Domain api.valothon.com
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-13 15:26
Last seen 2026-01-13 23:37
Open for 61 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-13 23:37
-
-
Open service 64.29.17.65:443 · api.valothon.com
2026-01-09 15:37
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 112 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 15:37:33 GMT Etag: W/"70-3Rq7jGvY8VLZ9LLbEt3C3D5Wxd4" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 5000 Ratelimit-Policy: 5000;w=1500 Ratelimit-Remaining: 4999 Ratelimit-Reset: 1500 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::8htt5-1767973053155-81422e67a818 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Valothon API v0.1.8","status":"Çalışıyor","timestamp":"2026-01-09T15:37:33.225Z"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · api.valothon.com
2026-01-02 11:55
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 112 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 11:55:29 GMT Etag: W/"70-fGX3wQJz49KLox2XHzEvJRe/H38" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 5000 Ratelimit-Policy: 5000;w=1500 Ratelimit-Remaining: 4999 Ratelimit-Reset: 1500 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::llp4g-1767354926460-1a3b21547fa9 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Valothon API v0.1.8","status":"Çalışıyor","timestamp":"2026-01-02T11:55:29.688Z"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · api.valothon.com
2025-12-22 20:01
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 112 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 20:01:53 GMT Etag: W/"70-tYHJA3eNUvEjzQr2u/OLiVYGpos" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 5000 Ratelimit-Policy: 5000;w=1500 Ratelimit-Remaining: 4999 Ratelimit-Reset: 1500 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::kdz7w-1766433713543-779db70bbaa0 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Valothon API v0.1.8","status":"Çalışıyor","timestamp":"2025-12-22T20:01:53.933Z"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · api.valothon.com
2025-12-21 04:18
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 112 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sun, 21 Dec 2025 04:18:51 GMT Etag: W/"70-O+1b8F9XHxncuNU4DCJe2jYupAo" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 5000 Ratelimit-Policy: 5000;w=1500 Ratelimit-Remaining: 4999 Ratelimit-Reset: 1500 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: lhr1::iad1::7sxl5-1766290731070-7221c499ab44 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Valothon API v0.1.8","status":"Çalışıyor","timestamp":"2025-12-21T04:18:51.268Z"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · api.valothon.com
2025-12-19 04:31
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 112 Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 04:31:40 GMT Etag: W/"70-FCZXGXqa5y+7UjJTqi+RDz9BOMA" Origin-Agent-Cluster: ?1 Ratelimit-Limit: 5000 Ratelimit-Policy: 5000;w=1500 Ratelimit-Remaining: 4999 Ratelimit-Reset: 1500 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::gvq57-1766118697129-2e8d5857aa2e X-Xss-Protection: 0 Connection: close {"success":true,"message":"Valothon API v0.1.8","status":"Çalışıyor","timestamp":"2025-12-19T04:31:40.332Z"}Found 2025-12-19 by HttpPluginCreate report