Domain paymentwallets-prod.mafrservices.com
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 2.16.183.97
Domain: paymentwallets-prod.mafrservices.com
Port: 443
URL: https://paymentwallets-prod.mafrservices.comFirst seen 2025-10-16 11:35
Last seen 2026-02-02 06:32
Open for 108 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec8419566e6934d861c42d9ff266abb1ef3fa1732cPublic Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /api/ipay/validate GET /api/ipay/verify GET /epaisa/validate GET /health GET /mpesa/callback GET /payment-wallet/v1/mafpay/balance GET /payment-wallet/v1/mafpay/txn/details GET /payment-wallet/v1/mafpay/txn/history GET /payment-wallet/v2/mafpay/txnhistory GET /wallet-dashboard/v3/{wallet} GET /wallet-dashboard/v3/{wallet}/history GET /wallet/v1/{paymentOption} POST /api/ipay/fullrefund POST /api/ipay/initiator POST /api/ipay/initpush POST /api/ipay/partialrefund POST /api/ipay/refund POST /api/ipay/search POST /api/ipay/stkpush POST /api/ipay/transact POST /epaisa/inquiry POST /epaisa/payment POST /epaisa/reversal POST /payment-wallet/v1/mafpay/adjust-credit-debit POST /payment-wallet/v1/mafpay/create/wallet POST /wallet/v1/transactionFound on 2026-02-02 06:32
-