Domain lend-api-nonprod.sentry.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 184.86.103.216
Domain: lend-api-nonprod.sentry.com
Port: 443
URL: https://lend-api-nonprod.sentry.comFirst seen 2025-11-25 11:35
Last seen 2026-01-15 23:19
Open for 51 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b5155cd8449be99c7f49ceb45051a9fa60a75afdaPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /api/v1/cache/{evict} GET /api/v1/admin/users/{userId} GET /api/v1/policies/{policyNumber} GET /api/v1/users/retrieve/invite/{id} POST /api/v1/admin/users/resend-confirmation-email POST /api/v1/admin/users/search POST /api/v1/admin/users/{userId}/disable POST /api/v1/admin/users/{userId}/reactivate POST /api/v1/admin/users/{userId}/reset-password POST /api/v1/policies/{policyNumber}/lienholder POST /api/v1/users POST /api/v1/users/invite POST /api/v1/users/resend-confirmation-email POST /api/v1/users/status POST /api/v1/users/track-activitiesFound on 2026-01-15 23:19
-
-
Open service 184.86.103.216:443 · lend-api-nonprod.sentry.com
2026-01-08 22:27
HTTP/1.1 401 Unauthorized Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers WWW-Authenticate: Bearer X-Content-Type-Options: nosniff X-XSS-Protection: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY Content-Length: 0 Expires: Thu, 08 Jan 2026 22:27:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 08 Jan 2026 22:27:24 GMT Connection: close Set-Cookie: JSESSIONID=5776EE565BE1BFF4638F580943D64ADF; Path=/; Secure; HttpOnly Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=678 Server-Timing: origin; dur=308 Server-Timing: ak_p; desc="1767911243708_3092670168_198919024_98678_13414_94_123_-";dur=1
Found 2026-01-08 by HttpPluginCreate report
-
Open service 184.86.103.216:443 · lend-api-nonprod.sentry.com
2026-01-01 21:47
HTTP/1.1 401 Unauthorized Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers WWW-Authenticate: Bearer X-Content-Type-Options: nosniff X-XSS-Protection: 0 Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Frame-Options: DENY Content-Length: 0 Expires: Thu, 01 Jan 2026 21:47:10 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 01 Jan 2026 21:47:10 GMT Connection: close Set-Cookie: JSESSIONID=F62204FAF82C61A0130A925C4EE544BA; Path=/; Secure; HttpOnly Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=448 Server-Timing: origin; dur=80 Server-Timing: ak_p; desc="1767304030110_3092670162_2130122812_52808_13326_17_38_-";dur=1
Found 2026-01-01 by HttpPluginCreate report
-
Open service 184.86.103.216:443 · lend-api-nonprod.sentry.com
2025-12-22 07:15
HTTP/1.1 503 Service Unavailable Content-Type: text/html Content-Length: 162 Expires: Mon, 22 Dec 2025 07:15:48 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 07:15:48 GMT Connection: close Server-Timing: cdn-cache; desc=MISS Server-Timing: edge; dur=102 Server-Timing: origin; dur=11 Server-Timing: ak_p; desc="1766387747983_3092670168_689156823_11205_7820_92_95_-";dur=1 Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> </body> </html>
Found 2025-12-22 by HttpPluginCreate report