Domain notificationsapi.neslotech.co.za
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 3.33.249.164
Domain: notificationsapi.neslotech.co.za
Port: 80
URL: http://notificationsapi.neslotech.co.zaFirst seen 2025-10-25 01:08
Last seen 2026-01-09 03:36
Open for 76 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b98651d5b19cca270eb6bf91a25bf5fa438fe4dffPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /actuator GET /actuator/health GET /actuator/health/** GET /api/v1/users/{userId}/notifications GET /error POST /api/v1/notifications PUT /api/v1/users/{userId}/notifications/mark-all-read PUT /api/v1/users/{userId}/notifications/{notificationId}/read/invertFound on 2026-01-09 03:36
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 52.223.53.203
Domain: notificationsapi.neslotech.co.za
Port: 443
URL: https://notificationsapi.neslotech.co.zaFirst seen 2025-10-25 01:08
Last seen 2026-01-09 07:43
Open for 76 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b98651d5b19cca270eb6bf91a25bf5fa438fe4dffPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /actuator GET /actuator/health GET /actuator/health/** GET /api/v1/users/{userId}/notifications GET /error POST /api/v1/notifications PUT /api/v1/users/{userId}/notifications/mark-all-read PUT /api/v1/users/{userId}/notifications/{notificationId}/read/invertFound on 2026-01-09 07:43
-
-
Open service 52.223.53.203:443 · notificationsapi.neslotech.co.za
2026-01-09 07:43
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Fri, 09 Jan 2026 07:43:13 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=x41wGX8WmgYp89awwL6X31U%2BtF0WmxAR8PDBD%2BDLr%2BU%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767944593"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=x41wGX8WmgYp89awwL6X31U%2BtF0WmxAR8PDBD%2BDLr%2BU%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767944593" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"09-01-2026 07:43:13","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2026-01-09 by HttpPluginCreate report
-
Open service 3.33.249.164:80 · notificationsapi.neslotech.co.za
2026-01-09 03:36
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Fri, 09 Jan 2026 03:37:29 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=elG9mNoo0xm3h9B3o1kIuA7I8WLXzdSAUIqds0RbX6s%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767929849"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=elG9mNoo0xm3h9B3o1kIuA7I8WLXzdSAUIqds0RbX6s%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767929849" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"09-01-2026 03:37:29","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2026-01-09 by HttpPluginCreate report
-
Open service 3.33.249.164:80 · notificationsapi.neslotech.co.za
2026-01-02 09:37
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Fri, 02 Jan 2026 09:37:51 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=iOs7YsmqiLIIK8AcAq%2FVsN3lFuJv144qytnBnlsum5o%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767346671"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=iOs7YsmqiLIIK8AcAq%2FVsN3lFuJv144qytnBnlsum5o%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767346671" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"02-01-2026 09:37:51","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2026-01-02 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · notificationsapi.neslotech.co.za
2026-01-02 05:55
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Fri, 02 Jan 2026 05:55:56 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hjWbFja18Pr7Rq25uGTbw5EFWvOafLqjcueEt7SegUI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767333356"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hjWbFja18Pr7Rq25uGTbw5EFWvOafLqjcueEt7SegUI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767333356" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"02-01-2026 05:55:56","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2026-01-02 by HttpPluginCreate report
-
Open service 3.33.249.164:80 · notificationsapi.neslotech.co.za
2025-12-24 23:00
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Wed, 24 Dec 2025 23:00:26 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=zikk6hQRandnMAJZUDid%2Fnb%2FlTbLFnPnHLnVRD2n4BA%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766617226"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=zikk6hQRandnMAJZUDid%2Fnb%2FlTbLFnPnHLnVRD2n4BA%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766617226" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"24-12-2025 23:00:26","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2025-12-24 by HttpPluginCreate report
-
Open service 3.33.249.164:80 · notificationsapi.neslotech.co.za
2025-12-23 02:03
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Tue, 23 Dec 2025 02:03:08 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vF7Ja96w1zQ%2F9%2BWi7edFIDewyqxTz2jc6dIsGBbW1%2Bw%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766455388"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vF7Ja96w1zQ%2F9%2BWi7edFIDewyqxTz2jc6dIsGBbW1%2Bw%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766455388" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"23-12-2025 02:03:08","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2025-12-23 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · notificationsapi.neslotech.co.za
2025-12-22 13:22
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Mon, 22 Dec 2025 13:22:46 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vQx4f%2FtDTtNegSmnrPLgz56PJJHDYDTH0M6daQr5sgE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766409766"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vQx4f%2FtDTtNegSmnrPLgz56PJJHDYDTH0M6daQr5sgE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766409766" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"22-12-2025 13:22:46","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2025-12-22 by HttpPluginCreate report
-
Open service 3.33.249.164:80 · notificationsapi.neslotech.co.za
2025-12-20 14:40
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Sat, 20 Dec 2025 14:40:41 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hhEF7I5KW70r4Su9Pu%2FJovFgt7QqYAP6S3YPdPtpUXc%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766241641"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hhEF7I5KW70r4Su9Pu%2FJovFgt7QqYAP6S3YPdPtpUXc%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766241641" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"20-12-2025 14:40:41","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2025-12-20 by HttpPluginCreate report
-
Open service 52.223.53.203:443 · notificationsapi.neslotech.co.za
2025-12-20 08:42
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 217 Content-Type: application/json Date: Sat, 20 Dec 2025 08:42:07 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=g7Fq7nWfbT817CX8lR2HDyNwuTKhz3nPR6%2FmDSnC4EU%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766220127"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=g7Fq7nWfbT817CX8lR2HDyNwuTKhz3nPR6%2FmDSnC4EU%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766220127" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Connection: close {"timestamp":"20-12-2025 08:42:07","status":"UNAUTHORIZED","message":"Full authentication is required to access this resource","debugMessage":"Full authentication is required to access this resource","subErrors":null}Found 2025-12-20 by HttpPluginCreate report