Domain live.partner-api.parentpay.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 2.16.204.97
Domain: live.partner-api.parentpay.com
Port: 443
URL: https://live.partner-api.parentpay.comFirst seen 2025-11-05 11:16
Last seen 2025-11-16 13:03
Open for 11 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549777dd9fb777dd9fb777dd9fb777dd9fb777dd9fbPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/ping
Found on 2025-11-16 13:03
-
-
Open service 2.16.204.97:443 · live.partner-api.parentpay.com
2026-01-08 22:55
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Thu, 08 Jan 2026 22:55:09 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 08 Jan 2026 22:55:09 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2026-01-08T22:55:09.6106937Z","TraceId":"0HNI869IQQPTL:00Found 2026-01-08 by HttpPluginCreate report
-
Open service 2.16.204.97:443 · live.partner-api.parentpay.com
2026-01-01 22:27
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 158 Expires: Thu, 01 Jan 2026 22:27:16 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 01 Jan 2026 22:27:16 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2026-01-01T22:27:16.9167295Z","TraceId":"0HNI869IQNN2K:00000002"}Found 2026-01-01 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:14::1724:a251:80 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://live.partner-api.parentpay.com/ Expires: Wed, 31 Dec 2025 10:35:26 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:26 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.183.8:443 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 2 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Wed, 31 Dec 2025 10:35:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:24 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-31T10:35:24.1070642Z","TraceId":"0HNI869IQN21G:00000004"}Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.183.13:80 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://live.partner-api.parentpay.com/ Expires: Wed, 31 Dec 2025 10:35:26 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:26 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.183.13:443 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Wed, 31 Dec 2025 10:35:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:24 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-31T10:35:24.0666949Z","TraceId":"0HNI869IQN21G:00000003"}Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:14::1724:a24e:80 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://live.partner-api.parentpay.com/ Expires: Wed, 31 Dec 2025 10:35:26 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:26 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:14::1724:a251:443 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 2 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 160 Expires: Wed, 31 Dec 2025 10:35:23 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:23 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-31T10:35:23.4386386Z","TraceId":"0HNI869IQN21G:00000001"}Found 2025-12-31 by HttpPluginCreate report
-
Open service 2a02:26f0:3500:14::1724:a24e:443 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 2 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Wed, 31 Dec 2025 10:35:23 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:23 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-31T10:35:23.0690823Z","TraceId":"0HNI869IQN21F:00000002"}Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.183.8:80 · live.partner-api.parentpay.com
2025-12-31 10:35
HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://live.partner-api.parentpay.com/ Expires: Wed, 31 Dec 2025 10:35:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 31 Dec 2025 10:35:25 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin
Found 2025-12-31 by HttpPluginCreate report
-
Open service 2.16.204.97:443 · live.partner-api.parentpay.com
2025-12-30 06:00
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Tue, 30 Dec 2025 06:01:00 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 30 Dec 2025 06:01:00 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-30T06:01:00.1301015Z","TraceId":"0HNHRMKOUUCFU:00000002"}Found 2025-12-30 by HttpPluginCreate report
-
Open service 2.16.204.97:443 · live.partner-api.parentpay.com
2025-12-22 07:09
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Mon, 22 Dec 2025 07:09:20 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 07:09:20 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-22T07:09:20.5992288Z","TraceId":"0HNHRMKOUQSHL:00000002"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 2.16.204.97:443 · live.partner-api.parentpay.com
2025-12-20 07:42
HTTP/1.1 401 Unauthorized Content-Type: application/json request-context: appId=cid-v1:b554791b-6939-49fe-b4a8-02795dfb1cf8 content-security-policy-report-only: default-src 'self' feature-policy: accelerometer 'none'; camera 'none'; microphone 'none'; geolocation 'none'; usb 'none'; x-envoy-upstream-service-time: 1 Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 159 Expires: Sat, 20 Dec 2025 07:42:32 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 20 Dec 2025 07:42:32 GMT Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-XSS-Protection: 1; mode=block Permissions-Policy: geolocation=(), microphone=(), camera=() X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload {"StatusCode":401,"ErrorCode":"Unauthorized","Message":"Unauthorized access","Errors":[],"Timestamp":"2025-12-20T07:42:32.8298403Z","TraceId":"0HNHRMKOUQ0N4:00000002"}Found 2025-12-20 by HttpPluginCreate report