LeakIX - Host dc-customer-dev.vcert.com.br

Domain dc-customer-dev.vcert.com.br

The Netherlands

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.6.31
Domain: dc-customer-dev.vcert.com.br
Port: 443
URL: https://dc-customer-dev.vcert.com.br

First seen 2025-10-24 14:23
Last seen 2026-01-19 16:34
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bd106978014e0a638fa6a92e5389f9a16fdc43590
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /v1/customer
GET /v1/customer/{customerId}/application
GET /v1/customer/{customerId}/configuration/order
GET /v1/customer/{customerId}/configuration/ssl-authenticator
GET /v1/customers
GET /v1/store
POST /v1/customer/application
POST /v1/customer/csv/imports
POST /v1/customer/{customerId}/manage/configuration/order
POST /v1/customer/{customerId}/manage/configuration/ssl-authenticator
PUT /v1/customer/application/{applicationId}
PUT /v1/customer/csv/configuration/update
```
  Found on 2026-01-19 16:34
Create report

Open service 2.16.6.31:443 · dc-customer-dev.vcert.com.br

2026-01-23 02:38

HTTP/1.1 401 Unauthorized
Content-Length: 0
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-Frame-Options: DENY
Expires: Fri, 23 Jan 2026 02:38:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 02:38:18 GMT
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=554
Server-Timing: origin; dur=134
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Server-Timing: ak_p; desc="1769135897474_34604894_1191217570_68720_5762_80_104_-";dur=1

Found 2026-01-23 by HttpPlugin

Create report

*.vcert.com.brvcert.com.br

Fingerprint:

1d9fec0e47bf2139c0db8c911389b18201d2a1893e297363da3ac656f0911ec5

CN:

*.vcert.com.br

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2026-01-19 00:00

Not after:

2027-01-19 23:59

Domain summary

dc-customer-dev.vcert.com.br 1

1 recorded

IP summary

2.16.6.31 2