LeakIX - Host 44.236.208.179

Host 44.236.208.179

United States

AMAZON-02

Ubuntu

Software information

awselb awselb 2.0

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 44.236.208.179
Domain: api.account.sprintray.com
Port: 443
URL: https://api.account.sprintray.com

First seen 2025-12-02 05:22
Last seen 2025-12-04 00:32
Open for 1 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d606fd2c9442c20ec9ab1f2ddcca62a1bf5e1bdc76c

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/users/{email}
GET /api/Health
GET /api/country/list-options/{parentId}
GET /api/country/search
GET /api/feedback/upload-link
GET /api/ng/available/{email}
GET /api/office/{facilityNumber}/available/{officeId}
GET /api/office/{officeId}/country-change-allowed/{newCountryId}
GET /api/organization-region/list-options/{parentId}
GET /api/organization-region/search
GET /api/organization-region/search-parent
GET /api/organization-region/{regionName}/available/{organizationId}/{id}
GET /api/organization/default-organization
GET /api/organization/domain-availability/{domain}
GET /api/organization/list-options/{parentId}
GET /api/organization/search
GET /api/promo/campaign-info
GET /api/promo/is-valid
GET /api/promo/is-valid/{userId}
GET /api/state-region/list-options/{parentId}
GET /api/state-region/search
GET /api/stripe/customer
GET /api/stripe/customer/payment-methods
GET /api/stripe/customer/payment-methods/{userId}
GET /api/stripe/customer/subscription
GET /api/stripe/customer/subscription/{userId}
GET /api/stripe/customer/{userId}
GET /api/stripe/plans
GET /api/stripe/publishable-key
GET /api/stripe/{region}/publishable-key
GET /api/stripe/{userId}/plans
GET /api/users/available/{email}
GET /api/users/business
GET /api/users/check-if-confirmed/{email}
GET /api/users/profile-picture/upload-link
GET /api/users/profile/{id}
GET /api/users/{userId}/email
GET /api/users/{userId}/profile-picture
PATCH /api/feedback/delete-files
PATCH /api/users/change-password
PATCH /api/users/complete-registration
PATCH /api/users/confirm-email
PATCH /api/users/confirm-source-email
PATCH /api/users/ngcom-treatment-unification
PATCH /api/users/personal-info
PATCH /api/users/resend-code/{email}
POST /api/Auth/login/code
POST /api/Auth/login/credentials
POST /api/Auth/refresh
POST /api/feedback/create
POST /api/ng/register
POST /api/stripe/create-subscription
POST /api/users/business-info
POST /api/users/change-dso-office/{facilityNumber}
POST /api/users/create-dso-linked/{facilityNumber}
POST /api/users/forgot-password/{email}
POST /api/users/register
POST /api/users/v2/register
PUT /api/users/tenant-user-profile

Found on 2025-12-04 00:32

Create report

Open service 44.236.208.179:443 · api.account.sprintray.com

2026-01-09 03:04

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Fri, 09 Jan 2026 03:04:23 GMT
Content-Type: text/html
Content-Length: 118
Connection: close
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests

Page title: 403 Forbidden

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 44.236.208.179:443 · api.account.sprintray.com

2026-01-02 03:36

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Fri, 02 Jan 2026 03:36:38 GMT
Content-Type: text/html
Content-Length: 118
Connection: close
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests

Page title: 403 Forbidden

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 44.236.208.179:443 · api.account.sprintray.com

2025-12-30 11:27

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Tue, 30 Dec 2025 11:27:48 GMT
Content-Type: text/html
Content-Length: 118
Connection: close
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests

Page title: 403 Forbidden

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 44.236.208.179:443 · api.account.sprintray.com

2025-12-22 14:37

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Mon, 22 Dec 2025 14:37:20 GMT
Content-Type: text/html
Content-Length: 118
Connection: close
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests

Page title: 403 Forbidden

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

login.stg.subarudriverslogin.comalb-east.stg.subarudriverslogin.comlogin2-east-test.stg.subarudriverslogin.comalb-test-east.stg.subarudriverslogin.comlogin-east.stg.subarudriverslogin.comlogin-west-test.stg.subarudriverslogin.comalb-test-west.stg.subarudriverslogin.comlogin-west.stg.subarudriverslogin.comlogin-test.stg.subarudriverslogin.comalb-west.stg.subarudriverslogin.comam-apigw-west-test.stg.subarudriverslogin.comam-apigw-east.stg.subarudriverslogin.comlogin2-east.stg.subarudriverslogin.comlogin2.stg.subarudriverslogin.comam-apigw-east-test.stg.subarudriverslogin.comopenidm-test.stg.subarudriverslogin.comlogin2-west-test.stg.subarudriverslogin.comopenidm-west.stg.subarudriverslogin.comopenidm.stg.subarudriverslogin.comlogin2-test.stg.subarudriverslogin.comlogin-east-test.stg.subarudriverslogin.comopenidm-east-test.stg.subarudriverslogin.comlogin2-west.stg.subarudriverslogin.comam-apigw-west.stg.subarudriverslogin.comopenidm-west-test.stg.subarudriverslogin.comopenidm-east.stg.subarudriverslogin.com

Fingerprint:

8523f339c641f91ba1f1cb7fd648a48d434c379f7685429659911b902e6ae4d2

CN:

Key:

RSA-2048

Issuer:

Amazon RSA 2048 M04

Not before:

2025-05-30 00:00

Not after:

2026-06-28 23:59

Domain summary

api.account.sprintray.com 4

1 recorded