Domain standalone.vrcxp.com
Germany
Software information
BunnyCDN-DE1-1082
tcp/443 tcp/80
nginx
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-08 23:24
Last seen 2026-01-23 01:58
Open for 75 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6bf1fabde6Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /account/profile GET /auth/register GET /auth/rotate-secret GET /customlobby GET /device GET /experiences GET /experiences/{experienceId}/invitation GET /headsetcenters GET /langs GET /lobby/get-version GET /lobbycore GET /servicecore GET /setup/download/{id} GET /setup/get-last-version GET /turn/credentials GET /videoplayer GET /videoplayer/get-download-url GET /videoplayer/get-last-version PATCH /experiences/{experienceId}/installed PATCH /experiences/{experienceId}/removed POST /auth/login POST /auth/refresh POST /experiences/session/{experienceId}/{experienceType}/started POST /experiences/session/{sessionId}/stopped POST /experiences/{experienceId}/notations POST /experiences/{experienceId}/notations/{notationId}/screenshotFound on 2026-01-23 01:58 -
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60b2ea5f828fc0503d0d9f7319866afd6b2857e481Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /account/profile GET /auth/register GET /auth/rotate-secret GET /customlobby GET /device GET /experiences GET /experiences/{experienceId}/invitation GET /headsetcenters GET /langs GET /lobby/get-version GET /lobbycore GET /servicecore GET /setup/download/{id} GET /setup/get-last-version GET /videoplayer GET /videoplayer/get-download-url GET /videoplayer/get-last-version PATCH /experiences/{experienceId}/installed PATCH /experiences/{experienceId}/removed POST /auth/login POST /auth/refresh POST /experiences/session/{experienceId}/{experienceType}/started POST /experiences/session/{sessionId}/stopped POST /experiences/{experienceId}/notations POST /experiences/{experienceId}/notations/{notationId}/screenshotFound on 2026-01-09 23:07
-
-
Open service 169.150.247.39:443 · standalone.vrcxp.com
2026-01-23 01:58
HTTP/1.1 301 Moved Permanently Date: Fri, 23 Jan 2026 01:58:44 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1082 CDN-PullZone: 5120066 CDN-RequestCountryCode: DE Cache-Control: public, max-age=0 Location: index.html x-envoy-upstream-service-time: 1 CDN-ProxyVer: 1.43 CDN-RequestPullSuccess: True CDN-RequestPullCode: 301 CDN-CachedAt: 01/23/2026 01:58:44 CDN-EdgeStorageId: 1053 CDN-RequestId: a94948d79a6ec074726fe1f8958b1c8e CDN-Cache: BYPASS CDN-Status: 301 CDN-RequestTime: 0
Found 2026-01-23 by HttpPluginCreate report
-
Open service 85.208.144.202:443 · standalone.vrcxp.com
2026-01-09 23:07
HTTP/1.1 301 Moved Permanently Server: nginx Date: Fri, 09 Jan 2026 23:07:46 GMT Content-Length: 0 Connection: close Location: index.html Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Referrer-Policy: same-origin X-Clacks-Overhead: GNU Terry Pratchett
Found 2026-01-09 by HttpPluginCreate report
-
Open service 169.150.247.39:443 · standalone.vrcxp.com
2026-01-08 16:44
HTTP/1.1 301 Moved Permanently Date: Thu, 08 Jan 2026 16:44:14 GMT Content-Length: 0 Connection: close Server: BunnyCDN-DE1-1082 CDN-PullZone: 5120066 CDN-RequestCountryCode: NL Location: index.html x-envoy-upstream-service-time: 1 CDN-ProxyVer: 1.43 CDN-RequestPullCode: 301 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 863 CDN-CachedAt: 01/08/2026 16:44:12 CDN-Status: 301 CDN-RequestTime: 0 CDN-RequestId: 7043a9a6044bcca6382c9debea62a80e CDN-Cache: HIT
Found 2026-01-08 by HttpPluginCreate report
-
Open service 169.150.247.39:80 · standalone.vrcxp.com
2026-01-08 16:44
HTTP/1.1 301 Moved Permanently Date: Thu, 08 Jan 2026 16:44:14 GMT Content-Type: text/html Content-Length: 166 Connection: close Server: BunnyCDN-DE1-1082 CDN-PullZone: 5120066 CDN-RequestCountryCode: GB Location: https://standalone.vrcxp.com/ CDN-RequestId: e72f3febd0e5d3bace189340f55e6ba2 CDN-RequestTime: 0 Page title: 301 Moved Permanently <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>openresty</center> </body> </html>
Found 2026-01-08 by HttpPluginCreate report
-
Open service 85.208.144.202:443 · standalone.vrcxp.com
2026-01-02 13:11
HTTP/1.1 301 Moved Permanently Server: nginx Date: Fri, 02 Jan 2026 13:11:03 GMT Content-Length: 0 Connection: close Location: index.html Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Referrer-Policy: same-origin X-Clacks-Overhead: GNU Terry Pratchett
Found 2026-01-02 by HttpPluginCreate report
-
Open service 85.208.144.202:443 · standalone.vrcxp.com
2025-12-22 13:30
HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 22 Dec 2025 13:30:38 GMT Content-Length: 0 Connection: close Location: index.html Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Referrer-Policy: same-origin X-Clacks-Overhead: GNU Terry Pratchett
Found 2025-12-22 by HttpPluginCreate report