Domain api.hanfcn.com
Germany
Software information
Tengine
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-25 15:18
Last seen 2025-11-14 20:44
Open for 20 days-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf79e6f8c2eb3c5c9acc51dd2b15489ba218d05e454Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: GET /callback/callbackBeforeAddFriendCommand GET /callback/callbackBeforeSendGroupMsgCommand GET /callback/callbackBeforeSendSingleMsgCommand GET /imUserGroupRemarke/editImUserGroupRemarke GET /imUserGroupRemarke/getList GET /v4/auth/imRedInfo/getRedPackageReceiveInfo GET /v4/auth/imRedInfo/receiveRedPackage GET /v4/auth/imRedInfo/receiveRedPackageBefor GET /v4/auth/imUser/checkBlanks GET /v4/auth/imUser/checkIsFriend GET /v4/auth/imUser/countUserRedPackage GET /v4/auth/imUser/getByIdNew GET /v4/auth/imUser/getInventCount GET /v4/auth/imUser/huazhuan GET /v4/auth/imUser/sendTimerMsg GET /v4/auth/imUser/shandui GET /v4/auth/imUser/updateUserJF GET /v4/auth/imUserBank/delete GET /v4/auth/imUserBank/getList GET /v4/auth/imUserCollection/delete GET /v4/auth/imUserCollection/findByPage GET /v4/auth/imUserMoneyPackage/delete GET /v4/auth/imUserMoneyPackage/list GET /v4/auth/imUserPyq/delete GET /v4/auth/imUserPyq/findById GET /v4/auth/imUserPyq/findByPage GET /v4/auth/imUserPyq/pyqBgImage GET /v4/auth/imUserPyq/zan GET /v4/auth/kinfo/list GET /v4/auth/kinfo/pay GET /v4/auth/rongy/queryRTC GET /v4/auth/rongy/tRTC GET /v4/auth/sysConfig/getKeFu GET /v4/auth/sysConfig/getOne GET /v4/auth/sysContentOption/getContentList GET /v4/auth/sysContentOption/getContentOne GET /v4/auth/sysRuxiZixun/list GET /v4/auth/userAccountTradeRecord/recordList GET /v4/common/getMyInfo GET /v4/common/getMyVip GET /v4/common/getVipList GET /v4/common/sendSms POST /v4/auth/imRedInfo/sendRedPackage POST /v4/auth/imUser/getById POST /v4/auth/imUser/login POST /v4/auth/imUser/reg POST /v4/auth/imUser/updateUser POST /v4/auth/imUserBank/save POST /v4/auth/imUserCollection/save POST /v4/auth/imUserMoneyPackage/add POST /v4/auth/imUserPyq/add POST /v4/auth/imUserPyq/comment POST /v4/auth/imUserTixian/tixian POST /v4/auth/rongy/createGroup POST /v4/auth/rongy/dismissGroup POST /v4/auth/rongy/joinGroup POST /v4/auth/rongy/tGroup POST /v4/common/cancelOrder POST /v4/common/orderCheck POST /v4/common/t POST /v4/common/upload
Found on 2025-11-14 20:44 -
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec33f7be0586afd91188bf1828e916a44c7ac711ffPublic Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /callback/callbackBeforeAddFriendCommand GET /callback/callbackBeforeSendGroupMsgCommand GET /callback/callbackBeforeSendSingleMsgCommand GET /imUserGroupRemarke/editImUserGroupRemarke GET /imUserGroupRemarke/getList GET /v4/auth/imRedInfo/getRedPackageReceiveInfo GET /v4/auth/imRedInfo/receiveRedPackage GET /v4/auth/imRedInfo/receiveRedPackageBefor GET /v4/auth/imUser/checkBlanks GET /v4/auth/imUser/checkIsFriend GET /v4/auth/imUser/countUserRedPackage GET /v4/auth/imUser/getByIdNew GET /v4/auth/imUser/getInventCount GET /v4/auth/imUser/huazhuan GET /v4/auth/imUser/sendTimerMsg GET /v4/auth/imUser/shandui GET /v4/auth/imUser/updateUserJF GET /v4/auth/imUserBank/delete GET /v4/auth/imUserBank/getList GET /v4/auth/imUserCollection/delete GET /v4/auth/imUserCollection/findByPage GET /v4/auth/imUserMoneyPackage/delete GET /v4/auth/imUserMoneyPackage/list GET /v4/auth/imUserPyq/delete GET /v4/auth/imUserPyq/findById GET /v4/auth/imUserPyq/findByPage GET /v4/auth/imUserPyq/pyqBgImage GET /v4/auth/imUserPyq/zan GET /v4/auth/kinfo/list GET /v4/auth/kinfo/pay GET /v4/auth/rongy/queryRTC GET /v4/auth/rongy/tRTC GET /v4/auth/sysConfig/getKeFu GET /v4/auth/sysConfig/getOne GET /v4/auth/sysContentOption/getContentList GET /v4/auth/sysContentOption/getContentOne GET /v4/auth/sysRuxiZixun/list GET /v4/auth/userAccountTradeRecord/recordList GET /v4/common/getMyInfo GET /v4/common/getMyVip GET /v4/common/getVipList GET /v4/common/sendSms POST /v4/auth/imRedInfo/sendRedPackage POST /v4/auth/imUser/getById POST /v4/auth/imUser/login POST /v4/auth/imUser/reg POST /v4/auth/imUser/updateUser POST /v4/auth/imUserBank/save POST /v4/auth/imUserCollection/save POST /v4/auth/imUserMoneyPackage/add POST /v4/auth/imUserPyq/add POST /v4/auth/imUserPyq/comment POST /v4/auth/imUserTixian/tixian POST /v4/auth/rongy/createGroup POST /v4/auth/rongy/dismissGroup POST /v4/auth/rongy/joinGroup POST /v4/auth/rongy/tGroup POST /v4/common/cancelOrder POST /v4/common/orderCheck POST /v4/common/t POST /v4/common/upload
Found on 2025-11-03 12:32
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-25 15:18
Last seen 2025-11-14 10:07
Open for 19 days-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf79e6f8c2eb3c5c9acc51dd2b15489ba218d05e454Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: GET /callback/callbackBeforeAddFriendCommand GET /callback/callbackBeforeSendGroupMsgCommand GET /callback/callbackBeforeSendSingleMsgCommand GET /imUserGroupRemarke/editImUserGroupRemarke GET /imUserGroupRemarke/getList GET /v4/auth/imRedInfo/getRedPackageReceiveInfo GET /v4/auth/imRedInfo/receiveRedPackage GET /v4/auth/imRedInfo/receiveRedPackageBefor GET /v4/auth/imUser/checkBlanks GET /v4/auth/imUser/checkIsFriend GET /v4/auth/imUser/countUserRedPackage GET /v4/auth/imUser/getByIdNew GET /v4/auth/imUser/getInventCount GET /v4/auth/imUser/huazhuan GET /v4/auth/imUser/sendTimerMsg GET /v4/auth/imUser/shandui GET /v4/auth/imUser/updateUserJF GET /v4/auth/imUserBank/delete GET /v4/auth/imUserBank/getList GET /v4/auth/imUserCollection/delete GET /v4/auth/imUserCollection/findByPage GET /v4/auth/imUserMoneyPackage/delete GET /v4/auth/imUserMoneyPackage/list GET /v4/auth/imUserPyq/delete GET /v4/auth/imUserPyq/findById GET /v4/auth/imUserPyq/findByPage GET /v4/auth/imUserPyq/pyqBgImage GET /v4/auth/imUserPyq/zan GET /v4/auth/kinfo/list GET /v4/auth/kinfo/pay GET /v4/auth/rongy/queryRTC GET /v4/auth/rongy/tRTC GET /v4/auth/sysConfig/getKeFu GET /v4/auth/sysConfig/getOne GET /v4/auth/sysContentOption/getContentList GET /v4/auth/sysContentOption/getContentOne GET /v4/auth/sysRuxiZixun/list GET /v4/auth/userAccountTradeRecord/recordList GET /v4/common/getMyInfo GET /v4/common/getMyVip GET /v4/common/getVipList GET /v4/common/sendSms POST /v4/auth/imRedInfo/sendRedPackage POST /v4/auth/imUser/getById POST /v4/auth/imUser/login POST /v4/auth/imUser/reg POST /v4/auth/imUser/updateUser POST /v4/auth/imUserBank/save POST /v4/auth/imUserCollection/save POST /v4/auth/imUserMoneyPackage/add POST /v4/auth/imUserPyq/add POST /v4/auth/imUserPyq/comment POST /v4/auth/imUserTixian/tixian POST /v4/auth/rongy/createGroup POST /v4/auth/rongy/dismissGroup POST /v4/auth/rongy/joinGroup POST /v4/auth/rongy/tGroup POST /v4/common/cancelOrder POST /v4/common/orderCheck POST /v4/common/t POST /v4/common/upload
Found on 2025-11-14 10:07
-
-
Open service 155.102.51.1:443 · api.hanfcn.com
2026-01-09 00:11
HTTP/1.1 400 Bad Request Server: Tengine Date: Fri, 09 Jan 2026 00:11:38 GMT Content-Type: text/html Content-Length: 263 Connection: close Via: ens-cache8.de7[,0] EagleId: 0000000017679174986354406e Page title: 400 The plain HTTP request was sent to HTTPS port <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <h1>400 Bad Request</h1> <p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body> </html>
Found 2026-01-09 by HttpPluginCreate report
-
Open service 155.102.51.7:80 · api.hanfcn.com
2026-01-08 20:14
HTTP/1.1 403 Forbidden Server: Tengine Date: Thu, 08 Jan 2026 20:14:55 GMT Content-Type: text/html Content-Length: 238 Connection: close X-Tengine-Error: non-existent domain Via: ens-cache1.de7[,0] Timing-Allow-Origin: * EagleId: a3b5839517679032951744507e Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body> </html>
Found 2026-01-08 by HttpPluginCreate report
-
Open service 155.102.51.1:443 · api.hanfcn.com
2026-01-02 00:00
HTTP/1.1 400 Bad Request Server: Tengine Date: Fri, 02 Jan 2026 00:00:01 GMT Content-Type: text/html Content-Length: 263 Connection: close Via: ens-cache2.de7[,0] EagleId: 0000000017673120017202035e Page title: 400 The plain HTTP request was sent to HTTPS port <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <h1>400 Bad Request</h1> <p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body> </html>
Found 2026-01-02 by HttpPluginCreate report
-
Open service 155.102.51.7:80 · api.hanfcn.com
2026-01-01 20:42
HTTP/1.1 403 Forbidden Server: Tengine Date: Thu, 01 Jan 2026 20:42:44 GMT Content-Type: text/html Content-Length: 238 Connection: close X-Tengine-Error: non-existent domain Via: ens-cache8.de7[,0] Timing-Allow-Origin: * EagleId: a3b5839c17673001643041619e Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body> </html>
Found 2026-01-01 by HttpPluginCreate report
-
Open service 155.102.51.1:443 · api.hanfcn.com
2025-12-30 07:32
HTTP/1.1 400 Bad Request Server: Tengine Date: Tue, 30 Dec 2025 07:32:00 GMT Content-Type: text/html Content-Length: 263 Connection: close Via: ens-cache7.de7[,0] EagleId: 0000000017670799203608783e Page title: 400 The plain HTTP request was sent to HTTPS port <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <h1>400 Bad Request</h1> <p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body> </html>
Found 2025-12-30 by HttpPluginCreate report
-
Open service 155.102.51.7:80 · api.hanfcn.com
2025-12-30 04:58
HTTP/1.1 403 Forbidden Server: Tengine Date: Tue, 30 Dec 2025 04:58:33 GMT Content-Type: text/html Content-Length: 238 Connection: close X-Tengine-Error: non-existent domain Via: ens-cache7.de7[,0] Timing-Allow-Origin: * EagleId: a3b5839b17670707134202754e Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body> </html>
Found 2025-12-30 by HttpPluginCreate report
-
Open service 155.102.51.1:443 · api.hanfcn.com
2025-12-22 12:20
HTTP/1.1 400 Bad Request Server: Tengine Date: Mon, 22 Dec 2025 12:20:12 GMT Content-Type: text/html Content-Length: 263 Connection: close Via: ens-cache5.de7[,0] EagleId: 0000000017664060123614113e Page title: 400 The plain HTTP request was sent to HTTPS port <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <h1>400 Bad Request</h1> <p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body> </html>
Found 2025-12-22 by HttpPluginCreate report
-
Open service 155.102.51.7:80 · api.hanfcn.com
2025-12-22 05:52
HTTP/1.1 403 Forbidden Server: Tengine Date: Mon, 22 Dec 2025 05:52:47 GMT Content-Type: text/html Content-Length: 238 Connection: close X-Tengine-Error: non-existent domain Via: ens-cache1.de7[,0] Timing-Allow-Origin: * EagleId: a3b5839517663827677374716e Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body> </html>
Found 2025-12-22 by HttpPluginCreate report
-
Open service 155.102.51.1:443 · api.hanfcn.com
2025-12-20 12:36
HTTP/1.1 400 Bad Request Server: Tengine Date: Sat, 20 Dec 2025 12:36:07 GMT Content-Type: text/html Content-Length: 263 Connection: close Via: ens-cache4.de7[,0] EagleId: 0000000017662341677551264e Page title: 400 The plain HTTP request was sent to HTTPS port <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <h1>400 Bad Request</h1> <p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body> </html>
Found 2025-12-20 by HttpPluginCreate report
-
Open service 155.102.51.7:80 · api.hanfcn.com
2025-12-20 06:23
HTTP/1.1 403 Forbidden Server: Tengine Date: Sat, 20 Dec 2025 06:23:24 GMT Content-Type: text/html Content-Length: 238 Connection: close X-Tengine-Error: non-existent domain Via: ens-cache4.de7[,0] Timing-Allow-Origin: * EagleId: a3b5839817662118047971127e Page title: 403 Forbidden <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body> </html>
Found 2025-12-20 by HttpPluginCreate report