LeakIX - Host lend-api.sentry.com

Domain lend-api.sentry.com

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.1.250
Domain: lend-api.sentry.com
Port: 443
URL: https://lend-api.sentry.com

First seen 2025-11-26 13:55
Last seen 2026-02-04 13:01
Open for 69 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b5155cd8449be99c7f49ceb45051a9fa60a75afda
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/v1/cache/{evict}
GET /api/v1/admin/users/{userId}
GET /api/v1/policies/{policyNumber}
GET /api/v1/users/retrieve/invite/{id}
POST /api/v1/admin/users/resend-confirmation-email
POST /api/v1/admin/users/search
POST /api/v1/admin/users/{userId}/disable
POST /api/v1/admin/users/{userId}/reactivate
POST /api/v1/admin/users/{userId}/reset-password
POST /api/v1/policies/{policyNumber}/lienholder
POST /api/v1/users
POST /api/v1/users/invite
POST /api/v1/users/resend-confirmation-email
POST /api/v1/users/status
POST /api/v1/users/track-activities
```
  Found on 2026-02-04 13:01
Create report

Open service 2.16.1.250:443 · lend-api.sentry.com

2026-01-23 15:34

HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Length: 0
Expires: Fri, 23 Jan 2026 15:34:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 15:34:36 GMT
Connection: close
Set-Cookie: JSESSIONID=84BCC3674F047055158A842A1D59D311; Path=/; Secure; HttpOnly
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=100
Server-Timing: origin; dur=22
Server-Timing: ak_p; desc="1769182476382_34603445_278037374_12133_9893_99_122_-";dur=1

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.16.1.250:443 · lend-api.sentry.com

2026-01-09 21:43

HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Length: 0
Expires: Fri, 09 Jan 2026 21:43:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 21:43:26 GMT
Connection: close
Set-Cookie: JSESSIONID=C479B44DFF8E0FF31101B98317E78C97; Path=/; Secure; HttpOnly
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=598
Server-Timing: origin; dur=23
Server-Timing: ak_p; desc="1767995006188_34603445_1109378397_62165_37808_0_73_-";dur=1

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.16.1.250:443 · lend-api.sentry.com

2026-01-02 16:46

HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Length: 0
Expires: Fri, 02 Jan 2026 16:46:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 02 Jan 2026 16:46:01 GMT
Connection: close
Set-Cookie: JSESSIONID=39AF913101813185EFBE8A9B3680226C; Path=/; Secure; HttpOnly
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=96
Server-Timing: origin; dur=29
Server-Timing: ak_p; desc="1767372361111_34603470_97276541_12573_10360_80_84_-";dur=1

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.16.1.250:443 · lend-api.sentry.com

2025-12-23 05:06

HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Bearer
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Length: 0
Expires: Tue, 23 Dec 2025 05:06:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 23 Dec 2025 05:06:58 GMT
Connection: close
Set-Cookie: JSESSIONID=4A2A1E0276C28236BEA7F16248416D0C; Path=/; Secure; HttpOnly
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=98
Server-Timing: origin; dur=14
Server-Timing: ak_p; desc="1766466418148_34603445_393768115_11116_8973_98_102_-";dur=1

Found 2025-12-23 by HttpPlugin

Create report

lend-api.sentry.com

Fingerprint:

c64e7a4d02b7620cfc48e5338dd0fd3ef462e8dcf75b546ec6307a0961fba8d7

CN:

lend-api.sentry.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-26 12:57

Not after:

2026-02-24 12:57

Domain summary

lend-api.sentry.com 4

1 recorded

IP summary

2.16.1.250 2

1 recorded

Domain lend-api.sentry.com

Germany

Swagger API description is publicly available

Create report

Create report

Create report

Create report

lend-api.sentry.com

Domain summary

IP summary