Domain onerecord.iata.org
United States
Software information
Heroku
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-16 01:03
Last seen 2026-01-10 01:54
Open for 55 days-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf72d8850544f204099e403e29a4bfff9fad92f099dPublic Swagger UI/API detected at path: /swagger-ui.html - sample paths: GET /client/server-data GET /companies/{companyId} GET /companies/{companyId}/los/{loId} GET /companies/{companyId}/los/{loId}/acl GET /companies/{companyId}/los/{loId}/audit-trail GET /companies/{companyId}/los/{loId}/events GET /companies/{companyId}/los/{loId}/mementos/{mementoId} GET /companies/{companyId}/los/{loId}/timegate GET /companies/{companyId}/los/{loId}/timemap GET /companies/{companyId}/subscribers POST /companies POST /companies/{companyId}/callback POST /companies/{companyId}/delegation POST /companies/{companyId}/los POST /companies/{companyId}/los/{loId}/mementosFound on 2026-01-10 01:54
-
-
Open service 35.71.150.51:443 · onerecord.iata.org
2026-01-10 01:54
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Sat, 10 Jan 2026 01:54:59 GMT Expires: 0 Location: https://iata-cargo.github.io/ONE-Record/ Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FhZ%2Fy5HcPrLVkZs5I0f0s9PVBBEfgeqtIMN54Hk5lwg%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1768010099"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FhZ%2Fy5HcPrLVkZs5I0f0s9PVBBEfgeqtIMN54Hk5lwg%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1768010099" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-10 by HttpPluginCreate report
-
Open service 35.71.150.51:443 · onerecord.iata.org
2026-01-03 00:12
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Sat, 03 Jan 2026 00:12:31 GMT Expires: 0 Location: https://iata-cargo.github.io/ONE-Record/ Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=69ywxUa%2FdHI656fAg4Fp9K7PtrnaS0UBtmARU51Xn4Y%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1767399151"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=69ywxUa%2FdHI656fAg4Fp9K7PtrnaS0UBtmARU51Xn4Y%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1767399151" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-03 by HttpPluginCreate report
-
Open service 35.71.150.51:443 · onerecord.iata.org
2025-12-23 03:21
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Tue, 23 Dec 2025 03:21:19 GMT Expires: 0 Location: https://iata-cargo.github.io/ONE-Record/ Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=t3Ah0Nz4G3SjG%2F2r6EnJyitmF0E5HDfySI%2FfTaIcCA8%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1766460080"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=t3Ah0Nz4G3SjG%2F2r6EnJyitmF0E5HDfySI%2FfTaIcCA8%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1766460080" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.150.51:443 · onerecord.iata.org
2025-12-20 17:32
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 0 Date: Sat, 20 Dec 2025 17:32:14 GMT Expires: 0 Location: https://iata-cargo.github.io/ONE-Record/ Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=fjrV9kkTCZuiiJGijMlGPxzEcY0vIUpPUcS9x4h3Vt4%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1766251934"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=fjrV9kkTCZuiiJGijMlGPxzEcY0vIUpPUcS9x4h3Vt4%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1766251934" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-20 by HttpPluginCreate report