Domain api.animit.app
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-18 22:54
Last seen 2026-01-09 09:58
Open for 51 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-09 09:58
-
-
Open service 216.198.79.1:443 · api.animit.app
2026-01-09 09:58
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 228 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://www.datadoghq-browser-agent.com;connect-src 'self' ws: wss: https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com;child-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-ancestors 'self' http://localhost https://*.paddle.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 09:58:23 GMT Etag: W/"e4-6+qyAF895M1a9vgX1Aq6m5jZDFw" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: lhr1::iad1::8kqwn-1767952700887-0182b383ec2d X-Xss-Protection: 0 Connection: close {"success":true,"message":"Animit API is running","version":"1.0.0","endpoints":{"health":"/api/health","auth":"/api/auth","presentations":"/api/presentations","documentation":"/api-docs"},"timestamp":"2026-01-09T09:58:23.641Z"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.animit.app
2026-01-02 10:43
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 228 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://www.datadoghq-browser-agent.com;connect-src 'self' ws: wss: https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com;child-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-ancestors 'self' http://localhost https://*.paddle.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 10:43:53 GMT Etag: W/"e4-FQZzldtSC6h0Xdvsuinzv1R52Sk" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::4qhcc-1767350630985-e5f42785dcda X-Xss-Protection: 0 Connection: close {"success":true,"message":"Animit API is running","version":"1.0.0","endpoints":{"health":"/api/health","auth":"/api/auth","presentations":"/api/presentations","documentation":"/api-docs"},"timestamp":"2026-01-02T10:43:53.668Z"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.animit.app
2025-12-23 06:55
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 228 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://www.datadoghq-browser-agent.com;connect-src 'self' ws: wss: https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com;child-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-ancestors 'self' http://localhost https://*.paddle.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 23 Dec 2025 06:55:59 GMT Etag: W/"e4-IDYKPcchIliLeRAj2BWpnLc5rVg" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::cw28g-1766472956407-e5bb901fe975 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Animit API is running","version":"1.0.0","endpoints":{"health":"/api/health","auth":"/api/auth","presentations":"/api/presentations","documentation":"/api-docs"},"timestamp":"2025-12-23T06:55:59.329Z"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.animit.app
2025-12-21 07:09
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 228 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://www.datadoghq-browser-agent.com;connect-src 'self' ws: wss: https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com;child-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-ancestors 'self' http://localhost https://*.paddle.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sun, 21 Dec 2025 07:09:05 GMT Etag: W/"e4-u9xC42xNwO1FuucaHhidFY4LWIg" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::k9bth-1766300943117-44a3ccc8fd43 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Animit API is running","version":"1.0.0","endpoints":{"health":"/api/health","auth":"/api/auth","presentations":"/api/presentations","documentation":"/api-docs"},"timestamp":"2025-12-21T07:09:05.928Z"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.animit.app
2025-12-19 05:49
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 228 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' https://cdn.paddle.com https://www.datadoghq-browser-agent.com;connect-src 'self' ws: wss: https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com;child-src 'self' https://checkout.paddle.com https://sandbox-checkout.paddle.com;frame-ancestors 'self' http://localhost https://*.paddle.com;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 05:49:35 GMT Etag: W/"e4-3jN2iZlbhg2FYWUpT8Su/UWLHCs" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::dkhrd-1766123372061-9e2a64623094 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Animit API is running","version":"1.0.0","endpoints":{"health":"/api/health","auth":"/api/auth","presentations":"/api/presentations","documentation":"/api-docs"},"timestamp":"2025-12-19T05:49:35.187Z"}Found 2025-12-19 by HttpPluginCreate report