Domain accounts.skola.africa
United States
Software information
Vercel
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-15 23:40
Last seen 2026-01-23 08:32
Open for 99 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-23 08:32
-
-
Open service 216.198.79.65:80 · accounts.skola.africa
2026-01-23 08:32
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://accounts.skola.africa/ Refresh: 0;url=https://accounts.skola.africa/ server: Vercel Redirecting...
Found 2026-01-23 by HttpPluginCreate report
-
Open service 216.198.79.65:443 · accounts.skola.africa
2026-01-23 08:32
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 23 Jan 2026 08:32:24 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::qg9xh-1769157144146-d3e265aa798f X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · accounts.skola.africa
2026-01-23 08:32
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 23 Jan 2026 08:32:24 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::q9bz6-1769157144115-dbafe8c913eb X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 64.29.17.65:80 · accounts.skola.africa
2026-01-23 08:32
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://accounts.skola.africa/ Refresh: 0;url=https://accounts.skola.africa/ server: Vercel Redirecting...
Found 2026-01-23 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · accounts.skola.africa
2026-01-23 06:49
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 23 Jan 2026 06:49:47 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: lhr1::iad1::gjkwh-1769150985011-5f0742ac5564 X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · accounts.skola.africa
2026-01-09 15:58
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 15:58:54 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::k4mcd-1767974334751-32afd06017ea X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · accounts.skola.africa
2026-01-02 22:26
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 22:27:00 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::k666f-1767392817110-04e448785924 X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · accounts.skola.africa
2025-12-22 14:21
HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: X-CSRF-Token Age: 0 Cache-Control: public, max-age=0 Content-Length: 358 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.tailwindcss.com;img-src 'self' data: https: https://images.unsplash.com;connect-src 'self' https://api.skola.africa https://*.skola.africa;frame-src 'self' https://*.skola.africa;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 14:21:21 GMT Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::7pqs9-1766413279055-f585aca5783f X-Xss-Protection: 0 Connection: close Page title: Skola Africa <!DOCTYPE html> <html lang=""> <head> <meta charset="UTF-8"> <link rel="icon" href="/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Skola Africa</title> <script type="module" crossorigin src="/assets/index-DR7pihpA.js"></script> </head> <body> <div id="app"></div> </body> </html>Found 2025-12-22 by HttpPluginCreate report