Domain api.calm-zen.com
United States
Software information
Tengine
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-21 17:14
Last seen 2026-01-09 00:35
Open for 79 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b518a6477bd438915b8284c285f3971acf7b06864Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /create-payment GET /deleteFile GET /execute-payment GET /index/checkVersion GET /index/getCourseData GET /index/getCourseDetail GET /index/getDiaryData GET /index/getDiaryDetail GET /index/getEvaluation GET /index/getLanguage GET /index/getMedal GET /index/getProfileTips GET /index/getShareConfig GET /index/getSubscribePageData GET /index/getTipByBusinessId GET /index/setDeleteEmail GET /login/deleteAccount GET /login/forgetPwd GET /login/getAgreementPolicy GET /login/getUserInfo GET /login/logOut POST /dubbo POST /index/getSigname POST /index/saveEvaluation POST /index/setAudioRecord POST /index/setDiaryFeel POST /index/setSigname POST /index/share POST /login/loginWithEmail POST /login/loginWithUnion POST /login/refreshToken POST /login/registerAccount POST /login/resetPwd POST /login/setForgetPwdMail POST /login/updateAccount POST /login/updatePwd POST /pay/appleNotification POST /pay/applePayCheck POST /pay/googleNotification POST /pay/googlePayCheck POST /pay/samsungGetSubscriptionStatus POST /pay/samsungNotification POST /pay/samsungPayCheck POST /paypal/ipn/back POST /uploadFile POST /znTest/testQ
Found on 2026-01-09 00:35
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-21 17:14
Last seen 2026-01-09 07:03
Open for 79 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b518a6477bd438915b8284c285f3971acf7b06864Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /create-payment GET /deleteFile GET /execute-payment GET /index/checkVersion GET /index/getCourseData GET /index/getCourseDetail GET /index/getDiaryData GET /index/getDiaryDetail GET /index/getEvaluation GET /index/getLanguage GET /index/getMedal GET /index/getProfileTips GET /index/getShareConfig GET /index/getSubscribePageData GET /index/getTipByBusinessId GET /index/setDeleteEmail GET /login/deleteAccount GET /login/forgetPwd GET /login/getAgreementPolicy GET /login/getUserInfo GET /login/logOut POST /dubbo POST /index/getSigname POST /index/saveEvaluation POST /index/setAudioRecord POST /index/setDiaryFeel POST /index/setSigname POST /index/share POST /login/loginWithEmail POST /login/loginWithUnion POST /login/refreshToken POST /login/registerAccount POST /login/resetPwd POST /login/setForgetPwdMail POST /login/updateAccount POST /login/updatePwd POST /pay/appleNotification POST /pay/applePayCheck POST /pay/googleNotification POST /pay/googlePayCheck POST /pay/samsungGetSubscriptionStatus POST /pay/samsungNotification POST /pay/samsungPayCheck POST /paypal/ipn/back POST /uploadFile POST /znTest/testQ
Found on 2026-01-09 07:03
-
-
Open service 163.181.254.192:443 · api.calm-zen.com
2026-01-09 07:03
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Fri, 09 Jan 2026 07:03:26 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[311,310,200-0,M], ens-cache13.l2de4[311,0], ens-cache13.de10[317,317,200-0,M], ens-cache2.de10[320,0] Ali-Swift-Global-Savetime: 1767942206 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Fri, 09 Jan 2026 07:03:26 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fe9617679422062512311e {"code":401,"message":"认证失败,请重新登录"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 163.181.254.195:80 · api.calm-zen.com
2026-01-09 00:35
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Content-Length: 55 Connection: close Date: Fri, 09 Jan 2026 00:35:14 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[360,360,200-0,M], ens-cache10.l2de4[361,0], ens-cache13.de10[365,365,200-0,M], ens-cache3.de10[368,0] Ali-Swift-Global-Savetime: 1767918914 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Fri, 09 Jan 2026 00:35:14 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fe9717679189144998187e {"code":401,"message":"认证失败,请重新登录"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 163.181.254.192:443 · api.calm-zen.com
2026-01-02 08:06
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Fri, 02 Jan 2026 08:07:03 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[299,298,200-0,M], ens-cache25.l2de4[299,0], ens-cache13.de10[304,2471,200-0,C], ens-cache14.de10[2474,0] Ali-Swift-Global-Savetime: 1767341223 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Fri, 02 Jan 2026 08:07:03 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fea217673412207218316e {"code":401,"message":"认证失败,请重新登录"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 163.181.254.192:443 · api.calm-zen.com
2025-12-22 13:07
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Content-Length: 55 Connection: close Date: Mon, 22 Dec 2025 13:07:03 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[304,303,200-0,M], ens-cache24.l2de4[305,0], ens-cache13.de10[310,309,200-0,M], ens-cache1.de10[312,0] Ali-Swift-Global-Savetime: 1766408823 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Mon, 22 Dec 2025 13:07:03 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fe9517664088230994244e {"code":401,"message":"认证失败,请重新登录"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 163.181.254.195:80 · api.calm-zen.com
2025-12-22 06:59
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Mon, 22 Dec 2025 06:59:24 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[152,151,200-0,M], ens-cache8.l2de4[153,0], ens-cache13.de10[158,158,200-0,M], ens-cache19.de10[165,0] Ali-Swift-Global-Savetime: 1766386764 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Mon, 22 Dec 2025 06:59:24 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fea717663867641142761e {"code":401,"message":"认证失败,请重新登录"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 163.181.254.192:443 · api.calm-zen.com
2025-12-20 15:27
HTTP/1.1 200 OK Server: Tengine Content-Type: application/json;charset=UTF-8 Content-Length: 55 Connection: close Date: Sat, 20 Dec 2025 15:27:46 GMT Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: ens-cache25.l2de4[303,302,200-0,M], ens-cache12.l2de4[304,0], ens-cache13.de10[311,1045,200-0,C], ens-cache13.de10[1052,0] Ali-Swift-Global-Savetime: 1766244466 X-Cache: MISS TCP_MISS dirn:-2:-2 X-Swift-SaveTime: Sat, 20 Dec 2025 15:27:46 GMT X-Swift-CacheTime: 0 Timing-Allow-Origin: * EagleId: a3b5fea117662444656168191e {"code":401,"message":"认证失败,请重新登录"}Found 2025-12-20 by HttpPluginCreate report