LeakIX - Host user-access-dev-4a.testfaz.net

Domain user-access-dev-4a.testfaz.net

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.18.64.197
Domain: user-access-dev-4a.testfaz.net
Port: 443
URL: https://user-access-dev-4a.testfaz.net

First seen 2025-12-04 09:14
Last seen 2026-02-09 16:11
Open for 67 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc802742641c741763

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}
POST /webhook/frisbii

Found on 2026-02-09 16:11

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc6bfaced94f7a3e54

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-23 07:36

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.18.64.197
Domain: user-access-dev-4a.testfaz.net
Port: 80
URL: http://user-access-dev-4a.testfaz.net

First seen 2025-12-04 09:14
Last seen 2026-02-09 04:55
Open for 66 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc802742641c741763

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /spotify/init
GET /spotify/link
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}
POST /webhook/frisbii

Found on 2026-02-09 04:55

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b60fee5cf8d9eff4c93b7cadc6bfaced94f7a3e54

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /authorize
GET /oauth/entitlement-check
GET /sessions
GET /user-access
GET /user/auth
GET /user/sessions
GET /user/setCookie
POST /session/{sessionId}
POST /user/login
POST /user/loginExternal
POST /user/logout
POST /user/logoutExternal
POST /user/register
POST /user/resendValidationMail
POST /user/restorePassword
POST /user/session
POST /user/session/{sessionId}

Found on 2026-01-09 12:40

Create report

Open service 2.18.64.197:443 · user-access-dev-4a.testfaz.net

2026-01-23 07:36

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: bed6976b856635bd557374b14ede3dfa
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 23 Jan 2026 07:36:32 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-23T07:36:32.072+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.18.64.197:80 · user-access-dev-4a.testfaz.net

2026-01-09 12:40

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 561aaaf1b03cef2b6c72c84fb6c2f187
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 09 Jan 2026 12:40:47 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-09T12:40:47.021+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.197:443 · user-access-dev-4a.testfaz.net

2026-01-09 11:24

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 4cbee836bfe8afda92c708039d2ced56
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 09 Jan 2026 11:24:02 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-09T11:24:02.972+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.18.64.197:443 · user-access-dev-4a.testfaz.net

2026-01-02 16:54

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: 093b9907f2170b6ab0126cd1e23ea8a5
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 02 Jan 2026 16:54:58 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-02T16:54:58.329+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.18.64.197:80 · user-access-dev-4a.testfaz.net

2026-01-02 01:54

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: dea6c09e6950b2498e44139766a512c0
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 02 Jan 2026 01:54:54 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2026-01-02T01:54:54.450+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.18.64.197:443 · user-access-dev-4a.testfaz.net

2025-12-23 07:34

HTTP/1.1 404 Not Found
Content-Type: application/json
X-Request-ID: c4c12296043f4703ca22ac510a152e47
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Tue, 23 Dec 2025 07:34:33 GMT
Content-Length: 122
Connection: close
X-Debug-A-Serial: 313-1669027486
X-Debug-A-Add-Debug-Headers: true


{"timestamp":"2025-12-23T07:34:33.348+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2025-12-23 by HttpPlugin

Create report

content-dev-1a.testfaz.netcontent-dev-1b.testfaz.netcontent-dev-1c.testfaz.netcontent-dev-1d.testfaz.netcontent-dev-1e.testfaz.netcontent-dev-2a.testfaz.netcontent-dev-2b.testfaz.netcontent-dev-2c.testfaz.netcontent-dev-2d.testfaz.netcontent-dev-2e.testfaz.netcontent-dev-3a.testfaz.netcontent-dev-3b.testfaz.netcontent-dev-4a.testfaz.netcontent-dev-4b.testfaz.netcontent-dev-5a.testfaz.netcontent-dev-5b.testfaz.netcontent-dev-5c.testfaz.netcontent-dev-5d.testfaz.netcontent-dev-5e.testfaz.netservices-dev-1a.testfaz.netservices-dev-1b.testfaz.netservices-dev-1c.testfaz.netservices-dev-1d.testfaz.netservices-dev-1e.testfaz.netservices-dev-2a.testfaz.netservices-dev-2b.testfaz.netservices-dev-2c.testfaz.netservices-dev-2d.testfaz.netservices-dev-2e.testfaz.netservices-dev-3a.testfaz.netservices-dev-3b.testfaz.netservices-dev-4a.testfaz.netservices-dev-4b.testfaz.netservices-dev-5a.testfaz.netservices-dev-5b.testfaz.netservices-dev-5c.testfaz.netservices-dev-5d.testfaz.netservices-dev-5e.testfaz.netuser-access-dev-1a.testfaz.netuser-access-dev-1b.testfaz.netuser-access-dev-1c.testfaz.netuser-access-dev-1d.testfaz.netuser-access-dev-1e.testfaz.netuser-access-dev-2a.testfaz.netuser-access-dev-2b.testfaz.netuser-access-dev-2c.testfaz.netuser-access-dev-2d.testfaz.netuser-access-dev-2e.testfaz.netuser-access-dev-3a.testfaz.netuser-access-dev-3b.testfaz.netuser-access-dev-4a.testfaz.netuser-access-dev-4b.testfaz.netuser-access-dev-5a.testfaz.netuser-access-dev-5b.testfaz.netuser-access-dev-5c.testfaz.netuser-access-dev-5d.testfaz.netuser-access-dev-5e.testfaz.netwww-dev-1a.testfaz.netwww-dev-1b.testfaz.netwww-dev-1c.testfaz.netwww-dev-1d.testfaz.netwww-dev-1e.testfaz.netwww-dev-2a.testfaz.netwww-dev-2b.testfaz.netwww-dev-2c.testfaz.netwww-dev-2d.testfaz.netwww-dev-2e.testfaz.netwww-dev-3a.testfaz.netwww-dev-3b.testfaz.netwww-dev-4a.testfaz.netwww-dev-4b.testfaz.netwww-dev-5a.testfaz.netwww-dev-5b.testfaz.netwww-dev-5c.testfaz.netwww-dev-5d.testfaz.netwww-dev-5e.testfaz.net

Fingerprint:

04868a1c35f387f27c0b8c0a0918c50ba661033947853236aa672f9b04d0cf35

CN:

www-dev-1a.testfaz.net

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-04 08:14

Not after:

2026-03-04 08:14

Domain summary

user-access-dev-4a.testfaz.net 9

1 recorded

IP summary

2.18.64.197 2

1 recorded