17:20 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AaTOsSNKlQOMOf%2FesyAnCk4MK9ne6YmqrwonBw%2BMlmU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768000640"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AaTOsSNKlQOMOf%2FesyAnCk4MK9ne6YmqrwonBw%2BMlmU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768000640" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · control.sfhaccess.com
2026-01-09 18:31
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 18:31:29 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=QGOq67u1q47KUhEeRjxYRThtm9Gn2qn657VZr%2F6IVeg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767983489"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=QGOq67u1q47KUhEeRjxYRThtm9Gn2qn657VZr%2F6IVeg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767983489" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · control.sfhaccess.com
2026-01-02 06:33
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 06:33:57 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9JSrmE6AaIvJWsj381MKnNQRIuJZN1bYVbJECN1cQFY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767335637"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=9JSrmE6AaIvJWsj381MKnNQRIuJZN1bYVbJECN1cQFY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767335637" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · control.sfhaccess.com
2025-12-30 11:24
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 30 Dec 2025 11:24:48 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bNmfXRb1kltyYPUrDEyA1n7nfLUyj6a7GAPnKKLsCjs%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767093888"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bNmfXRb1kltyYPUrDEyA1n7nfLUyj6a7GAPnKKLsCjs%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767093888" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-30 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · control.sfhaccess.com
2025-12-30 11:02
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 30 Dec 2025 11:02:58 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2BN1s11YGHeQIdE0y0gri9ljfn4PG3jKeC3DirzR0vXg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767092578"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2BN1s11YGHeQIdE0y0gri9ljfn4PG3jKeC3DirzR0vXg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767092578" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-30 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · control.sfhaccess.com
2025-12-22 12:24
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 12:24:59 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=SblC7a1N3TRFd7kEnwK3XEwCn7yEfcX51ZleN5Zbxh8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766406299"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=SblC7a1N3TRFd7kEnwK3XEwCn7yEfcX51ZleN5Zbxh8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766406299" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · control.sfhaccess.com
2025-12-22 10:48
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 10:48:30 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=b7B4A%2F0NfINXIE381Ng%2BFlXNUPLtSCG3Gsc3pczymg4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766400510"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=b7B4A%2F0NfINXIE381Ng%2BFlXNUPLtSCG3Gsc3pczymg4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766400510" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · control.sfhaccess.com
2025-12-21 10:50
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sun, 21 Dec 2025 10:50:22 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=OZ0p9TWkosDGEM9B6MNQ3OalECXAmg%2BYbrFXudRAXEE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766314222"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=OZ0p9TWkosDGEM9B6MNQ3OalECXAmg%2BYbrFXudRAXEE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766314222" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · control.sfhaccess.com
2025-12-20 11:22
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 11:22:46 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=pvwJT0l1fvsfwbBDh3f5eNAKahZdRz6oYH%2BFoibwkuM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766229766"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=pvwJT0l1fvsfwbBDh3f5eNAKahZdRz6oYH%2BFoibwkuM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766229766" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-20 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · control.sfhaccess.com
2025-12-19 08:41
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Content-Length: 63 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 08:41:29 GMT Etag: W/"3f-BunLb98SCK6azHy0RO08GDnFBek" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wdCQlf3Qs3j7XHg6lfriYaOT7tHI6BX5ETOj%2FmzUAWw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766133689"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wdCQlf3Qs3j7XHg6lfriYaOT7tHI6BX5ETOj%2FmzUAWw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766133689" Server: Heroku Strict-Transport-Security: max-age=15552000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close {"message":"Cannot GET /","error":"Not Found","statusCode":404}Found 2025-12-19 by HttpPluginCreate report