LeakIX - Host api-transaction.amldev.it

Domain api-transaction.amldev.it

CLOUDFLARENET

Software information

cloudflare

tcp/443 tcp/80 tcp/8443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 188.114.97.12
Domain: api-transaction.amldev.it
Port: 443
URL: https://api-transaction.amldev.it

First seen 2025-11-05 08:02
Last seen 2026-01-09 23:38
Open for 65 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549da8dbabcb4095a4a217333e70877a90bb297c7a4

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /v1/api/transaction/stock/DeleteCodeStockTemp
DELETE /v1/api/transaction/stock/DeleteGiftCardByPinCodexForStockRetriever
DELETE /v1/api/transaction/stock/DeleteGiftCardInStock
DELETE /v1/api/transaction/stock/DeleteGiftCardInStockByPinCodex
GET /v1/api/transaction/order/GetOrderCancellationDetailsFromCodeSold
GET /v1/api/transaction/stock/CheckAvailablesCodesStock
GET /v1/api/transaction/stock/CheckBurnDate
GET /v1/api/transaction/stock/CheckIfCodeExists
GET /v1/api/transaction/stock/CheckReservationInStock
GET /v1/api/transaction/stock/GetAttemptList
GET /v1/api/transaction/stock/GetB2CPendingOrderCodeUsage
GET /v1/api/transaction/stock/GetCodeStock
GET /v1/api/transaction/stock/GetCurrencies
GET /v1/api/transaction/stock/GetCurrencyById
GET /v1/api/transaction/stock/GetCurrencyByIsoCode
GET /v1/api/transaction/stock/GetCurrencyChanges
GET /v1/api/transaction/stock/GetNotDeletableCodes
GET /v1/api/transaction/stock/GetPaymentCard
GET /v1/api/transaction/stock/GetPinCodeSoldBurnDate
GET /v1/api/transaction/stock/GetPinCodeSoldDetails
GET /v1/api/transaction/stock/GetRetailerShopsFromOperationsByCodexAndRetailerId
GET /v1/api/transaction/stock/GetStockPinCodesSold
GET /v1/api/transaction/stock/GetStockPinCodesSoldByRetailerId
GET /v1/api/transaction/stock/IsValidSaleCodex
GET /v1/api/transaction/stock/ReserveCodeStock
PATCH /v1/api/transaction/stock/UpdateCodeStockExpiryDate
POST /v1/api/transaction/order/MergeCodeStockTemp
POST /v1/api/transaction/stock/ActivationCancel
POST /v1/api/transaction/stock/AddJakalaCodeStock
POST /v1/api/transaction/stock/BurnCancel
POST /v1/api/transaction/stock/BurnCode
POST /v1/api/transaction/stock/BurnLockCode
POST /v1/api/transaction/stock/BurnWalletCode
POST /v1/api/transaction/stock/CancelBurnWalletCode
POST /v1/api/transaction/stock/CancelPinCode
POST /v1/api/transaction/stock/CancelPinCodeNoRefund
POST /v1/api/transaction/stock/CheckCode
POST /v1/api/transaction/stock/CheckCodeJakala
POST /v1/api/transaction/stock/CheckCodeLastLock
POST /v1/api/transaction/stock/CheckCodeLastUsage
POST /v1/api/transaction/stock/CheckCodeLocks
POST /v1/api/transaction/stock/CheckCodeUsages
POST /v1/api/transaction/stock/ExtendCode
POST /v1/api/transaction/stock/FilterCodeStockGroup
POST /v1/api/transaction/stock/GenerateAndInsertCodeStock
POST /v1/api/transaction/stock/GetNotBurnedCodesByRetailerId
POST /v1/api/transaction/stock/InsertAttempt
POST /v1/api/transaction/stock/InsertCodeSold
POST /v1/api/transaction/stock/InsertCodeStockTemp
POST /v1/api/transaction/stock/InsertCodeUsage
POST /v1/api/transaction/stock/InsertGiftCardInStock
POST /v1/api/transaction/stock/InsertGiftCardInStockNoPinCodeSoldUpdate
POST /v1/api/transaction/stock/LockCode
POST /v1/api/transaction/stock/RefundBurn
POST /v1/api/transaction/stock/RetrievePaymentCards
POST /v1/api/transaction/stock/SyncSoldCodesInStock
POST /v1/api/transaction/stock/UnlockCode
POST /v1/api/transaction/stock/UpdateCodeStock
PUT /v1/api/transaction/stock/UpdateOrBurnJakalaCode
PUT /v1/api/transaction/stock/UpdatePinCodeSoldBurnedDate
PUT /v1/api/transaction/stock/UpdateReserveCodeStock

Found on 2026-01-09 23:38

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-11-05 08:02

Create report

Open service 188.114.97.12:443 · api-transaction.amldev.it

2026-01-09 23:38

HTTP/1.1 404 Not Found
Date: Fri, 09 Jan 2026 23:38:02 GMT
Transfer-Encoding: chunked
Connection: close
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Strict-Transport-Security: max-age=0; includeSubDomains
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=8,cfOrigin;dur=137
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8Z7C%2BfUntDIqOOts7yXs0Dr4C3YL4m8LC%2FRRYkmWZ5A%2F1xzhzVsLZJcS5D2VPRyqZBXN%2FNufrf61CvcKeYcRZMe86O4K4u%2B3kex4Ij3H0sLY9mWrGQnydvo%3D"}]}
Server: cloudflare
CF-RAY: 9bb7c414ac885e45-LHR
alt-svc: h3=":443"; ma=86400

Found 2026-01-09 by HttpPlugin

Create report

Open service 188.114.97.12:443 · api-transaction.amldev.it

2026-01-02 01:58

HTTP/1.1 404 Not Found
Date: Fri, 02 Jan 2026 01:58:11 GMT
Transfer-Encoding: chunked
Connection: close
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Strict-Transport-Security: max-age=0; includeSubDomains
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=10,cfOrigin;dur=89
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9J7o0NEElbag6w9V2LYDoHnm%2B00Ied%2B6erILSpyCvl6%2Bgf3RDooCYzZbhePgJ%2Bzyo8LZ4FtUde3MToPXCYBkVfDjkNj3H6u1fa77D79CBm5iYpSrDmgxckM%3D"}]}
Server: cloudflare
CF-RAY: 9b76a65ebd0578ab-FRA
alt-svc: h3=":443"; ma=86400

Found 2026-01-02 by HttpPlugin