LeakIX - Host extranet-api.dev.richemontpartners.com

Domain extranet-api.dev.richemontpartners.com

Germany

AMAZON-02

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 18.198.195.36
Domain: extranet-api.dev.richemontpartners.com
Port: 443
URL: https://extranet-api.dev.richemontpartners.com

First seen 2025-11-10 19:15
Last seen 2026-02-03 06:05
Open for 84 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549349faf5f61e44e379bcba3c569815b09fb4ce802

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/UsersFavorites/{id}
GET /api/AssetsResolutions
GET /api/Assortments/allowed
GET /api/Brands
GET /api/Brands/{brand}
GET /api/Countries
GET /api/Countries/{id}
GET /api/Cultures
GET /api/FileFormats
GET /api/Languages
GET /api/Packages
GET /api/Packages/self
GET /api/Packages/{packageId}
GET /api/Products/{reference}
GET /api/Products/{reference}/preview
GET /api/Roles/allowed
GET /api/Roles/self
GET /api/Users/logout
GET /api/Users/self
GET /api/Users/{id}
GET /api/UsersCarts/copy
GET /api/UsersCarts/self
GET /api/UsersFavorites
GET /api/flush
GET /api/info/autherror
GET /api/info/error
GET /api/sendmail
POST /api/Products/copy
POST /api/Products/notfound
POST /api/Products/search
POST /api/Users
POST /api/Users/search
POST /api/UsersCarts
POST /api/UsersCarts/all
PUT /api/Users/block/{email}
PUT /api/Users/self/legal
PUT /api/Users/unblock/{email}

Found on 2026-02-03 06:05

Create report

Open service 18.198.195.36:443 · extranet-api.dev.richemontpartners.com

2025-12-22 09:57

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/plain
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ServerRic: sapp00026
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=16070400
Content-Security-Policy: https:
Referrer-Policy: no-referrer
Date: Mon, 22 Dec 2025 09:57:58 GMT
Connection: close
Transfer-Encoding: chunked


Healthy

Found 2025-12-22 by HttpPlugin

Create report

biceps-api.dev.richemontpartners.comdev.richemontpartners.comextranet-api.dev.richemontpartners.com

Fingerprint:

ed6f1e71583b2ee3823355cd392e20ba33998513476d51c5e69357b36b5c469d

CN:

dev.richemontpartners.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-10 17:56

Not after:

2026-03-10 17:56

Domain summary

extranet-api.dev.richemontpartners.com 1

1 recorded

IP summary

18.198.195.36 2

1 recorded