Domain api.studynt.app
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-15 07:40
Last seen 2026-01-09 07:28
Open for 54 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-09 07:28
-
-
Open service 64.29.17.1:443 · api.studynt.app
2026-01-09 07:28
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 147 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 07:28:07 GMT Etag: W/"93-2j+/NjqRESAtNcyq9V1GZD7+vDo" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::fncph-1767943687197-2916c33bff76 X-Xss-Protection: 0 Connection: close {"message":"Welcome to StudyNT Engine API","version":"1.0.0","status":"running","timestamp":"2026-01-09T07:28:07.274Z","documentation":"/api-docs"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.studynt.app
2026-01-02 06:12
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 147 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 06:12:29 GMT Etag: W/"93-/UOSRYwVMB2Xw38uiS2AsEcNuEs" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::ff6gj-1767334348616-2afde48fb1e1 X-Xss-Protection: 0 Connection: close {"message":"Welcome to StudyNT Engine API","version":"1.0.0","status":"running","timestamp":"2026-01-02T06:12:29.833Z","documentation":"/api-docs"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.studynt.app
2025-12-22 13:55
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 147 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 13:55:07 GMT Etag: W/"93-DvlMRuugkyOrHvAbv3GgeSCG4Tw" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sin1::iad1::hjbl7-1766411706094-de3ebf9b60e2 X-Xss-Protection: 0 Connection: close {"message":"Welcome to StudyNT Engine API","version":"1.0.0","status":"running","timestamp":"2025-12-22T13:55:07.808Z","documentation":"/api-docs"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 64.29.17.1:443 · api.studynt.app
2025-12-20 13:57
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 147 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 13:57:44 GMT Etag: W/"93-avUzUH7SmWhmCFyiQjOEXUU/Q8M" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::n469q-1766239062928-b2668da7bd42 X-Xss-Protection: 0 Connection: close {"message":"Welcome to StudyNT Engine API","version":"1.0.0","status":"running","timestamp":"2025-12-20T13:57:44.097Z","documentation":"/api-docs"}Found 2025-12-20 by HttpPluginCreate report