LeakIX - Host 23.3.88.217

Host 23.3.88.217

Germany

Akamai International B.V.

Software information

istio-envoy

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.3.88.217
Domain: ampdv.alloc.loblaw.ca
Port: 443
URL: https://ampdv.alloc.loblaw.ca

First seen 2025-10-14 14:27
Last seen 2025-12-26 16:27
Open for 73 days

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaf53a0d6ee

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/clearlcdc
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/maintenance
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch
POST /v1/amp/allocation/update

Found on 2025-12-26 16:27

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdafc0c1eb5d

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/maintenance
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch
POST /v1/amp/allocation/update

Found on 2025-11-21 14:39

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaf3bc4da4b

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/clear
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch

Found on 2025-11-12 20:13

Severity: info
Fingerprint: 5733ddf49ff49cd1a8bcc6e589d0d645b9b70dea83af2a8fbf00bdaffb2157e1

Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html - sample paths:
GET /v1/amp/allocation/hold/header
GET /v1/amp/allocation/mchRefs
POST /v1/amp/allocation/allocrecup
POST /v1/amp/allocation/allocsummary
POST /v1/amp/allocation/exceptions/excel
POST /v1/amp/allocation/exceptions/search
POST /v1/amp/allocation/exceptions/update
POST /v1/amp/allocation/hold/comments
POST /v1/amp/allocation/hold/insert
POST /v1/amp/allocation/hold/release
POST /v1/amp/allocation/hold/search
POST /v1/amp/allocation/search
POST /v1/amp/allocation/splitdetails
POST /v1/amp/allocation/splitexcel
POST /v1/amp/allocation/splitsearch
POST /v1/amp/allocation/store-delivery-sequence/search
POST /v1/amp/allocation/summarysearch

Found on 2025-11-10 11:55

Create report

Open service 23.3.88.217:443 · ampdv.alloc.loblaw.ca

2026-01-09 06:16

HTTP/1.1 503 Service Unavailable
Content-Length: 19
Content-Type: text/plain
Server: istio-envoy
Date: Fri, 09 Jan 2026 06:16:14 GMT
Connection: close


no healthy upstream

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.3.88.217:443 · ampdv.alloc.loblaw.ca

2026-01-02 04:19

HTTP/1.1 503 Service Unavailable
Content-Length: 19
Content-Type: text/plain
Server: istio-envoy
Date: Fri, 02 Jan 2026 04:19:21 GMT
Connection: close


no healthy upstream

Found 2026-01-02 by HttpPlugin

Create report

Open service 23.3.88.217:443 · ampdv.alloc.loblaw.ca

2025-12-22 19:20

HTTP/1.1 404 Not Found
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
x-frame-options: DENY
Content-Type: application/json
x-envoy-upstream-service-time: 2
Server: istio-envoy
Content-Length: 122
Date: Mon, 22 Dec 2025 19:20:56 GMT
Connection: close


{"timestamp":"2025-12-22T19:20:56.680+00:00","status":404,"error":"Not Found","message":"No static resource .","path":"/"}

Found 2025-12-22 by HttpPlugin

Create report

www7.loblaw.caamp.alloc.loblaw.caamp.authorize.loblaw.caamp.po.loblaw.caamp.potracker.loblaw.caampdv.alloc.loblaw.caampdv.authorize.loblaw.caampdv.loblaw.caampdv.po.loblaw.caampdv.potracker.loblaw.caamput.alloc.loblaw.caamput.potracker.loblaw.caapi-preprod.pcoptimum.caapi.garfielld.loblaw.caapi.maintenance-cost.loblaw.caapi.robin.loblaw.caassets-lower.loblaws.cablue.realcanadianliquorstore.caboxfoodstores.combrtoken.loblaw.cacareers.loblaw.cacarrieres.loblaw.cad.pte03.lt.api.loblaw.cadigital.loblaws.cadrx-pch-dev2.pchealth.cadrx-pch-sit2.pchealth.cadrx-sdui-pch-bff-prod.pchealth.cagrafana.lblw.cloudhelios-dis-prod.assetful.loblaw.cahelios-lower-web-checkout.loblaw.caiframe-test.loblaw.caimep.assessmed.comimep.lifemark.caimep.vp-group.caimepapi.lifemark.caipt.potracker.loblaw.cajf-dis-prod.assetful.loblaw.cajf.assets.digital.loblaws.calmd.loblaw.caloblawuniverse.caloop.mediaaisle.cambcadmin.lifemark.cambcsync.lifemark.cambcweb.lifemark.camhcp.lifemark.camhcpapi.lifemark.camhcpstg.lifemark.camistdashboard.loblaw.canfldgrocery.canfldgrocery.comNXManagerpoc.Imedisystem.comone-checkout.loblaws.caone-checkout.pharmaprix.caone-checkout.shoppersdrugmart.caopenmetadata.loblaw.caorders.sdmshn.capcinsidersreport.capco-dis-prod.assetful.loblaw.capcx-dis-prod.assetful.loblaw.capcx.assets.digital.loblaws.caphotolab.capms-digital-fax.loblaw.capt.star.loblaw.caReferrals.lifemark.caReferralsapi.lifemark.careferralsapidemo.lifemark.careferralsdemo.lifemark.carobin.loblaw.carodashboardpr.loblaw.casapfmp.loblaw.cascheduler.loblaw.casdm-dis-prod.assetful.loblaw.casdm.assets.digital.loblaws.casentry.loblaw.cashopperinsights.mediaaisle.casi.mediaaisle.casp.realcanadianliquorstore.caspq.realcanadianliquorstore.castatic.pcoptimum.casupplier-idp.loblaw.cauniversloblaw.cautopia.banting.lblw.cloudwww.centresante.cawww.extrafoods.comwww.loblawuniverse.cawww.mediaaisle.cawww.nofrillsonline.cawww.one-checkout.joefresh.comwww.one-checkout.loblaws.cawww.one-checkout.pharmaprix.cawww.one-checkout.shoppersdrugmart.cawww.pcinsidersreport.cawww.photolab.cawww.robin.loblaw.cawww.shopnofrills.cawww.universloblaw.cawww.wontbebeat.cawww.yourindependentgrocer.comwww.zehrsgreatfood.cawww.zehrsmarkets.com

Fingerprint:

1f87f06745230a7641dc70edab34103ff04fdcab26a4ed01ee742581fdb4d4bd

CN:

www7.loblaw.ca

Key:

RSA-2048

Issuer:

DigiCert TLS RSA SHA256 2020 CA1

Not before:

2025-12-01 00:00

Not after:

2026-04-14 23:59

Domain summary

ampdv.alloc.loblaw.ca 6

1 recorded