Domain api.zymptek.com
United States
Software information
Vercel
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-05 15:52
Last seen 2026-01-09 19:02
Open for 65 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-09 19:02
-
-
Open service 216.198.79.1:443 · api.zymptek.com
2026-01-09 19:02
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 19:02:48 GMT Etag: W/"81-KKAokQETp24zSass4pQ5A7wGBY4" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 98 Ratelimit-Reset: 899 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::qbxmf-1767985368274-c41faf612342 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2026-01-09T19:02:48.360Z"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 64.29.17.65:443 · api.zymptek.com
2026-01-05 15:46
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 05 Jan 2026 15:46:19 GMT Etag: W/"81-UIZ10TeOLP1UuJ1ytZU8NIlb3i8" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 91 Ratelimit-Reset: 884 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: sfo1::iad1::fr5zp-1767627979708-da71fbf6bc1d X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2026-01-05T15:46:19.877Z"}Found 2026-01-05 by HttpPluginCreate report
-
Open service 216.198.79.65:80 · api.zymptek.com
2026-01-05 15:46
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://api.zymptek.com/ Refresh: 0;url=https://api.zymptek.com/ server: Vercel Redirecting...
Found 2026-01-05 by HttpPluginCreate report
-
Open service 216.198.79.65:443 · api.zymptek.com
2026-01-05 15:46
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 05 Jan 2026 15:46:20 GMT Etag: W/"81-15FyHVtXaKkHhZl5zlDvFGfS8+E" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 89 Ratelimit-Reset: 884 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::p8tq7-1767627979962-c77e059fd8de X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2026-01-05T15:46:20.174Z"}Found 2026-01-05 by HttpPluginCreate report
-
Open service 64.29.17.65:80 · api.zymptek.com
2026-01-05 15:46
HTTP/1.0 308 Permanent Redirect Content-Type: text/plain Location: https://api.zymptek.com/ Refresh: 0;url=https://api.zymptek.com/ server: Vercel Redirecting...
Found 2026-01-05 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.zymptek.com
2026-01-02 21:40
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 21:40:27 GMT Etag: W/"81-Ve7DZTK02B1yhh6KZzll5GL1oXw" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 99 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::v64dx-1767390026904-1bac4de5df22 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2026-01-02T21:40:27.945Z"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.zymptek.com
2025-12-23 04:40
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Tue, 23 Dec 2025 04:40:42 GMT Etag: W/"81-4351ImlYOiCZhKpPOVs4MdKzKJA" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 99 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: lhr1::iad1::r7qnh-1766464841226-155221a16b9a X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2025-12-23T04:40:42.326Z"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.zymptek.com
2025-12-21 10:01
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sun, 21 Dec 2025 10:01:31 GMT Etag: W/"81-+eQoAxq8B0WpSSbYJSCCqHNZ3Bw" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 99 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::vjkws-1766311290238-f8bbee4a08ef X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2025-12-21T10:01:31.359Z"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 216.198.79.1:443 · api.zymptek.com
2025-12-19 00:20
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-Total-Count Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 129 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self';img-src 'self' data: https:;connect-src 'self';font-src 'self';object-src 'none';media-src 'self';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 00:20:17 GMT Etag: W/"81-/YLV730lF0JmvyRv8e4YqVe4QyA" Origin-Agent-Cluster: ?1 Permissions-Policy: camera=(), microphone=(), geolocation=() Ratelimit-Limit: 100 Ratelimit-Policy: 100;w=900 Ratelimit-Remaining: 99 Ratelimit-Reset: 900 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::nn952-1766103616052-781795cef3c2 X-Xss-Protection: 0 Connection: close {"success":true,"message":"Zymptek API Server","version":"v1","environment":"development","timestamp":"2025-12-19T00:20:17.177Z"}Found 2025-12-19 by HttpPluginCreate report