LeakIX - Host 23.50.59.17

Host 23.50.59.17

Sweden

Akamai International B.V.

Software information

AkamaiGHost

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.59.17
Domain: whitelabel.rewardsapp.stg.iagl.digital
Port: 443
URL: https://whitelabel.rewardsapp.stg.iagl.digital

First seen 2025-11-24 03:35
Last seen 2026-02-09 01:45
Open for 76 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d6008400587dc816fefe4583c63fbc2159a78bc72d0

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /programmes/{programmeCode}/member/devices/{membershipNumber}/{deviceType}/{deviceToken}
DELETE /programmes/{programmeCode}/{iso}/member/linked-cards/{membershipNumber}/{id}
GET /programmes/{programmeCode}/content/{isoCode}/config
GET /programmes/{programmeCode}/content/{isoCode}/servicemessages
GET /programmes/{programmeCode}/content/{iso}/floatingPage/{membershipNumber}
GET /programmes/{programmeCode}/content/{iso}/onboarding
GET /programmes/{programmeCode}/content/{iso}/{membershipNumber}/applicationInformationAsset
GET /programmes/{programmeCode}/content/{iso}/{membershipNumber}/applicationInformationAssets
GET /programmes/{programmeCode}/flights/{iso}/options
GET /programmes/{programmeCode}/member/account/{membershipNumber}
GET /programmes/{programmeCode}/member/{membershipNumber}/details
GET /programmes/{programmeCode}/members/{iso}/messages/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/account/balance/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/account/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/contentful/{membershipNumber}/{microCopyName}
GET /programmes/{programmeCode}/{iso}/home/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/info/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/sidemenu/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/spend/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/webchat/openinghours/{membershipNumber}
GET /programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/allcabins
GET /programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/bookingurls
GET /programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/broadsearch
GET /programmes/{programmeCode}/{iso}/{membershipNumber}/flight/routes
GET /spend/programmes/{programmeCode}/{iso}/spend/{membershipNumber}
GET /spend/programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/allcabins
GET /spend/programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/bookingurls
GET /spend/programmes/{programmeCode}/{iso}/{membershipNumber}/flight/availability/broadsearch
GET /spend/programmes/{programmeCode}/{iso}/{membershipNumber}/flight/routes
POST /programmes/{programmeCode}/member/devices/{membershipNumber}/{deviceType}
POST /programmes/{programmeCode}/members/{membershipNumber}/messages/{messageId}/ack
POST /programmes/{programmeCode}/{iso}/app/behaviour/tap/{membershipNumber}
POST /programmes/{programmeCode}/{iso}/firsttimelogin/{membershipNumber}
PUT /programmes/{programmeCode}/{iso}/onboarding/{membershipNumber}/status

Found on 2026-02-09 01:45

Create report

Open service 23.50.59.17:80 · 848-254-8390-smoke.webexp-ipqa1.com

2026-01-26 16:57

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 399
Expires: Mon, 26 Jan 2026 16:57:51 GMT
Date: Mon, 26 Jan 2026 16:57:51 GMT
Connection: close
X-Akamai-Staging: ESSL

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;848&#45;254&#45;8390&#45;smoke&#46;webexp&#45;ipqa1&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;d3b3217&#46;1769446671&#46;2a21a7
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;d3b3217&#46;1769446671&#46;2a21a7</P>
</BODY>
</HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 23.50.59.17:80 · 675-438-8387-smoke.webexp-ipqa1.com

2026-01-26 13:58

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 399
Expires: Mon, 26 Jan 2026 13:58:51 GMT
Date: Mon, 26 Jan 2026 13:58:51 GMT
Connection: close
X-Akamai-Staging: ESSL

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;675&#45;438&#45;8387&#45;smoke&#46;webexp&#45;ipqa1&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;d3b3217&#46;1769435931&#46;20f913
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;d3b3217&#46;1769435931&#46;20f913</P>
</BODY>
</HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 23.50.59.17:443 · whitelabel.rewardsapp.stg.iagl.digital

2026-01-23 11:59

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-inline';connect-src 'self';style-src 'self' 'unsafe-inline'
Location: index.html
referrer-policy: no-referrer
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-frame-options: DENY
x-xss-protection: 1
Expires: Fri, 23 Jan 2026 11:59:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 11:59:06 GMT
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=800
Server-Timing: origin; dur=84
Strict-Transport-Security: max-age=15768000
X-Akamai-Staging: ESSL
Server-Timing: ak_p; desc="1769169545275_389167877_21122510_88371_19429_279_369_-";dur=1

Found 2026-01-23 by HttpPlugin

Create report

Open service 23.50.59.17:443 · whitelabel.rewardsapp.stg.iagl.digital

2026-01-09 13:53

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-inline';connect-src 'self';style-src 'self' 'unsafe-inline'
Location: index.html
referrer-policy: no-referrer
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-frame-options: DENY
x-xss-protection: 1
Expires: Fri, 09 Jan 2026 13:53:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 13:53:36 GMT
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=92
Server-Timing: origin; dur=74
Strict-Transport-Security: max-age=15768000
X-Akamai-Staging: ESSL
Server-Timing: ak_p; desc="1767966816589_389167885_5048324_16545_9117_31_35_-";dur=1

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.50.59.17:80 · stg-api.bs.minna-no-ginko.com

2026-01-09 02:33

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 393
Expires: Fri, 09 Jan 2026 02:33:47 GMT
Date: Fri, 09 Jan 2026 02:33:47 GMT
Connection: close
X-Akamai-Staging: ESSL

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;stg&#45;api&#46;bs&#46;minna&#45;no&#45;ginko&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;d3b3217&#46;1767926027&#46;266542
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;d3b3217&#46;1767926027&#46;266542</P>
</BODY>
</HTML>

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.50.59.17:443 · stg-api.bs.minna-no-ginko.com

2026-01-09 02:33
Found 2026-01-09 by HttpPlugin
Create report

Open service 23.50.59.17:443 · uat.moet.com

2025-12-22 23:42

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Content-Length: 49
Cache-Control: max-age=0
Date: Mon, 22 Dec 2025 23:42:49 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Alt-Svc: h3=":443"; ma=93600
Strict-Transport-Security: max-age=15768000
WWW-Authenticate: Basic realm="Authentication required"
X-Akamai-Staging: ESSL
Set-Cookie: _abck=2DFC0FABE87AAA410BC69BF42CE97F28~-1~YAAQDTsyFxj8ej6bAQAAFbRxSA/SpmDVxIwA0uKuffCiX4Gd49OmBayu90WDzqCi+ywZOkWtgiGDtDrLV+py9ywBXXyAmZEOpza/lZ+f1fTPc7rv7/V21GPohYXLNXwAiKrkN6KMI0gaS5xIYJoq0G4/VO0E4TFV/PNl9rsIykXntvrP82b0Lvk9HPBcWeyWYnvPw0EpA7dha5SAUkFgjw1XvnZhTRVEM5LHbqaCAlaQhpHco2cH+vkEhf37gKiTm7XfkQbyiixeXgJlEJgxVRiBu2wdYiNTV0ztNvwHWmanWuNQG/OETgNkHTUzho5sIveaz81cxQYt4IZRKd9QaEnDGdWjslSuXLJjxNlOsIKdOkwshCbenRGun1ATbR268vP9BH/BGe3JhEULmZCGdfV09QDU/IZgqi7vSBden9N2zl29TtJm1QpBxdvP4PdmU9Sf~-1~-1~-1~-1~-1; Domain=.moet.com; Path=/; Expires=Tue, 22 Dec 2026 23:42:49 GMT; Max-Age=31536000; Secure
Set-Cookie: bm_sz=C0D8DC94B3BB6E3842D6EAEDD47F23BB~YAAQDTsyFxn8ej6bAQAAFbRxSB42rA5HZrptFWFQMqU/qHJJOQcY2h3rdRds9lcJdakkCtdrykNYw1twAZU5pp7EAiW3+NO9uob7k7rcfzcwBCR+ajYV2gKXiUxEoF+pPFIjkP6Mlv9BrkCNWtt590Bp3HkXoGoP1bUTVGljgd45IS0O98z6o21tGeja1R0+urmHvNzPSkOsrvTM+5ilAZ5+IhxWC2IwwhHDxLiJEx8kMreZkS3+Lb+oSYt1ZROkyyILxj8LhMCP/U1BMNZMRbV0tb+3kUIe4oX1rEuke2Wqi+C6bM2nK/oowMtglCjgAlW7aX5rMoHGqchEb8XMqGOZUVz4vFFHcUs3weiM~3622454~4339257; Domain=.moet.com; Path=/; Expires=Tue, 23 Dec 2025 03:42:49 GMT; Max-Age=14400
Server-Timing: ak_p; desc="1766446969840_389167885_9188107_17_11778_21_24_-";dur=1


<html><body>Authentication required</body></html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 23.50.59.17:443 · whitelabel.rewardsapp.stg.iagl.digital

2025-12-22 17:59

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-inline';connect-src 'self';style-src 'self' 'unsafe-inline'
Location: index.html
referrer-policy: no-referrer
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-frame-options: DENY
x-xss-protection: 1
Expires: Mon, 22 Dec 2025 17:59:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 22 Dec 2025 17:59:13 GMT
Connection: close
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=677
Server-Timing: origin; dur=79
Strict-Transport-Security: max-age=15768000
X-Akamai-Staging: ESSL
Server-Timing: ak_p; desc="1766426352922_389167885_8150171_75574_16786_30_51_-";dur=1

Found 2025-12-22 by HttpPlugin

Create report

api.rewardsapp.stg.iagl.digitalcdn.rewardsapp.stg.iagl.digitalwhitelabel.rewardsapp.stg.iagl.digital

Fingerprint:

5d97c17b30169c0dd4224219a076ccba0e23dd4886e9a195e3273b5ba2c1baf6

CN:

api.rewardsapp.stg.iagl.digital

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-24 02:36

Not after:

2026-02-22 02:36

stg-api.bs.minna-no-ginko.com

Fingerprint:

34e7705eadcd8570bf70b4d42fe33e3331355d2d630b966350ff5105e16195e7

CN:

stg-api.bs.minna-no-ginko.com

Key:

RSA-2048

Issuer:

DigiCert EV RSA CA G2

Not before:

2025-01-17 00:00

Not after:

2026-02-15 23:59

amont.dev-appstudio.moethennessy.comapi-sandbox.ardbeg.comapi-smoke.ardbeg.comapi-test.ardbeg.comapi-test2.ardbeg.comapi-test3.ardbeg.comapi-uat-ccv2.ardbeg.comaudit.dev-appstudio.moethennessy.combrandhome.dev-appstudio.moethennessy.comchampagne.dev-appstudio.moethennessy.comconsumer.dev-appstudio.moethennessy.comcustomer.dev-appstudio.moethennessy.comdemo.moethennessy.comdev-api-vinitecamobile.moet-hennessy.comdev-cueillette.moet-hennessy.comdev-epicure.moethennessy.comdev-fiorilaunchpad.moethennessy.comdev-harmony.moethennessy.comdev.clos19.comdistrib.dev-appstudio.moethennessy.comdtc.dev-appstudio.moethennessy.comfinance.dev-appstudio.moethennessy.comhr.dev-appstudio.moethennessy.comit.dev-appstudio.moethennessy.comlegal.dev-appstudio.moethennessy.comlocation.dev-appstudio.moethennessy.commanufact.dev-appstudio.moethennessy.commarketing.dev-appstudio.moethennessy.complayground.dev-appstudio.moethennessy.comproduct.dev-appstudio.moethennessy.compurchproc.dev-appstudio.moethennessy.comsandbox.clos19.comshop-sandbox.ardbeg.comshop-smoke.ardbeg.comshop-test.ardbeg.comshop-test2.ardbeg.comshop-test3.ardbeg.comshop-uat-ccv2.ardbeg.comsit.moethennessy.comsmoke.clos19.comstg-test-akamai.moet-hennessy.netsupply.dev-appstudio.moethennessy.comsustainab.dev-appstudio.moethennessy.comtest-akamai.moet-hennessy.nettest.clos19.comtest2.clos19.comtest3.clos19.comtraining.dev-appstudio.moethennessy.comuat-api-cueillette.moet-hennessy.comuat-api-vinitecamobile.moet-hennessy.comuat-artistry2025.hennessy.comuat-ccv2.clos19.comuat-consumerapp.ruinart.comuat-cueillette.moet-hennessy.comuat-epicure.moethennessy.comuat-exhibition.domperignon.sguat-fiorilaunchpad.moethennessy.comuat-harmony.moethennessy.comuat-lesvisites.hennessy.comuat-raccolta-differenziata.moethennessy.ituat-test-akamai.moet-hennessy.netuat.belvederevodka.comuat.champagnemercier.comuat.domperignon.comuat.eminente.comuat.estates-and-wines.comuat.krug.comuat.mhdhk.comuat.moet-hennessy.deuat.moet.comuat.moethennessy.comuat.numanthia.comuat.veuveclicquot.comuat2.ardbeg.comuat2.hennessy.comuat2.krug.comwww2.aoyun-wine.comwww2.hennessy.comwww2.krug.com

Fingerprint:

1fd00edebe06f7cbbd49be32e545a39b4a148a59b92e2e68600509edc408d952

CN:

uat.moethennessy.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-15 07:23

Not after:

2026-03-15 07:23

Domain summary

whitelabel.rewardsapp.stg.iagl.digital 3 848-254-8390-smoke.webexp-ipqa1.com 0 675-438-8387-smoke.webexp-ipqa1.com 0 stg-api.bs.minna-no-ginko.com 1 uat.moet.com 0

5 recorded