LeakIX - Host cdn-api.stonal-dev.io

Domain cdn-api.stonal-dev.io

United States

AMAZON-02

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 18.66.192.52
Domain: cdn-api.stonal-dev.io
Port: 443
URL: https://cdn-api.stonal-dev.io

First seen 2025-12-10 00:52
Last seen 2025-12-26 12:29
Open for 16 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bd28e8508287dafbc6a9b1ccf4f1eb60b5d187d2f

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /v5/organizations/{organizationCode}/documents/{documentIdentifier}
GET /v1/organizations/{organizationCode}/users/authorizations
GET /v1/organizations/{organizationCode}/users/companies
GET /v1/organizations/{organizationCode}/users/groups
GET /v1/organizations/{organizationCode}/users/permissions
GET /v1/organizations/{organizationCode}/users/profiles
GET /v1/organizations/{organizationCode}/users/{id}
GET /v5/organizations/{organizationCode}/documents/{documentIdentifier}/files
POST /swagger/auth/token
POST /v1/organizations/{organizationCode}/users
POST /v1/organizations/{organizationCode}/users/search
POST /v5/organizations/{organizationCode}/documents/search
POST /v5/organizations/{organizationCode}/files
PUT /v5/organizations/{organizationCode}/assets/{assetIdentifier}/documents

Found on 2025-12-26 12:29

Create report

Open service 18.66.192.52:443 · cdn-api.stonal-dev.io

2026-01-09 03:19

HTTP/1.1 401 Unauthorized
Content-Length: 0
Connection: close
Date: Fri, 09 Jan 2026 03:19:42 GMT
X-Frame-Options: DENY
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Error from cloudfront
Via: 1.1 1a45d1e1304c39dfa9b034c2308f4976.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: QNMGdS1BlKpKb_Ju11lZi3kiEd4brghsBkjlk5qM9wA1DN39e_pDbg==
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin

Found 2026-01-09 by HttpPlugin

Create report

Open service 18.66.192.52:443 · cdn-api.stonal-dev.io

2026-01-02 02:47

HTTP/1.1 401 Unauthorized
Content-Length: 0
Connection: close
Date: Fri, 02 Jan 2026 02:47:02 GMT
X-Frame-Options: DENY
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Error from cloudfront
Via: 1.1 2551fa016e0e39646c40c584001d7b4e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: jfL_4yyAP1ZsR2LscziwqMwH-WWOTWqVTWOun52toz4H0tV2oq4ZiA==
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin

Found 2026-01-02 by HttpPlugin

Create report

Open service 18.66.192.52:443 · cdn-api.stonal-dev.io

2025-12-30 14:38

HTTP/1.1 401 Unauthorized
Content-Length: 0
Connection: close
Date: Tue, 30 Dec 2025 14:38:52 GMT
X-Frame-Options: DENY
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Error from cloudfront
Via: 1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: QAlSkeVd1kj4GO6MEjy8rKA6Rw7eXMhoOOcGgkRMljqvneZfhbD5SQ==
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin

Found 2025-12-30 by HttpPlugin

Create report

Open service 18.66.192.52:443 · cdn-api.stonal-dev.io

2025-12-22 10:23

HTTP/1.1 401 Unauthorized
Content-Length: 0
Connection: close
Date: Mon, 22 Dec 2025 10:23:16 GMT
X-Frame-Options: DENY
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Error from cloudfront
Via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: YwNPx3Z4Yrez70Ic0FFLRms8OEdhBK-3IxJNyf4d3cfzFzrLq8Kn5w==
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin

Found 2025-12-22 by HttpPlugin

Create report

Open service 18.66.192.52:443 · cdn-api.stonal-dev.io

2025-12-20 10:45

HTTP/1.1 401 Unauthorized
Content-Length: 0
Connection: close
Date: Sat, 20 Dec 2025 10:45:34 GMT
X-Frame-Options: DENY
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Error from cloudfront
Via: 1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: ZqSAH81ELJCMpJ5q2KbnXd4KyLuQVG9X7t0hjXU46nm5r6kkAOHiYQ==
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin

Found 2025-12-20 by HttpPlugin

Create report

cdn-api.stonal-dev.io

Fingerprint:

88b435d9d9439399a5a111de479cdf8378df7b8555a17ab97dfbddda6d700a34

CN:

cdn-api.stonal-dev.io

Key:

RSA-2048

Issuer:

Amazon RSA 2048 M04

Not before:

2025-12-10 00:00

Not after:

2027-01-08 23:59

Domain summary

cdn-api.stonal-dev.io 5

1 recorded

IP summary

1 recorded

© 2026 LeakIX v2.0.49
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice