LeakIX - Host dev.api.customers.changeback.app

Domain dev.api.customers.changeback.app

Brazil

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Kestrel Kestrel

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 20.206.176.5
Domain: dev.api.customers.changeback.app
Port: 443
URL: https://dev.api.customers.changeback.app

First seen 2025-12-23 05:41
Last seen 2026-02-02 10:23
Open for 41 days

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2026-02-02 10:23

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035492fbda0933ce86e531e650cd6b17bd68a6ddb9b4d

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /companies/{companyId}/purchase/{cashbackTransactionId}
GET /banners
GET /categories
GET /companies
GET /companies/{companyId}
GET /companies/{companyId}/market-cap
GET /companies/{companyId}/purchase/{cashbackTransactionId}/status
GET /companies/{companyId}/transactions
GET /me
GET /me/balance
GET /me/cashbacks/transactions
GET /me/financial/transactions
GET /notifications
GET /sales/checkout/{cashbackTransactionId}/status
GET /sales/{saleId}
GET /wallets
PATCH /companies/{companyId}/toggle/allow-sales
PATCH /companies/{companyId}/toggle/balance-notification
PATCH /companies/{companyId}/toggle/favorite
POST /auth/token
POST /companies/{companyId}/purchase
POST /companies/{companyId}/sale
POST /newsletter
POST /register
POST /sales/{saleId}/checkout
POST /wallets/financial/withdrawal
PUT /me/picture
PUT /wallets/financial/withdrawal/{id}/confirm

Found on 2025-12-25 05:45

Create report

Open service 20.206.176.5:443 · dev.api.customers.changeback.app

2026-01-23 15:47
```
HTTP/1.1 404 Not Found
Content-Length: 0
Connection: close
Date: Fri, 23 Jan 2026 15:48:06 GMT
Server: Kestrel
```
Found 2026-01-23 by HttpPlugin
Create report

dev.api.customers.changeback.app

Fingerprint:

431e33e7d12b5d10909f673dba0967aff8d2e2ab44d96dcaad49e841a64fc1e5

CN:

dev.api.customers.changeback.app

Key:

RSA-2048

Issuer:

GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Not before:

2025-12-23 00:00

Not after:

2026-04-14 23:59

Domain summary

dev.api.customers.changeback.app 2

1 recorded

IP summary

20.206.176.5 2

1 recorded