Domain avatars.thebump.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-07 12:42
Last seen 2026-02-07 16:41
Open for 92 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff437a159df728975afddc71c706cfaeceebcfaeceebPublic Swagger UI/API detected at path: /swagger.json - sample paths: GET /avatars/info GET /avatars/{member_id} GET /health POST /avatarsFound on 2026-02-07 16:41
-
-
Open service 2a02:26f0:3500:18::1724:a29e:443 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Content-Length: 60 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, auth_token Access-Control-Expose-Headers: * Access-Control-Max-Age: 1728000 Expires: Mon, 26 Jan 2026 10:03:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:38 GMT Connection: close Server-Timing: edge; dur=2 Server-Timing: origin; dur=88 Server-Timing: cdn-cache; desc=MISS Set-Cookie: tkww_op=6b338773cc674651ba0ed0db7857e2c1; path=/; domain=.avatars.thebump.com; Secure Server-Timing: ak_p; desc="1769421818012_388276382_537555648_8989_10411_99_128_-";dur=1 {"statusCode":404,"error":"Not Found","message":"Not Found"}Found 2026-01-26 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:18::1724:a29e:80 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://avatars.thebump.com/ Expires: Mon, 26 Jan 2026 10:03:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:59 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Set-Cookie: tkww_op=477d18cdfb714255bea5dd890f3d6f10; path=/; domain=.avatars.thebump.com Server-Timing: ak_p; desc="1769421839955_388276382_537572917_11_12163_101_0_-";dur=1
Found 2026-01-26 by HttpPluginCreate report
-
Open service 2.16.183.9:443 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Content-Length: 60 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, auth_token Access-Control-Expose-Headers: * Access-Control-Max-Age: 1728000 Expires: Mon, 26 Jan 2026 10:03:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:38 GMT Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=90 Server-Timing: cdn-cache; desc=MISS Set-Cookie: tkww_op=2ee39f3dc9c046a1923c5e18140a19d6; path=/; domain=.avatars.thebump.com; Secure Server-Timing: ak_p; desc="1769421818004_34610630_2521028518_9019_7740_98_101_-";dur=1 {"statusCode":404,"error":"Not Found","message":"Not Found"}Found 2026-01-26 by HttpPluginCreate report
-
Open service 2.16.183.6:443 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Content-Length: 60 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, auth_token Access-Control-Expose-Headers: * Access-Control-Max-Age: 1728000 Expires: Mon, 26 Jan 2026 10:03:37 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:37 GMT Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=89 Server-Timing: cdn-cache; desc=MISS Set-Cookie: tkww_op=5043977967d64fd8b87dafbb2e266ca1; path=/; domain=.avatars.thebump.com; Secure Server-Timing: ak_p; desc="1769421817556_34610633_3034760411_8973_5657_17_27_-";dur=1 {"statusCode":404,"error":"Not Found","message":"Not Found"}Found 2026-01-26 by HttpPluginCreate report
-
Open service 2.16.183.9:80 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://avatars.thebump.com/ Expires: Mon, 26 Jan 2026 10:03:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:59 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Set-Cookie: tkww_op=e993f25953cf4bbf8cece7aaa8772808; path=/; domain=.avatars.thebump.com Server-Timing: ak_p; desc="1769421839249_34610633_3034852048_8_6000_18_0_-";dur=1
Found 2026-01-26 by HttpPluginCreate report
-
Open service 2.16.183.6:80 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 403 Forbidden Mime-Version: 1.0 Content-Type: text/html Content-Length: 373 Expires: Mon, 26 Jan 2026 10:03:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:59 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Set-Cookie: tkww_op=617457bf17afd65cb99e8609aeb146d3; path=/; domain=.avatars.thebump.com Server-Timing: ak_p; desc="1769421839221_34610630_2521252465_15_8776_17_0_-";dur=1 Page title: Access Denied <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD><BODY> <H1>Access Denied</H1> You don't have permission to access "http://avatars.thebump.com/" on this server.<P> Reference #18.c61d1002.1769421839.96474271 <P>https://errors.edgesuite.net/18.c61d1002.1769421839.96474271</P> </BODY> </HTML>
Found 2026-01-26 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:18::1724:a296:443 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Content-Length: 60 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization, auth_token Access-Control-Expose-Headers: * Access-Control-Max-Age: 1728000 Expires: Mon, 26 Jan 2026 10:03:37 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:37 GMT Connection: close Server-Timing: edge; dur=1 Server-Timing: origin; dur=90 Server-Timing: cdn-cache; desc=MISS Set-Cookie: tkww_op=78866b774dbf4865868f736f1c70d80c; path=/; domain=.avatars.thebump.com; Secure Server-Timing: ak_p; desc="1769421817419_388276374_776274756_9074_9729_0_3_-";dur=1 {"statusCode":404,"error":"Not Found","message":"Not Found"}Found 2026-01-26 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:18::1724:a296:80 · avatars.thebump.com
2026-01-26 10:03
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://avatars.thebump.com/ Expires: Mon, 26 Jan 2026 10:03:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Jan 2026 10:03:59 GMT Connection: close Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Set-Cookie: tkww_op=d2a8c8ca4835456e9a295a408c9ac3f1; path=/; domain=.avatars.thebump.com Server-Timing: ak_p; desc="1769421839661_388276374_776295325_11_9277_83_0_-";dur=1
Found 2026-01-26 by HttpPluginCreate report