Domain api.crispfrom.com
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-24 21:17
Last seen 2026-01-09 20:44
Open for 76 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 20:44
-
-
Open service 64.29.17.1:443 · api.crispfrom.com
2026-01-09 20:44
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 29 Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.crispfrom.com https://leeds-backend.vercel.app;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none' Content-Type: text/plain; charset=utf-8 Date: Fri, 09 Jan 2026 20:44:09 GMT Expect-Ct: max-age=0 Location: /health Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin, Accept X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::2wrfx-1767991449648-bc4e1ded8d48 X-Xss-Protection: 0 Connection: close Found. Redirecting to /health
Found 2026-01-09 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.crispfrom.com
2026-01-03 00:23
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 29 Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.crispfrom.com https://leeds-backend.vercel.app;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none' Content-Type: text/plain; charset=utf-8 Date: Sat, 03 Jan 2026 00:23:15 GMT Expect-Ct: max-age=0 Location: /health Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin, Accept X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::9rxv6-1767399795179-ba02f3cbf381 X-Xss-Protection: 0 Connection: close Found. Redirecting to /health
Found 2026-01-03 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.crispfrom.com
2025-12-22 20:00
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 29 Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.crispfrom.com https://leeds-backend.vercel.app;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none' Content-Type: text/plain; charset=utf-8 Date: Mon, 22 Dec 2025 20:00:12 GMT Expect-Ct: max-age=0 Location: /health Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin, Accept X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::46g5h-1766433612320-35ee34f22edb X-Xss-Protection: 0 Connection: close Found. Redirecting to /health
Found 2025-12-22 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.crispfrom.com
2025-12-21 00:48
HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 29 Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.crispfrom.com https://leeds-backend.vercel.app;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none' Content-Type: text/plain; charset=utf-8 Date: Sun, 21 Dec 2025 00:48:41 GMT Expect-Ct: max-age=0 Location: /health Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Origin, Accept X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: lhr1::iad1::kcmjh-1766278121335-edffcbba4eae X-Xss-Protection: 0 Connection: close Found. Redirecting to /health
Found 2025-12-21 by HttpPluginCreate report