LeakIX - Host api.invoice0.io

Domain api.invoice0.io

United States

AMAZON-02

Software information

Vercel

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 64.29.17.1
Domain: api.invoice0.io
Port: 443
URL: https://api.invoice0.io

First seen 2025-11-04 16:37
Last seen 2026-01-10 02:44
Open for 66 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-10 02:44
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2025-11-08 21:29
Create report

Open service 64.29.17.1:443 · api.invoice0.io

2026-01-10 02:44

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Sat, 10 Jan 2026 02:44:34 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: iad1::iad1::jx8jq-1768013074818-386925bd068e
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2026-01-10 by HttpPlugin

Create report

Open service 216.198.79.1:80 · api.invoice0.io

2026-01-06 21:00

HTTP/1.0 308 Permanent Redirect
Content-Type: text/plain
Location: https://api.invoice0.io/
Refresh: 0;url=https://api.invoice0.io/
server: Vercel


Redirecting...

Found 2026-01-06 by HttpPlugin

Create report

Open service 64.29.17.1:80 · api.invoice0.io

2026-01-06 21:00

HTTP/1.0 308 Permanent Redirect
Content-Type: text/plain
Location: https://api.invoice0.io/
Refresh: 0;url=https://api.invoice0.io/
server: Vercel


Redirecting...

Found 2026-01-06 by HttpPlugin

Create report

Open service 64.29.17.1:443 · api.invoice0.io

2026-01-06 21:00

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Tue, 06 Jan 2026 21:00:18 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: sfo1::iad1::mg74v-1767733218304-923ad91143ea
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2026-01-06 by HttpPlugin

Create report

Open service 216.198.79.1:443 · api.invoice0.io

2026-01-06 21:00

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Tue, 06 Jan 2026 21:00:18 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: sin1::iad1::9pz28-1767733218067-5858d8b5c1e7
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2026-01-06 by HttpPlugin

Create report

Open service 64.29.17.1:443 · api.invoice0.io

2026-01-02 16:43

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jan 2026 16:43:45 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: iad1::iad1::gjcp5-1767372225514-b773cb5fcc79
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2026-01-02 by HttpPlugin

Create report

Open service 64.29.17.1:443 · api.invoice0.io

2025-12-30 14:21

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Tue, 30 Dec 2025 14:21:32 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: sin1::iad1::vxnw8-1767104490822-6f7f55fbb039
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2025-12-30 by HttpPlugin

Create report

Open service 64.29.17.1:443 · api.invoice0.io

2025-12-23 05:01

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Tue, 23 Dec 2025 05:01:58 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: sfo1::iad1::twrfc-1766466118125-70eb9efa4fc0
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2025-12-23 by HttpPlugin

Create report

Open service 64.29.17.1:443 · api.invoice0.io

2025-12-20 15:40

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 29
Content-Security-Policy: default-src 'self';connect-src 'self' http://localhost:5001 https://api.invoice0.io https://www.invoice0.io;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;object-src 'none'
Content-Type: text/plain; charset=utf-8
Date: Sat, 20 Dec 2025 15:40:48 GMT
Expect-Ct: max-age=0
Location: /health
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Accept
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: bom1::iad1::ftqk2-1766245247510-06168dd3b4b1
X-Xss-Protection: 0
Connection: close


Found. Redirecting to /health

Found 2025-12-20 by HttpPlugin

Create report

api.invoice0.io

Fingerprint:

f6718b34024071f4fa6a3576af83d99e567f7a1a92a7a830e1825d50cf634ea8

CN:

api.invoice0.io

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-04 15:38

Not after:

2026-02-02 15:38

api.invoice0.io

Fingerprint:

1cadea07f8fa0d116eef6797a90d1621fa0e28a43d5f70521d63286955d7938e

CN:

api.invoice0.io

Key:

RSA-2048

Issuer:

R13

Not before:

2026-01-06 20:00

Not after:

2026-04-06 20:00

Domain summary

api.invoice0.io 10

1 recorded

IP summary

64.29.17.1 1 216.198.79.1 1

2 recorded

Domain api.invoice0.io

United States

Software information

Swagger API description is publicly available

api.invoice0.io

api.invoice0.io

Domain summary

IP summary