Domain system.newcaza.com
United States
Software information
Heroku
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-29 00:28
Last seen 2026-01-09 20:48
Open for 72 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b6e67656b6e67656b6e67656b6e67656b6e67656b6e67656Public Swagger UI/API detected at path: /swagger-ui.html
Found on 2026-01-09 20:48
-
-
Open service 13.248.132.87:443 · system.newcaza.com
2026-01-09 20:48
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Security-Policy: 'self'; Content-Type: text/html;charset=UTF-8 Date: Fri, 09 Jan 2026 20:48:28 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gd5jI%2B114r39qdUbyFx040DDMpyGalIOnchDM3XUr2k%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767991708"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gd5jI%2B114r39qdUbyFx040DDMpyGalIOnchDM3XUr2k%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767991708" Server: Heroku Set-Cookie: JSESSIONID=AD5DB7D96C4EEF486B28D7D12D4F2393; Path=/; Secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding Via: 1.1 heroku-router X-Content-Security-Policy: script-src 'self' X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: close Transfer-Encoding: chunkedFound 2026-01-09 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · system.newcaza.com
2026-01-03 00:16
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Security-Policy: 'self'; Content-Type: text/html;charset=UTF-8 Date: Sat, 03 Jan 2026 00:16:58 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=FmJAoyhkSWNJJ4T3XCJTeBYaccXKQRsNEHjGCeM5Za0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767399418"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=FmJAoyhkSWNJJ4T3XCJTeBYaccXKQRsNEHjGCeM5Za0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767399418" Server: Heroku Set-Cookie: JSESSIONID=B1DBAA0F58DE2A8C9978F9F63CA88A5D; Path=/; Secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding Via: 1.1 heroku-router X-Content-Security-Policy: script-src 'self' X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: close Transfer-Encoding: chunkedFound 2026-01-03 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · system.newcaza.com
2025-12-23 08:04
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Security-Policy: 'self'; Content-Type: text/html;charset=UTF-8 Date: Tue, 23 Dec 2025 08:04:11 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=MmXNRHifTiz%2B4NA3zQRpf9LYSLOyT6ZySfUALconZJA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766477051"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=MmXNRHifTiz%2B4NA3zQRpf9LYSLOyT6ZySfUALconZJA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766477051" Server: Heroku Set-Cookie: JSESSIONID=B738EC08B6DB9C1B8ECC5BAE6EF8B5CD; Path=/; Secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding Via: 1.1 heroku-router X-Content-Security-Policy: script-src 'self' X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: close Transfer-Encoding: chunkedFound 2025-12-23 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · system.newcaza.com
2025-12-21 03:44
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Security-Policy: 'self'; Content-Type: text/html;charset=UTF-8 Date: Sun, 21 Dec 2025 03:44:26 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=bQRsFEfcshAxSr8LUc0xPBM%2FArHTTNai1OC1EaeGh4k%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766288666"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=bQRsFEfcshAxSr8LUc0xPBM%2FArHTTNai1OC1EaeGh4k%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766288666" Server: Heroku Set-Cookie: JSESSIONID=371D11A9DA8A4D9861BB440DC98E44E5; Path=/; Secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding Via: 1.1 heroku-router X-Content-Security-Policy: script-src 'self' X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: close Transfer-Encoding: chunkedFound 2025-12-21 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · system.newcaza.com
2025-12-19 02:55
HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Security-Policy: 'self'; Content-Type: text/html;charset=UTF-8 Date: Fri, 19 Dec 2025 02:55:11 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=4jlSvNM7HIxDob9i6JqGYyr%2BsgVsJNmqlIMxwsQvK6k%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766112911"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=4jlSvNM7HIxDob9i6JqGYyr%2BsgVsJNmqlIMxwsQvK6k%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766112911" Server: Heroku Set-Cookie: JSESSIONID=1B5C4A42D2C1F6994A9F86C05FC3115F; Path=/; Secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding Via: 1.1 heroku-router X-Content-Security-Policy: script-src 'self' X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: close Transfer-Encoding: chunkedFound 2025-12-19 by HttpPluginCreate report