LeakIX - Host mfa.exact.com

Domain mfa.exact.com

Germany

Akamai International B.V.

Software information

Microsoft-IIS 10.0

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.157
Domain: mfa.exact.com
Port: 443
URL: https://mfa.exact.com

First seen 2025-10-28 14:24
Last seen 2026-01-23 00:24
Open for 86 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad035499d0efe8d324429092f1eeb2a1bb75bdc15bd49ae
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Health
POST /api/v1/Issue/Send
POST /api/v1/Migrate
POST /api/v1/Register/Confirm
POST /api/v1/Register/Create
POST /api/v1/Register/IsRegistered
POST /api/v1/Register/RememberMe
POST /api/v1/Register/Reset
POST /api/v1/Register/ResetAllRememberMe
POST /api/v1/Verify
```
  Found on 2026-01-23 00:24
Create report

Open service 23.50.131.157:443 · mfa.exact.com

2026-01-23 00:24

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:2fa41c56-85da-4636-88c8-7cb4dc5369c3
X-Powered-By: ASP.NET
Expires: Fri, 23 Jan 2026 00:24:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 00:24:40 GMT
Content-Length: 24
Connection: close
Set-Cookie: ARRAffinity=82d55500056ed9d1142f9a398e6c54ebef4060a9a0ddd24c1e8d65e88b70854d;Path=/;HttpOnly;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Set-Cookie: ARRAffinitySameSite=82d55500056ed9d1142f9a398e6c54ebef4060a9a0ddd24c1e8d65e88b70854d;Path=/;HttpOnly;SameSite=None;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload


Hello, MFA service here!

Found 2026-01-23 by HttpPlugin

Create report

Open service 23.50.131.157:443 · mfa.exact.com

2026-01-09 01:06

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:2fa41c56-85da-4636-88c8-7cb4dc5369c3
X-Powered-By: ASP.NET
Expires: Fri, 09 Jan 2026 01:06:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 01:06:37 GMT
Content-Length: 24
Connection: close
Set-Cookie: ARRAffinity=e93e18b5dea1e3a3e543039e67e2944bcd3f2a09b67b426cab011a9cf7fa4fed;Path=/;HttpOnly;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Set-Cookie: ARRAffinitySameSite=e93e18b5dea1e3a3e543039e67e2944bcd3f2a09b67b426cab011a9cf7fa4fed;Path=/;HttpOnly;SameSite=None;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload


Hello, MFA service here!

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.50.131.157:443 · mfa.exact.com

2026-01-02 06:27

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:2fa41c56-85da-4636-88c8-7cb4dc5369c3
X-Powered-By: ASP.NET
Expires: Fri, 02 Jan 2026 06:27:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 02 Jan 2026 06:27:26 GMT
Content-Length: 24
Connection: close
Set-Cookie: ARRAffinity=e93e18b5dea1e3a3e543039e67e2944bcd3f2a09b67b426cab011a9cf7fa4fed;Path=/;HttpOnly;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Set-Cookie: ARRAffinitySameSite=e93e18b5dea1e3a3e543039e67e2944bcd3f2a09b67b426cab011a9cf7fa4fed;Path=/;HttpOnly;SameSite=None;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload


Hello, MFA service here!

Found 2026-01-02 by HttpPlugin

Create report

Open service 23.50.131.157:443 · mfa.exact.com

2025-12-22 10:56

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:2fa41c56-85da-4636-88c8-7cb4dc5369c3
X-Powered-By: ASP.NET
Expires: Mon, 22 Dec 2025 10:56:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 22 Dec 2025 10:56:01 GMT
Content-Length: 24
Connection: close
Set-Cookie: ARRAffinity=b761c42bdfdc9a0b5111f8fa615133527d54cdc5e66e95c8427908de51759bef;Path=/;HttpOnly;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Set-Cookie: ARRAffinitySameSite=b761c42bdfdc9a0b5111f8fa615133527d54cdc5e66e95c8427908de51759bef;Path=/;HttpOnly;SameSite=None;Secure;Domain=prd10900oeimfaweuwa.azurewebsites.net
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload


Hello, MFA service here!

Found 2025-12-22 by HttpPlugin

Create report

start.exactonline.nlacc.exactonline.beacc.exactonline.co.ukacc.exactonline.deacc.exactonline.nlaccountancy.exact.comaccountants.exact.comapigw.exactonline.beapigw.exactonline.co.ukapigw.exactonline.comapigw.exactonline.deapigw.exactonline.esapigw.exactonline.frapigw.exactonline.nlappcenter.exact.comapps.exactonline.beapps.exactonline.co.ukapps.exactonline.comapps.exactonline.deapps.exactonline.esapps.exactonline.frapps.exactonline.nlappstore.exact.combankgateway.dev.exact.combankgateway.exact.combanking.exact.combe.exactonline.combe2.exactonline.comcdn.lsg.exactonline.comde.exactonline.comde2.exactonline.comdev.bankgateway.exact.comdev.exactonline.bedev.exactonline.co.ukdev.exactonline.dedev.exactonline.nldev.ordergateway.exact.comenrolment.acc.exact.comenrolment.dev.exact.comenrolment.exact.comenrolment.tst.exact.comexperts-comptables.exact.comglobalapps.exactonline.comgrs.acc.exact.comgrs.dev.exact.comgrs.tst.exact.cominvoicegateway.exact.cominvoicing.exact.comlsg.exactonline.commfa.acc.exact.commfa.dev.exact.commfa.exact.commfa.tst.exact.comnl.exactonline.comnl2.exactonline.comnp.tst.exactonline.devone.exactonline.comone2.exactonline.comopenaccounting.exact.comopenaccounting2.exact.comordergateway.dev.exact.comordergateway.exact.compayments.exact.comsandbox.exactonline.nlservices.exactonline.comstaging.exactonline.nlstaging2.exactonline.nlstart.exactonline.bestart.exactonline.co.ukstart.exactonline.comstart.exactonline.destart.exactonline.esstart.exactonline.frstart2.exactonline.bestart2.exactonline.co.ukstart2.exactonline.comstart2.exactonline.destart2.exactonline.esstart2.exactonline.frstart2.exactonline.nlstartnl.acc.exact.comsteuerberater.exact.comtst.exactonline.betst.exactonline.co.uktst.exactonline.detst.exactonline.nl

Fingerprint:

825a73c5a55b00556b843c22a2fd6468d5dcabbbdf0c72e4099b67c7afda831e

CN:

start.exactonline.nl

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-10-28 00:00

Not after:

2026-05-08 23:59

Domain summary

mfa.exact.com 4

1 recorded

IP summary

23.50.131.157 2

1 recorded

Domain mfa.exact.com

Germany

Software information

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Domain summary

IP summary