LeakIX - Host api.mohammadserif.com

Domain api.mohammadserif.com

United States

AMAZON-02

Software information

Vercel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 216.150.16.129
Domain: api.mohammadserif.com
Port: 443
URL: https://api.mohammadserif.com

First seen 2025-10-25 17:24
Last seen 2025-12-30 11:08
Open for 65 days

Severity: info
Fingerprint: 5733ddf49ff49cd110b5863caa255829c48a6c907e078695457d0d2907c83958

Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths:
DELETE /api/user/{userId}
GET /api-docs
GET /api/admin/stats
GET /api/admin/users
GET /api/admin/users/{userId}
GET /api/auth/facebook
GET /api/auth/facebook/callback
GET /api/auth/google
GET /api/auth/google/callback
GET /api/auth/oauth-status
GET /api/process-jobs
GET /api/user/all
GET /api/user/profile
GET /health
POST /api/auth/link-oauth
POST /api/auth/login
POST /api/auth/logout
POST /api/auth/logout-all
POST /api/auth/refresh-token
POST /api/auth/register
POST /api/auth/request-password-reset
POST /api/auth/request-phone-verification
POST /api/auth/resend-phone-verification
POST /api/auth/reset-password
POST /api/auth/unlink-oauth
POST /api/auth/verify-email
POST /api/auth/verify-phone
PUT /api/admin/users/{userId}/role

Found on 2025-12-30 11:08

Create report

Open service 216.150.16.129:443 · api.mohammadserif.com

2026-01-09 23:14

HTTP/1.1 404 Not Found
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 107
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Jan 2026 23:14:58 GMT
Server: Vercel
Strict-Transport-Security: max-age=63072000
X-Vercel-Error: DEPLOYMENT_NOT_FOUND
X-Vercel-Id: iad1::m8ct5-1768000498970-0679241a67be
Connection: close


The deployment could not be found on Vercel.

DEPLOYMENT_NOT_FOUND

iad1::m8ct5-1768000498970-0679241a67be

Found 2026-01-09 by HttpPlugin

Create report

Open service 216.150.16.129:443 · api.mohammadserif.com

2025-12-30 11:08

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Language: en
Content-Length: 21
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Tue, 30 Dec 2025 11:08:15 GMT
Etag: W/"15-bm7tJgu8FHlq5QU+Y6gDxOGPfRc"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: iad1::iad1::wgph9-1767092895017-44fba3b41532
X-Xss-Protection: 0
Connection: close


{"error":"Not found"}

Found 2025-12-30 by HttpPlugin

Create report

Open service 216.150.16.129:443 · api.mohammadserif.com

2025-12-22 20:46

HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Language: en
Content-Length: 21
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 20:46:38 GMT
Etag: W/"15-bm7tJgu8FHlq5QU+Y6gDxOGPfRc"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::xwm5f-1766436397730-099e050f1f03
X-Xss-Protection: 0
Connection: close


{"error":"Not found"}

Found 2025-12-22 by HttpPlugin

Create report

api.mohammadserif.com

Fingerprint:

a68c94116d330d5107b1ecff86b0e47fa93e89a5fecfd706a78d8551796b814b

CN:

api.mohammadserif.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-26 05:48

Not after:

2026-03-26 05:48

api.mohammadserif.com

Fingerprint:

868bddfe54e947d5278d629235946153b0a7c8da7e55f5f2a5fed62d2c78bd96

CN:

api.mohammadserif.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-10-25 16:26

Not after:

2026-01-23 16:26

Domain summary

api.mohammadserif.com 3

1 recorded

IP summary

216.150.16.129 2

1 recorded