LeakIX - Host user-access-dev-2b.testfaz.net

Domain user-access-dev-2b.testfaz.net

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.225
Domain: user-access-dev-2b.testfaz.net
Port: 80
URL: http://user-access-dev-2b.testfaz.net

First seen 2025-12-04 09:13
Last seen 2026-02-12 08:17
Open for 69 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc802742641c741763

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}
POST /webhook/frisbii

Found on 2026-02-12 08:17

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc80274264e6e1d65e

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-23 07:36

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc6bfaced94f7a3e54

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-02 16:54

Create report

Open service 2.18.64.220:80 · user-access-dev-2b.testfaz.net

2026-01-23 07:36

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: d177345be356634e5a2279dbbc6be917
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 23 Jan 2026 07:36:54 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-23T07:36:54.253+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-23 by HttpPlugin

Create report

Domain summary

user-access-dev-2b.testfaz.net 3

1 recorded

IP summary

2.18.64.220 1 2.16.183.225 1

2 recorded