LeakIX - Host crapi.coderide.in

Domain crapi.coderide.in

United States

AMAZON-02

Software information

Vercel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 64.29.17.65
Domain: crapi.coderide.in
Port: 443
URL: https://crapi.coderide.in

First seen 2025-12-09 12:13
Last seen 2026-01-09 07:20
Open for 30 days

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4387d323da550cf7a5c0cd4fc024e8fa694b89d728

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /admins
GET /admins/{id}
GET /batches
GET /batches/{id}
GET /class-student-leaderboard
GET /class-tasks-performance
GET /class_batch_map
GET /class_batch_map/{id}
GET /classes
GET /classes/{id}
GET /content_coverage
GET /content_coverage/{id}
GET /courses
GET /courses/{id}
GET /faculty
GET /faculty/{id}
GET /faculty_class
GET /faculty_class/{id}
GET /faculty_courses
GET /faculty_courses/{id}
GET /language_execution_rules
GET /language_execution_rules/grouped
GET /language_execution_rules/languages
GET /language_execution_rules/{language}
GET /mcq_questions
GET /mcq_questions/{id}
GET /mcq_results
GET /mcq_results/{id}
GET /practice_program_results
GET /practice_program_results/{id}
GET /program_questions
GET /program_questions/{id}
GET /program_results
GET /program_results/{id}
GET /program_testcases
GET /program_testcases/{id}
GET /student-deep-performance/{student_id}
GET /student/{student_id}/badges-data
GET /student/{student_id}/dashboard-summary
GET /student/{student_id}/task-submissions
GET /student/{student_id}/tasks-analysis
GET /student_badges
GET /student_badges/{student_id}/{badge_id}
GET /student_batch_membership
GET /student_batch_membership/{id}
GET /student_class_enrollments
GET /student_class_enrollments/{id}
GET /student_feedbacks
GET /student_feedbacks/{id}
GET /student_practice_programs_analysis
GET /student_practice_questions
GET /student_tasks
GET /students
GET /students/{id}
GET /students/{student_id}/courses
GET /students/{student_id}/courses/{course_id}/details
GET /subtopics
GET /subtopics/{id}
GET /tasks
GET /tasks/{task_id}/questions
GET /tasks/{task_id}/results
GET /tasks/{task_id}/results/{student_id}
GET /test_submissions
GET /test_submissions/{id}
GET /topics
GET /topics/{id}
POST /admins/change-password
POST /admins/forgot-password
POST /admins/login
POST /admins/reset-password
POST /faculty/change-password
POST /faculty/forgot-password
POST /faculty/login
POST /faculty/reset-password
POST /mcq_questions/bulk
POST /program_questions/bulk
POST /students/bulk
POST /students/change-password
POST /students/forgot-password
POST /students/login
POST /students/reset-password

Found on 2026-01-09 07:20

Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4387d323da550cf7a5c0cd4fc024e8fa6975890776

Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /admins
GET /admins/{id}
GET /batches
GET /batches/{id}
GET /class-student-leaderboard
GET /class-tasks-performance
GET /class_batch_map
GET /class_batch_map/{id}
GET /classes
GET /classes/{id}
GET /content_coverage
GET /content_coverage/{id}
GET /courses
GET /courses/{id}
GET /faculty
GET /faculty/{id}
GET /faculty_class
GET /faculty_class/{id}
GET /faculty_courses
GET /faculty_courses/{id}
GET /mcq_questions
GET /mcq_questions/{id}
GET /mcq_results
GET /mcq_results/{id}
GET /practice_program_results
GET /practice_program_results/{id}
GET /program_questions
GET /program_questions/{id}
GET /program_results
GET /program_results/{id}
GET /program_testcases
GET /program_testcases/{id}
GET /student-deep-performance/{student_id}
GET /student/{student_id}/badges-data
GET /student/{student_id}/dashboard-summary
GET /student/{student_id}/task-submissions
GET /student/{student_id}/tasks-analysis
GET /student_badges
GET /student_badges/{student_id}/{badge_id}
GET /student_batch_membership
GET /student_batch_membership/{id}
GET /student_class_enrollments
GET /student_class_enrollments/{id}
GET /student_feedbacks
GET /student_feedbacks/{id}
GET /student_practice_programs_analysis
GET /student_practice_questions
GET /student_tasks
GET /students
GET /students/{id}
GET /students/{student_id}/courses
GET /students/{student_id}/courses/{course_id}/details
GET /subtopics
GET /subtopics/{id}
GET /tasks
GET /tasks/{task_id}/questions
GET /tasks/{task_id}/results
GET /tasks/{task_id}/results/{student_id}
GET /test_submissions
GET /test_submissions/{id}
GET /topics
GET /topics/{id}
POST /admins/change-password
POST /admins/forgot-password
POST /admins/login
POST /admins/reset-password
POST /faculty/change-password
POST /faculty/forgot-password
POST /faculty/login
POST /faculty/reset-password
POST /mcq_questions/bulk
POST /program_questions/bulk
POST /students/bulk
POST /students/change-password
POST /students/forgot-password
POST /students/login
POST /students/reset-password

Found on 2025-12-26 19:25

Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
Found on 2025-12-09 12:13

Create report

Open service 64.29.17.65:443 · crapi.coderide.in

2026-01-09 07:20

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 54
Content-Security-Policy: default-src 'self';script-src 'self' https://unpkg.com 'unsafe-inline';style-src 'self' https://unpkg.com 'unsafe-inline';img-src 'self' data: https://unpkg.com;connect-src 'self' https://unpkg.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 07:20:23 GMT
Etag: W/"36-X5Z3puQkm8Ctnjx6vHSbfCRdgjU"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::kxfv6-1767943222863-71479180762a
X-Xss-Protection: 0
Connection: close


{"message":"Classroom Backend Server is running 🚀"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 64.29.17.65:443 · crapi.coderide.in

2026-01-02 14:30

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 54
Content-Security-Policy: default-src 'self';script-src 'self' https://unpkg.com 'unsafe-inline';style-src 'self' https://unpkg.com 'unsafe-inline';img-src 'self' data: https://unpkg.com;connect-src 'self' https://unpkg.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 14:30:14 GMT
Etag: W/"36-X5Z3puQkm8Ctnjx6vHSbfCRdgjU"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: sfo1::iad1::8lkcv-1767364214676-274c8ce48b5e
X-Xss-Protection: 0
Connection: close


{"message":"Classroom Backend Server is running 🚀"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 64.29.17.65:443 · crapi.coderide.in

2025-12-23 02:34

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 54
Content-Security-Policy: default-src 'self';script-src 'self' https://unpkg.com 'unsafe-inline';style-src 'self' https://unpkg.com 'unsafe-inline';img-src 'self' data: https://unpkg.com;connect-src 'self' https://unpkg.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Tue, 23 Dec 2025 02:34:49 GMT
Etag: W/"36-X5Z3puQkm8Ctnjx6vHSbfCRdgjU"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: fra1::iad1::ckwb7-1766457287918-18fc64131a00
X-Xss-Protection: 0
Connection: close


{"message":"Classroom Backend Server is running 🚀"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 64.29.17.65:443 · crapi.coderide.in

2025-12-20 13:46

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 54
Content-Security-Policy: default-src 'self';script-src 'self' https://unpkg.com 'unsafe-inline';style-src 'self' https://unpkg.com 'unsafe-inline';img-src 'self' data: https://unpkg.com;connect-src 'self' https://unpkg.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 13:46:42 GMT
Etag: W/"36-X5Z3puQkm8Ctnjx6vHSbfCRdgjU"
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Server: Vercel
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Vercel-Cache: MISS
X-Vercel-Id: iad1::iad1::qlzml-1766238402482-5be63af28cbb
X-Xss-Protection: 0
Connection: close


{"message":"Classroom Backend Server is running 🚀"}

Found 2025-12-20 by HttpPlugin

Create report

crapi.coderide.in

Fingerprint:

28b9397f9fcc9b83051a2a1b72ce275f51acaed1d8827be5ef196f93c00a7d43

CN:

crapi.coderide.in

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-09 11:13

Not after:

2026-03-09 11:13

Domain summary

crapi.coderide.in 6

1 recorded

IP summary

64.29.17.65 2

1 recorded