LeakIX - Host user-access-dev-2c.testfaz.net

Domain user-access-dev-2c.testfaz.net

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.18.64.200
Domain: user-access-dev-2c.testfaz.net
Port: 80
URL: http://user-access-dev-2c.testfaz.net

First seen 2025-12-04 09:14
Last seen 2026-02-09 06:49
Open for 66 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc802742641c741763

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}
POST /webhook/frisbii

Found on 2026-02-09 06:49

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc80274264e6e1d65e

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-16 08:31

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc6bfaced94f7a3e54

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-02 03:54

Create report

Open service 2.18.64.200:80 · user-access-dev-2c.testfaz.net

2026-01-09 11:07

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 5fee88af942f2b10ece194453f808e7d
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 09 Jan 2026 11:08:43 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-09T11:08:43.188+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.200:80 · user-access-dev-2c.testfaz.net

2026-01-02 03:54

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 88f2e80c5164722c3f18e632f4eda5de
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 02 Jan 2026 03:54:04 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-02T03:54:04.339+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.18.64.200:80 · user-access-dev-2c.testfaz.net

2025-12-24 13:35

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 5ab399523c6bf779944677640e0ff913
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Wed, 24 Dec 2025 13:35:34 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2025-12-24T13:35:34.047+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2025-12-24 by HttpPlugin

Create report

Open service 2.18.64.200:80 · user-access-dev-2c.testfaz.net

2025-12-22 12:21

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 53bfba77d94a563f5ca1b3c7703462b6
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Mon, 22 Dec 2025 12:21:41 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2025-12-22T12:21:41.520+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2025-12-22 by HttpPlugin

Create report

Domain summary

user-access-dev-2c.testfaz.net 6

1 recorded

IP summary

2.18.64.200 2

1 recorded