Domain prod.api.theopenleague.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 13.248.132.87
Domain: prod.api.theopenleague.com
Port: 80
URL: http://prod.api.theopenleague.comFirst seen 2025-11-15 00:40
Last seen 2025-12-23 08:11
Open for 38 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2025-12-23 08:11
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 35.71.145.101
Domain: prod.api.theopenleague.com
Port: 443
URL: https://prod.api.theopenleague.comFirst seen 2025-11-15 00:40
Last seen 2025-12-23 08:11
Open for 38 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2025-12-23 08:11
-
-
Open service 35.71.145.101:443 · prod.api.theopenleague.com
2026-01-09 19:13
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Fri, 09 Jan 2026 19:14:01 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=nExcffe0cG65%2FsqgP%2FkDwiJmILhXh%2FLgVSvboUvHP%2FQ%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767986041"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=nExcffe0cG65%2FsqgP%2FkDwiJmILhXh%2FLgVSvboUvHP%2FQ%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767986041" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · prod.api.theopenleague.com
2026-01-09 19:13
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Fri, 09 Jan 2026 19:15:02 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JqJ3iuxw8drN7IkhOtCNsozjFs8uON6xfIyVX%2BskVf4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767986102"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=JqJ3iuxw8drN7IkhOtCNsozjFs8uON6xfIyVX%2BskVf4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767986102" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · prod.api.theopenleague.com
2026-01-02 18:44
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Fri, 02 Jan 2026 18:44:18 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6OO%2FXxKD9D3xL0SjcnVoTyyPfoQSfPKaVJU9F56IvP8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767379458"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=6OO%2FXxKD9D3xL0SjcnVoTyyPfoQSfPKaVJU9F56IvP8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767379458" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · prod.api.theopenleague.com
2026-01-02 18:44
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Fri, 02 Jan 2026 18:44:21 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=oHNWL2lXkMDCDJvulFxVJFNYGAWS0vt8vKr8Ux8cm0w%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767379461"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=oHNWL2lXkMDCDJvulFxVJFNYGAWS0vt8vKr8Ux8cm0w%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767379461" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · prod.api.theopenleague.com
2025-12-23 08:11
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Tue, 23 Dec 2025 08:11:40 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hAPaiFdOfeR0JjZ1fzTIIZDSZT9Elld%2FiGkWuFa9S0s%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766477500"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hAPaiFdOfeR0JjZ1fzTIIZDSZT9Elld%2FiGkWuFa9S0s%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766477500" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · prod.api.theopenleague.com
2025-12-23 08:11
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Tue, 23 Dec 2025 08:11:37 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=HiFdtRp6PLn0GjRnWUNmv37oR0nThMj6cEtfIPJoUao%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766477497"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=HiFdtRp6PLn0GjRnWUNmv37oR0nThMj6cEtfIPJoUao%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766477497" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2025-12-23 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · prod.api.theopenleague.com
2025-12-21 07:10
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Sun, 21 Dec 2025 07:10:11 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7m0u65hY5ADCTmXurVLOA0HafbVppB1CGh0hyLoPQ2U%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766301011"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7m0u65hY5ADCTmXurVLOA0HafbVppB1CGh0hyLoPQ2U%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766301011" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · prod.api.theopenleague.com
2025-12-21 07:10
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 0 Date: Sun, 21 Dec 2025 07:10:08 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=DKyKB8WL5KonoaFfMTykDcdyVz3ovo2%2F7U%2FBFg2UDV0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766301008"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=DKyKB8WL5KonoaFfMTykDcdyVz3ovo2%2F7U%2FBFg2UDV0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766301008" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · prod.api.theopenleague.com
2025-12-19 06:54
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 9 Content-Type: text/plain; charset=utf-8 Date: Fri, 19 Dec 2025 06:54:04 GMT Etag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=huknIpNbzMXgj2g1ghVxX18VA61ykriwnNtDrIkm5uw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766127244"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=huknIpNbzMXgj2g1ghVxX18VA61ykriwnNtDrIkm5uw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766127244" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: close Not FoundFound 2025-12-19 by HttpPluginCreate report
-
Open service 13.248.132.87:80 · prod.api.theopenleague.com
2025-12-19 06:54
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE Access-Control-Allow-Origin: prod.api.theopenleague.com Content-Length: 9 Content-Type: text/plain; charset=utf-8 Date: Fri, 19 Dec 2025 06:54:07 GMT Etag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=P8ZgVhYUNgQINP47ZsWvBpdt9P%2Bk3HWqbHXqgRj%2BQXc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766127247"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=P8ZgVhYUNgQINP47ZsWvBpdt9P%2Bk3HWqbHXqgRj%2BQXc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766127247" Server: Heroku Via: 1.1 heroku-router X-Powered-By: Express Connection: close Not FoundFound 2025-12-19 by HttpPluginCreate report