LeakIX - Host 23.32.238.106

Host 23.32.238.106

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/80

AmazonS3

tcp/443

Microsoft-IIS 10.0

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.32.238.106
Domain: oms-kroger-webapp-da-classic-api-prod.przone.net
Port: 443
URL: https://oms-kroger-webapp-da-classic-api-prod.przone.net

First seen 2025-11-11 15:10
Last seen 2026-02-07 21:55
Open for 88 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e200343f12bfa821a53c7b954ce2cc18d5afd82f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/account/subscription/info
GET /api/account/user/get
GET /api/dac
GET /api/dacs
GET /api/dacs/bydivision
GET /api/dacs/{adId}
GET /api/dacs/{adId}/offers/{offerId}
GET /api/dacs/{adId}/pages/{pageId}
GET /api/dacs/{adId}/search
GET /api/events/adtitle
GET /api/events/byweek
GET /api/events/groupedbyweek
GET /api/events/{eventId}/dac
GET /api/events/{eventId}/dac/event/division
GET /api/events/{eventId}/dac/event/storeNumbers
GET /api/events/{eventId}/dac/eventOffers
GET /api/events/{eventId}/dac/offerDetails
GET /api/events/{eventId}/dac/pages
GET /api/events/{eventId}/dac/pages/{pageId}
GET /api/events/{eventId}/offers
GET /api/module
GET /api/portal/SiteSettings/key
GET /api/portal/images
POST /api/dacs/saveLogs
POST /api/events/create
POST /api/events/update
POST /api/events/{eventId}/dac/codesheet
POST /api/events/{eventId}/dac/page/create
POST /api/events/{eventId}/dac/page/pageOrder
POST /api/events/{eventId}/dac/page/update
POST /api/events/{eventId}/dac/page/updatePageContent
POST /api/events/{eventId}/dac/page/updatePageStore
POST /api/events/{eventId}/dac/pages/bulk
POST /api/events/{eventId}/dac/pages/status
POST /api/events/{eventId}/dac/pages/{pageId}/file
POST /api/events/{eventId}/dac/publish
POST /api/events/{eventId}/dac/unpublish
POST /api/portal/file-upload
POST /api/portal/files-upload

Found on 2026-02-07 21:55

Create report

Open service 23.32.238.106:443 · 9uwkdk.top

2026-01-24 00:08

HTTP/1.1 200 OK
Server: X
Content-Type: text/html
Content-Length: 2921
Last-Modified: Tue, 23 Dec 2025 03:09:06 GMT
ETag: "694a07d2-b69"
Access-Control-Max-Age: 864000
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Accept-Ranges: bytes
Expires: Sat, 24 Jan 2026 00:08:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 24 Jan 2026 00:08:30 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
Connection: close
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *

Page title: 茶颜悦色

<!doctype html><html lang="cn"><head><meta charset="UTF-8"/><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0" name="viewport"/><link rel="icon" href="/favicon.ico" id="favicon"/><link rel="manifest" href="/manifest.json"/><link rel="apple-touch-icon" href="/icons/apple-icon.png"/><title>茶颜悦色</title><meta name="referrer" content="always"/><meta name="robots" content="index, follow"/><meta name="googlebot" content="index, follow"/><meta name="apple-touch-fullscreen" content="yes"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"/><meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/><meta name="apple-mobile-web-app-capable" content="yes"><script>window._MICHAT = window._MICHAT || function () { (_MICHAT.a = _MICHAT.a || []).push(arguments) };
      _MICHAT("accountid", 146557);
      _MICHAT("domain", "kf.jieyouwu.com");
      (function (m, d, q, j, s) {
          j = d.createElement(q),s = d.getElementsByTagName(q)[0];
          j.async = true;
          j.charset ="UTF-8";
          j.src = ("https:" == document.location.protocol ? "https://" : "http://") + "kf.jieyouwu.com/Web/JS/mivisit.js?_=t";
          s.parentNode.insertBefore(j, s);
      })(window, document, "script");</script><script>var _paq = window._paq = window._paq || [];
      /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
      _paq.push(['setCustomDimension', 1, window.location.hostname.replace("www.", "")]);         //qz24.app、gjtv8.vip、gjtv2.app…  _paq.push(['trackPageView']); 主域名(不带参数，不带www)
      _paq.push(['trackPageView']);
      _paq.push(['enableLinkTracking']);
      (function () {
        var u = "https://mt.n3fxk.top/";
        _paq.push(['setTrackerUrl', u + 'matomo.php']);
        _paq.push(['setSiteId', '31']);     //目前分配的埋点编号如下：ONE游戏落地页=28，ONE游戏H5=27，ONE游戏PC=26，ONE游戏色站简约H5=25，ONE游戏导航页=29

        var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
        g.async = true; g.src = u + 'matomo.js'; s.parentNode.insertBefore(g, s);
      })();</script><noscript><p><img src="https://mt.n3fxk.top/matomo.php?idsite=27&amp;rec=1" style="border:0" alt=""/></p></noscript><script type="module" crossorigin src="/static/index.6c6f73be.js"></script><link rel="stylesheet" href="/static/index.364c5a05.css"></head><body><div id="app"><style>.app-preloader{display:flex;flex-direction:column;align-items:center;justify-content:center;position:absolute;top:0;right:0;bottom:0;left:0;z-index:2;background:#fff3fb;color:#999}.app-preloader.light{background-color:#fff;color:#ddd}#MICHAT-FLOAT-WRAP{bottom:130px}</style><div class="app-preloader"><div class="app-preloader__label">Loading...</div></div></div></body></html>

Found 2026-01-24 by HttpPlugin

Create report

Open service 23.32.238.106:80 · 9uwkdk.top

2026-01-24 00:08

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://9uwkdk.top/
Expires: Sat, 24 Jan 2026 00:08:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 24 Jan 2026 00:08:51 GMT
Connection: close
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *

Found 2026-01-24 by HttpPlugin

Create report

Open service 23.32.238.106:443 · cdn.tuttosport.com

2026-01-11 12:00

HTTP/1.1 403 Forbidden
x-amz-bucket-region: eu-west-1
x-amz-request-id: MXRTEJ1AVEJ3T0H7
x-amz-id-2: 4IzKDyWYpTnFW6GEc4O18CYz74Jr+Wqzluo6w2hjj7qdqVW0uvIRsJSKrMhPUsQslvxObX1Cyqbx6qhHdbJENbwaAKnw9EG3
Content-Type: application/xml
Server: AmazonS3
Content-Length: 263
Cache-Control: max-age=2592000
Expires: Tue, 10 Feb 2026 12:00:04 GMT
Date: Sun, 11 Jan 2026 12:00:04 GMT
Connection: close
Access-Control-Expose-Headers: Date,Etag,Cache-Control,Last-Modified,Akamai-Request-BC
Access-Control-Allow-Headers: Content-Type,Origin,Accept,Cache-Control,skipjwtinterceptor
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: *


<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>MXRTEJ1AVEJ3T0H7</RequestId><HostId>4IzKDyWYpTnFW6GEc4O18CYz74Jr+Wqzluo6w2hjj7qdqVW0uvIRsJSKrMhPUsQslvxObX1Cyqbx6qhHdbJENbwaAKnw9EG3</HostId></Error>

Found 2026-01-11 by HttpPlugin

Create report

Open service 23.32.238.106:80 · cdn.tuttosport.com

2026-01-11 12:00

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://cdn.tuttosport.com/
Cache-Control: max-age=2592000
Expires: Tue, 10 Feb 2026 12:00:45 GMT
Date: Sun, 11 Jan 2026 12:00:45 GMT
Connection: close
Access-Control-Expose-Headers: Date,Etag,Cache-Control,Last-Modified,Akamai-Request-BC
Access-Control-Allow-Headers: Content-Type,Origin,Accept,Cache-Control,skipjwtinterceptor
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: *

Found 2026-01-11 by HttpPlugin

Create report

Open service 23.32.238.106:443 · oms-kroger-webapp-da-classic-api-prod.przone.net

2026-01-09 12:46

HTTP/1.1 404 Not Found
Content-Length: 0
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:e7669b0a-0160-4f89-968e-e278407ba1eb
X-Powered-By: ASP.NET
Date: Fri, 09 Jan 2026 12:46:50 GMT
Connection: close
Set-Cookie: ARRAffinity=62db18380e813d82256176a1fd6543a43d6a734e299ceadd8b272cc06a84c6bf;Path=/;HttpOnly;Secure;Domain=oms-kroger-webapp-da-classic-api-prod.przone.net
Set-Cookie: ARRAffinitySameSite=62db18380e813d82256176a1fd6543a43d6a734e299ceadd8b272cc06a84c6bf;Path=/;HttpOnly;SameSite=None;Secure;Domain=oms-kroger-webapp-da-classic-api-prod.przone.net
Access-Control-Allow-Origin: *

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.32.238.106:443 · oms-kroger-webapp-da-classic-api-prod.przone.net

2026-01-02 01:44

HTTP/1.1 404 Not Found
Content-Length: 0
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:e7669b0a-0160-4f89-968e-e278407ba1eb
X-Powered-By: ASP.NET
Date: Fri, 02 Jan 2026 01:44:42 GMT
Connection: close
Access-Control-Allow-Origin: *

Found 2026-01-02 by HttpPlugin

Create report

Open service 23.32.238.106:443 · oms-kroger-webapp-da-classic-api-prod.przone.net

2025-12-22 08:15

HTTP/1.1 404 Not Found
Content-Length: 0
Server: Microsoft-IIS/10.0
Request-Context: appId=cid-v1:e7669b0a-0160-4f89-968e-e278407ba1eb
X-Powered-By: ASP.NET
Date: Mon, 22 Dec 2025 08:15:26 GMT
Connection: close
Access-Control-Allow-Origin: *

Found 2025-12-22 by HttpPlugin

Create report

3kvw43.top3snvrh.top4knvdr.top6t9bvu.top74ythb.top9uwkdk.topbha3qm.topcgwby5.topcyys100.comcyys11.comcyys12.comcyys13.comcyys14.comcyys15.comcyys16.comcyys17.comcyys18.comcyys19.comcyys20.comcyys21.comcyys22.comcyys23.comcyys24.comcyys25.comcyys26.comcyys27.comcyys28.comcyys29.comcyys30.comcyys31.comcyys32.comcyys33.comcyys34.comcyys35.comcyys36.comcyys37.comcyys38.comcyys39.comcyys40.comcyys7.comcyys9.comcyys90.comcyys91.comcyys92.comcyys93.comcyys94.comcyys95.comcyys96.comcyys97.comcyys98.comcyys99.comd4cm2r.topduga18.comeezaan.topen6cug.toperopuru18.comfreejavporn18.comhitomi18.comjgn99.cnjgn99.comjgn99.netjiaogeniu.clubjiaogeniu.cnjiaogeniu.netjiaogeniu.vipmt5vqz.topn3nru6.topp8w48f.topqst5sy.topucps6b.topuvgk8z.topvn2bpg.topvugzz6.topvy7ddm.topwww.cyys11.comwww.cyys12.comwww.cyys13.comwww.cyys14.comwww.cyys15.comwww.cyys16.comwww.cyys17.comwww.cyys18.comwww.cyys19.comwww.cyys20.comwww.cyys21.comwww.cyys22.comwww.cyys23.comwww.cyys24.comwww.cyys25.comwww.cyys26.comwww.cyys27.comwww.cyys28.comwww.cyys29.comwww.cyys30.comwww.cyys7.comwww.jgn99.cnwww.jgn99.comwww.jgn99.netyouravhost18.comzmero18.com

Fingerprint:

eef5f245dcafbdf82749583e9b3b940f23f42d1190ad87eb95d2253aaa9d040f

CN:

jgn99.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-21 04:04

Not after:

2026-02-19 04:04

cdn-autosprint.corrieredellosport.itcdn-listino.inmoto.itcdn-motosprint.corrieredellosport.itcdn.auto.itcdn.corrieredellosport.itcdn.guerinsportivo.itcdn.inmoto.itcdn.tuttosport.commedia.corrieredellosport.itmedia.tuttosport.com

Fingerprint:

a5bb138df7bf84c519ec7c18b60df3eff2e48f6dddebc2c2878e8ca009aa84c9

CN:

media.corrieredellosport.it

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-02 11:53

Not after:

2026-01-31 11:53

kroger-images-prod.przone.netkroger-images-qa.przone.netkroger-pr1-promo-api-prod.przone.netkroger-pr1-promo-api-staging.przone.netkroger-promo-api-qa.przone.netkroger-wasabisys-images-prod.przone.netkroger-wasabisys-images-qa.przone.netoms-kroger-webapp-da-classic-api-prod.przone.netoms-kroger-webapp-da-classic-api-qa.przone.netpr1-analytics.przone.netpr1-std-demo-search.przone.netpr1-std-demo-std.przone.netpr1-std-dev-digitalad.przone.netpr1-std-dev-riteaid-inventory.przone.netpr1-std-dev-search.przone.netpr1-std-kroger-production-da-api.przone.netpr1-std-kroger-production-search.przone.netpr1-std-kroger-production.przone.netpr1-std-kroger-staging-da-api.przone.netpr1-std-kroger-staging-search.przone.netpr1-std-kroger-staging.przone.netpr1-std-qa-digitalad.przone.netpr1-std-qa-search.przone.netpr1-std-qaautomation-uat-da-api.przone.netpr1-std-qaautomation-uat-search.przone.netpr1-std-qaautomation-uat.przone.netpr1-std-schnucks-stg-da-api.przone.netpr1-std-schnucks-stg-search.przone.netpr1-std-schnucks-stg.przone.netpr1-std-stg-digitalad.przone.netpr1-std-tractorsupply-prod-da-api.przone.netpr1-std-tractorsupply-prod-search.przone.netpr1-std-tractorsupply-prod.przone.netpr1-std-tractorsupply-stg-da-api.przone.netpr1-std-tractorsupply-stg-search.przone.netpr1-std-tractorsupply-stg.przone.netpr1dev.przone.netpr1kroger-production.przone.netpr1kroger-staging.przone.netpr1pe-1059-akamai-image-poc.przone.netpr1qaautomation-uat.przone.netpr1schnucks-stg.przone.netpr1stdqa.przone.netpr1tractorsupply-prod.przone.netpr1tractorsupply-stg.przone.netwag-dwa-api-prod.przone.netwag-expanded-promo-api-prod.przone.netwag-images-prod.przone.netwag-images-staging.przone.netwag-oms-clone1.przone.net

Fingerprint:

8518c340ca49c12d3dbdf51ed79dde0006a33a081831c71c4b54f0cb9b7fc54f

CN:

wag-oms-clone1.przone.net

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-27 07:06

Not after:

2026-02-25 07:06

Domain summary

oms-kroger-webapp-da-classic-api-prod.przone.net 3 9uwkdk.top 1 cdn.tuttosport.com 1

3 recorded