LeakIX - Host backend.lunapay.com.br

Domain backend.lunapay.com.br

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.53.42.232
Domain: backend.lunapay.com.br
Port: 443
URL: https://backend.lunapay.com.br

First seen 2025-12-02 19:26
Last seen 2026-02-12 17:40
Open for 71 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-12 17:40
Create report

Open service 23.53.42.232:443 · backend.lunapay.com.br

2026-01-23 09:38

HTTP/1.1 404 Not Found
Content-Type: application/json; charset=utf-8
Content-Length: 103
Content-Security-Policy: script-src 'none';require-trusted-types-for 'script';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
Vary: Origin
Access-Control-Allow-Credentials: true
x-correlation-id: 360c4ed3-ca4e-4441-9fdf-5f896d520ff3
ETag: W/"67-iiT1Yywmc6e0pfoX5gQGNd75E1g"
x-envoy-upstream-service-time: 3
Expires: Fri, 23 Jan 2026 09:38:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 09:38:51 GMT
Connection: close
Strict-Transport-Security: max-age=31536000 ; includeSubDomains


{"statusCode":404,"timestamp":"2026-01-23T09:38:51.370Z","errorData":{"errorMessage":["Cannot GET /"]}}

Found 2026-01-23 by HttpPlugin

Create report

api.plataformas.finnet.com.brapi-consulta.portaldeboletos.com.brapi-gooroo-prd.finnetbrasil.techapi-pbm-prod.portaldeboletos.com.brapi-pbm.portaldeboletos.com.brapi-prod.gooroocredito.com.brapi-trackview.finnet.com.brapi.bankmanager.com.brapi.finnet.com.brapi.finnetpay.com.brapi.homolog.netfinancas.com.brapi.lunapay.com.brapi.netfinancas.com.brapi.portaldeboletos.com.brapi.projectfinnet.com.brapicheckout.finnetpay.com.brapifarmax.portaldeboletos.com.brapiocr.finnet.com.brapitrackview.finnet.com.brbackend.lunapay.com.brbiller-api.finnet.com.brbm-connect-auditoria-api-prod.finnetbrasil.techbm-connect-deposito-identificado-api-prod.finnetbrasil.techbm-connect-extrato-api-prod.finnetbrasil.techbm-connect-gerencial-api-prod.finnetbrasil.techbm-connect-open-finance-api-prod.finnetbrasil.techbm-connect-open-finance-extrato-api-prod.finnetbrasil.techbm-connect-tarefa-api-prod.finnetbrasil.techboletoonline-prod.portaldeboletos.com.brcdn.bankmanager.com.brcdn.projectfinnet.com.brchecklist.bankmanager.com.brcockpit-api-prod.finnetbrasil.techconsentimento-api.finnetbrasil.techcripto.bankmanager.com.brcrm-middleware.projectfinnet.com.brcustom-client-api-prod.finnetbrasil.techeletronic-signature-api.prod.finnetbrasil.techeletronic-signature.gooroocredito.com.brfile-manager-prod.finnetbrasil.techfile-manager-prod.gooroocredito.com.brfinancial-company-api.prod.finnetbrasil.techfinancial-company.gooroocredito.com.brgeradordocumentos.homolog.netfinancas.com.brgeradordocumentos.netfinancas.com.brintegration-prod.lunapay.com.britp-api-prod.finnetbrasil.techlunaboleto-api-prod.finnetbrasil.techmotor-cobranca-api-new-prod.finnetbrasil.techmotor-cobranca-api-prod.finnetbrasil.techmotor-de-webhook-api-prod.finnetbrasil.techmotor-recorrencia-api-prod.finnetbrasil.techmqtt.bankmanager.com.brmqtt.servicos.netfinancas.com.brmqtt2.bankmanager.com.brmqtt2.servicos.netfinancas.com.brmtls.openfinance.finnet.com.broofc.finnet.com.bropenbanking-docs.finnet.com.bropenbanking-homol.finnet.com.bropenbanking.finnet.com.bropenfinance.finnet.com.brorigin-boletoonline.portaldeboletos.com.brpayment-api-prod.gooroocredito.com.brpayment-api.prod.finnetbrasil.techprodintegration.finnetpay.com.brproxy.bankmanager.com.brrecorrencia.finnetpay.com.brrelaciona-api.finnet.com.brsafe-boarding-api.prod.finnetbrasil.techsafe-boarding.gooroocredito.com.brsaldo.finnetpay.com.brservicos-mapa-api.finnet.com.brsocketio.portalconsignado.com.brsolicitacaocadastro-boletoonline.finnet.com.brtiny.finnet.com.brtoken.bankmanager.com.brtreinamento.portalconsignado.com.brwebhookpbm.finnet.com.brwscobranca.portalconsignado.com.brwscomprovantes.portalconsignado.com.br

Fingerprint:

c41c657b3224fabd45935c3387c7e6e27422afc06134601e70597a9f780a7faf

CN:

api.plataformas.finnet.com.br

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-12-04 00:00

Not after:

2026-04-01 23:59

Domain summary

backend.lunapay.com.br 1

1 recorded

IP summary

23.53.42.232 2