Domain api-payment.pathecinemas.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 23.36.162.215
Domain: api-payment.pathecinemas.com
Port: 443
URL: https://api-payment.pathecinemas.comFirst seen 2025-10-18 08:27
Last seen 2026-02-09 09:39
Open for 114 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b9c341c5faf4a11eb06f15daafca5d8d574197b7dPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /api/locations GET /api/me GET /api/v1.0/cards/{id} GET /api/v1.0/cards/{id}/sessions GET /api/v1.0/gift-card/{id} GET /api/v1.0/order-details/{id} GET /api/v1.0/reporting/advanced GET /api/v1.0/reporting/advanced/{id} GET /api/v1.0/reporting/internal GET /api/v1.0/reporting/internal/{id} GET /api/v1.0/reporting/partners/{id} GET /api/v1.0/vouchers GET /api/v1.0/vouchers/info-list GET /api/v1.0/vouchers/stock-order GET /api/v1.0/vouchers/types GET /api/v1.0/vouchers/{id} GET /api/v1.0/vouchers/{id}/history GET /api/v1.0/vouchers/{id}/sessions POST /api/v1.0/cards/{id}/cancel POST /api/v1.0/cards/{id}/consume POST /api/v1.0/vouchers/activate POST /api/v1.0/vouchers/assign-activate POST /api/v1.0/vouchers/blacklist POST /api/v1.0/vouchers/unblacklist POST /api/v1.0/vouchers/{id}/blacklist POST /api/v1.0/vouchers/{id}/cancel POST /api/v1.0/vouchers/{id}/consume POST /api/v1.0/vouchers/{id}/unblacklistFound on 2026-02-09 09:39 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b9c341c5faf4a11eb06f15daafca5d8d52bcddf74Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /api/locations GET /api/me GET /api/v1.0/cards/{id} GET /api/v1.0/cards/{id}/sessions GET /api/v1.0/gift-card/{id} GET /api/v1.0/reporting/advanced GET /api/v1.0/reporting/advanced/{id} GET /api/v1.0/reporting/internal GET /api/v1.0/reporting/internal/{id} GET /api/v1.0/reporting/partners/{id} GET /api/v1.0/vouchers GET /api/v1.0/vouchers/info-list GET /api/v1.0/vouchers/stock-order GET /api/v1.0/vouchers/types GET /api/v1.0/vouchers/{id} GET /api/v1.0/vouchers/{id}/history GET /api/v1.0/vouchers/{id}/sessions POST /api/v1.0/cards/{id}/cancel POST /api/v1.0/cards/{id}/consume POST /api/v1.0/vouchers/activate POST /api/v1.0/vouchers/assign-activate POST /api/v1.0/vouchers/blacklist POST /api/v1.0/vouchers/unblacklist POST /api/v1.0/vouchers/{id}/blacklist POST /api/v1.0/vouchers/{id}/cancel POST /api/v1.0/vouchers/{id}/consume POST /api/v1.0/vouchers/{id}/unblacklistFound on 2025-12-22 02:30
-