LeakIX - Host api.rentpetal.com

Domain api.rentpetal.com

United States

AMAZON-02

Software information

Heroku

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.217.1
Domain: api.rentpetal.com
Port: 443
URL: https://api.rentpetal.com

First seen 2025-12-09 05:57
Last seen 2026-01-09 23:58
Open for 31 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e56080eb7b1958d1133359da07bd5526168e0c7974

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/v1/delivery/{deliveryId}/arrangement/{arrangementId}
DELETE /api/v1/migration/delete-changelog
GET /api/v1/arrangement
GET /api/v1/arrangement/get_list_of_arrangement
GET /api/v1/arrangement/search_arrangement
GET /api/v1/auth/business-types
GET /api/v1/auth/countries
GET /api/v1/auth/ping
GET /api/v1/customer/customers/search
GET /api/v1/customer/filter
GET /api/v1/customer/{customerId}
GET /api/v1/delivery/deliveries
GET /api/v1/delivery/get_all_deliveries
GET /api/v1/delivery/monthly-summary
GET /api/v1/delivery/search
GET /api/v1/delivery/{deliveryId}
GET /api/v1/file
GET /api/v1/file/list
GET /api/v1/material/colours
GET /api/v1/material/export-materials
GET /api/v1/material/flowers
GET /api/v1/material/list
GET /api/v1/migration/apply-changelog
GET /api/v1/migration/initialize-schema/{orgId}
GET /api/v1/plan
GET /api/v1/plan/validate-plan/{tenantId}
GET /api/v1/plan/{id}
GET /api/v1/subscription/customer/{customerId}
GET /api/v1/subscription/{id}
GET /api/v1/tenant
GET /api/v1/tenant/team
GET /api/v1/tenant/team/get_all_tenant_team_without_pagination
GET /api/v1/tenant/team/tenant-team/search
GET /api/v1/tenant/team/tenant-team/{id}
GET /api/v1/tenant/tenant/{tenantId}/plan-history
GET /api/v1/tenant/{id}
PATCH /api/v1/delivery/{deliveryId}/add-arrangements
PATCH /api/v1/tenant/deactivateTenant/{id}
PATCH /api/v1/tenant/team/{id}
POST /api/v1/arrangement/filter
POST /api/v1/auth/auth/send-otp
POST /api/v1/auth/auth/verify-otp
POST /api/v1/auth/change-password
POST /api/v1/auth/forgot-password
POST /api/v1/auth/general-registration
POST /api/v1/auth/login
POST /api/v1/auth/register
POST /api/v1/auth/register-role
POST /api/v1/auth/reset-password
POST /api/v1/customer
POST /api/v1/delivery/complete
POST /api/v1/delivery/list
POST /api/v1/email/send-delivery-arrangements/{deliveryId}
POST /api/v1/file/upload
POST /api/v1/material/upload
POST /api/v1/subscription/
POST /api/v1/tenant/register
PUT /api/v1/customer/{customerId}/deactivate
PUT /api/v1/delivery/{deliveryId}/restock
PUT /api/v1/file/update
PUT /api/v1/migration/apply-changelog-file/{orgId}
PUT /api/v1/subscription/update/{customerId}

Found on 2026-01-09 23:58

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e56080eb7b1958d1133359da07bd552616b3a16a81

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/v1/delivery/{deliveryId}/arrangement/{arrangementId}
DELETE /api/v1/migration/delete-changelog
GET /api/v1/arrangement
GET /api/v1/arrangement/get_list_of_arrangement
GET /api/v1/arrangement/search_arrangement
GET /api/v1/auth/business-types
GET /api/v1/auth/countries
GET /api/v1/auth/ping
GET /api/v1/customer/customers/search
GET /api/v1/customer/filter
GET /api/v1/customer/{customerId}
GET /api/v1/delivery/deliveries
GET /api/v1/delivery/get_all_deliveries
GET /api/v1/delivery/search
GET /api/v1/delivery/{deliveryId}
GET /api/v1/file
GET /api/v1/file/list
GET /api/v1/material/colours
GET /api/v1/material/export-materials
GET /api/v1/material/flowers
GET /api/v1/material/list
GET /api/v1/migration/apply-changelog
GET /api/v1/migration/initialize-schema/{orgId}
GET /api/v1/plan
GET /api/v1/plan/validate-plan/{tenantId}
GET /api/v1/plan/{id}
GET /api/v1/subscription/customer/{customerId}
GET /api/v1/subscription/{id}
GET /api/v1/tenant
GET /api/v1/tenant/team
GET /api/v1/tenant/team/get_all_tenant_team_without_pagination
GET /api/v1/tenant/team/tenant-team/search
GET /api/v1/tenant/team/tenant-team/{id}
GET /api/v1/tenant/tenant/{tenantId}/plan-history
GET /api/v1/tenant/{id}
PATCH /api/v1/delivery/{deliveryId}/add-arrangements
PATCH /api/v1/tenant/deactivateTenant/{id}
PATCH /api/v1/tenant/team/{id}
POST /api/v1/arrangement/filter
POST /api/v1/auth/auth/send-otp
POST /api/v1/auth/auth/verify-otp
POST /api/v1/auth/change-password
POST /api/v1/auth/forgot-password
POST /api/v1/auth/general-registration
POST /api/v1/auth/login
POST /api/v1/auth/register
POST /api/v1/auth/register-role
POST /api/v1/auth/reset-password
POST /api/v1/customer
POST /api/v1/delivery/complete
POST /api/v1/delivery/list
POST /api/v1/email/send-delivery-arrangements/{deliveryId}
POST /api/v1/file/upload
POST /api/v1/material/upload
POST /api/v1/subscription/
POST /api/v1/tenant/register
PUT /api/v1/customer/{customerId}/deactivate
PUT /api/v1/delivery/{deliveryId}/restock
PUT /api/v1/file/update
PUT /api/v1/migration/apply-changelog-file/{orgId}
PUT /api/v1/subscription/update/{customerId}

Found on 2026-01-02 21:20

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.217.1
Domain: api.rentpetal.com
Port: 80
URL: http://api.rentpetal.com

First seen 2025-12-09 05:57
Last seen 2025-12-24 12:20
Open for 15 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e56080eb7b1958d1133359da07bd552616b3a16a81

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
DELETE /api/v1/delivery/{deliveryId}/arrangement/{arrangementId}
DELETE /api/v1/migration/delete-changelog
GET /api/v1/arrangement
GET /api/v1/arrangement/get_list_of_arrangement
GET /api/v1/arrangement/search_arrangement
GET /api/v1/auth/business-types
GET /api/v1/auth/countries
GET /api/v1/auth/ping
GET /api/v1/customer/customers/search
GET /api/v1/customer/filter
GET /api/v1/customer/{customerId}
GET /api/v1/delivery/deliveries
GET /api/v1/delivery/get_all_deliveries
GET /api/v1/delivery/search
GET /api/v1/delivery/{deliveryId}
GET /api/v1/file
GET /api/v1/file/list
GET /api/v1/material/colours
GET /api/v1/material/export-materials
GET /api/v1/material/flowers
GET /api/v1/material/list
GET /api/v1/migration/apply-changelog
GET /api/v1/migration/initialize-schema/{orgId}
GET /api/v1/plan
GET /api/v1/plan/validate-plan/{tenantId}
GET /api/v1/plan/{id}
GET /api/v1/subscription/customer/{customerId}
GET /api/v1/subscription/{id}
GET /api/v1/tenant
GET /api/v1/tenant/team
GET /api/v1/tenant/team/get_all_tenant_team_without_pagination
GET /api/v1/tenant/team/tenant-team/search
GET /api/v1/tenant/team/tenant-team/{id}
GET /api/v1/tenant/tenant/{tenantId}/plan-history
GET /api/v1/tenant/{id}
PATCH /api/v1/delivery/{deliveryId}/add-arrangements
PATCH /api/v1/tenant/deactivateTenant/{id}
PATCH /api/v1/tenant/team/{id}
POST /api/v1/arrangement/filter
POST /api/v1/auth/auth/send-otp
POST /api/v1/auth/auth/verify-otp
POST /api/v1/auth/change-password
POST /api/v1/auth/forgot-password
POST /api/v1/auth/general-registration
POST /api/v1/auth/login
POST /api/v1/auth/register
POST /api/v1/auth/register-role
POST /api/v1/auth/reset-password
POST /api/v1/customer
POST /api/v1/delivery/complete
POST /api/v1/delivery/list
POST /api/v1/email/send-delivery-arrangements/{deliveryId}
POST /api/v1/file/upload
POST /api/v1/material/upload
POST /api/v1/subscription/
POST /api/v1/tenant/register
PUT /api/v1/customer/{customerId}/deactivate
PUT /api/v1/delivery/{deliveryId}/restock
PUT /api/v1/file/update
PUT /api/v1/migration/apply-changelog-file/{orgId}
PUT /api/v1/subscription/update/{customerId}

Found on 2025-12-24 12:20

Create report

Open service 99.83.217.1:443 · api.rentpetal.com

2026-01-09 23:58

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 23:59:11 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=359ZzzkHwaIy%2F%2FRZWxaHbw%2FB5ZFdgnJ7CkI3j9SoIGk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768003150"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=359ZzzkHwaIy%2F%2FRZWxaHbw%2FB5ZFdgnJ7CkI3j9SoIGk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768003150"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2 days ago by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.rentpetal.com

2026-01-02 21:20

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 02 Jan 2026 21:20:00 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Z%2BX4cTY8ETWFzaNtAfXjrdyX3cybIfXiUY14V2YIHvs%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767388800"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Z%2BX4cTY8ETWFzaNtAfXjrdyX3cybIfXiUY14V2YIHvs%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767388800"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.rentpetal.com

2025-12-23 02:11

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 23 Dec 2025 02:11:41 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=sTIm7lZlLtKQYBvQGyxE56QG27EDLiSI4YxeIyKJjjU%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766455901"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=sTIm7lZlLtKQYBvQGyxE56QG27EDLiSI4YxeIyKJjjU%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766455901"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-23 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.rentpetal.com

2025-12-20 10:15

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sat, 20 Dec 2025 10:15:52 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=iNktVWMP6tYuXYPWopNaYJ62bOQiT6ap%2Fra%2BdGulBlw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766225752"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=iNktVWMP6tYuXYPWopNaYJ62bOQiT6ap%2Fra%2BdGulBlw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766225752"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.217.1:443 · api.rentpetal.com

2025-12-19 10:55

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 19 Dec 2025 10:55:12 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=onKd7gRnnaPQ3xOELEqmKyplUCIGWG3N0gl92xI2xpE%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766141712"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=onKd7gRnnaPQ3xOELEqmKyplUCIGWG3N0gl92xI2xpE%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766141712"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-19 by HttpPlugin

Create report

api.rentpetal.com

Fingerprint:

9d5f11281b52c1e6389b873751422683f866dd765ad87ff16a02b163408db5c7

CN:

api.rentpetal.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-09 04:57

Not after:

2026-03-09 04:57

Domain summary

api.rentpetal.com 7

1 recorded

IP summary

99.83.217.1 2

1 recorded