Domain api.istarkid.com
China
CHINA UNICOM China169 Backbone
Software information
nginx
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-24 02:13
Last seen 2026-02-09 03:40
Open for 47 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331eca3bf58b984d22c6c4b831f2288812379cd5f86c5Public Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /api/starkid/common/getLevelLiveAddress GET /api/starkid/common/getWordLiveAddress GET /api/starkid/open/class GET /api/starkid/open/installSellInfo GET /api/starkid/open/modifyUnlock GET /api/starkid/star/alipayNotifyStar GET /refresh/data/refreshOrder POST /api/apple/createApplePayOrder POST /api/apple/proof POST /api/parents/collection POST /api/parents/mySongs POST /api/parents/studySituation POST /api/parents/wrongs POST /api/starkid/bindMobile POST /api/starkid/bindMobileByTrd POST /api/starkid/bindOrUnbindAccount POST /api/starkid/cancellation POST /api/starkid/certificate/checkCertificate POST /api/starkid/certificate/convertCourse POST /api/starkid/certificate/getHistoryConvert POST /api/starkid/codeLogin POST /api/starkid/common/getAppShare POST /api/starkid/common/getBuyClassConfig POST /api/starkid/common/getCOSCredentials POST /api/starkid/common/getCommonParameter POST /api/starkid/common/getValidateCode POST /api/starkid/common/getVersionInfo POST /api/starkid/common/getVideo POST /api/starkid/common/uploadImg POST /api/starkid/common/uploadVideo POST /api/starkid/common/uploadVoice POST /api/starkid/correctionClass/getCOSCredentials POST /api/starkid/correctionClass/getCorrectionClass POST /api/starkid/correctionClass/getUserCorrectionClassLog POST /api/starkid/correctionClass/saveCorrectionClass POST /api/starkid/cos/getResourceUrl POST /api/starkid/deleteMessage POST /api/starkid/duiaLogin POST /api/starkid/exit POST /api/starkid/experienceClass/eClassPunchShare POST /api/starkid/experienceClass/getAllUnit POST /api/starkid/experienceClass/getAllUnitV2 POST /api/starkid/experienceClass/submitExperienceClassTime POST /api/starkid/follower/delete POST /api/starkid/follower/getList POST /api/starkid/follower/passOrNoPass POST /api/starkid/follower/setRelation POST /api/starkid/getCoupons POST /api/starkid/getMessage POST /api/starkid/getShareInfo POST /api/starkid/getSystemMessages POST /api/starkid/getUnreadMessagesCount POST /api/starkid/getUserInfo POST /api/starkid/isCancellation POST /api/starkid/level/baseInfo POST /api/starkid/level/getAnimation POST /api/starkid/level/getCOSCredentials POST /api/starkid/level/getChildrenSong POST /api/starkid/level/getPlay POST /api/starkid/level/getStudyReport POST /api/starkid/level/getStudyTime POST /api/starkid/level/getTeacherWechat POST /api/starkid/level/getUnitBylevel POST /api/starkid/level/getUserSell POST /api/starkid/level/parentClass POST /api/starkid/level/play/answer POST /api/starkid/level/saveAttendance POST /api/starkid/level/saveCollection POST /api/starkid/level/savePlayTime POST /api/starkid/level/saveUnitSong POST /api/starkid/level/saveUserUnitAnimation POST /api/starkid/level/studyTime POST /api/starkid/level/submitUnitSong POST /api/starkid/levelCartoonbooks/getCartoonbooksByLevel POST /api/starkid/levelCartoonbooks/getCartoonbooksInfo POST /api/starkid/login POST /api/starkid/naturalSpell/getCOSCredentials POST /api/starkid/naturalSpell/getCardCollectList POST /api/starkid/naturalSpell/getCardList POST /api/starkid/naturalSpell/getCommonResources POST /api/starkid/naturalSpell/getFormalLevel POST /api/starkid/naturalSpell/getGalaxy POST /api/starkid/naturalSpell/getLevelInfo POST /api/starkid/naturalSpell/getPronunciation POST /api/starkid/naturalSpell/getResource POST /api/starkid/naturalSpell/getStarInfo POST /api/starkid/naturalSpell/getStarInternalInfo POST /api/starkid/naturalSpell/putCardInfo POST /api/starkid/naturalSpell/putLevelCardInfo POST /api/starkid/naturalSpell/submitStudyInfo POST /api/starkid/oral/clearOral POST /api/starkid/oral/clearVideo POST /api/starkid/oral/getFreeAnimation POST /api/starkid/oral/getOralList POST /api/starkid/oral/getTalkListById POST /api/starkid/oral/getVideoList POST /api/starkid/order/balancePay POST /api/starkid/order/createOrder POST /api/starkid/order/getAddress POST /api/starkid/order/getAddressInfo POST /api/starkid/order/getCoupons POST /api/starkid/order/getHotProducts POST /api/starkid/order/getLevelInfo POST /api/starkid/order/getOrderDetail POST /api/starkid/order/getProducts POST /api/starkid/order/getProductsV2 POST /api/starkid/order/getStarCoinList POST /api/starkid/order/getUserInfo POST /api/starkid/order/myOrders POST /api/starkid/order/prepareOrder POST /api/starkid/order/saveAddress POST /api/starkid/order/starNotePay POST /api/starkid/order/weixinPay POST /api/starkid/order/weixinPaySuccess POST /api/starkid/order/zhifubaoPay POST /api/starkid/order/zhifubaoPaySuccess POST /api/starkid/partner/commissionDetails POST /api/starkid/partner/contactService POST /api/starkid/partner/getHistorySales POST /api/starkid/partner/getPartnerInfo POST /api/starkid/partner/getQrCode POST /api/starkid/partner/partnerCondition POST /api/starkid/partner/partnerRegistered POST /api/starkid/partner/signContract POST /api/starkid/partner/updateStatus POST /api/starkid/partner/withdraw POST /api/starkid/partner/withdrawInfo POST /api/starkid/register POST /api/starkid/singSong/clearSingSong POST /api/starkid/singSong/getRandomSongs POST /api/starkid/singSong/getSongDetail POST /api/starkid/singSong/getSongs POST /api/starkid/singSong/saveSingSongUrl POST /api/starkid/singSong/submitSingSong POST /api/starkid/star/getStarProductDetail POST /api/starkid/star/getStarProducts POST /api/starkid/star/prepareStarOrder POST /api/starkid/star/starAndWechatPay POST /api/starkid/star/starOrderQuery POST /api/starkid/star/starPay POST /api/starkid/star/starUserLog POST /api/starkid/star/zhifubaoStarPay POST /api/starkid/star/zhifubaoStarPaySuccess POST /api/starkid/thirdlogin POST /api/starkid/unitPlay/v2/getCOSCredentials POST /api/starkid/unitPlay/v2/getDubbingInfo POST /api/starkid/unitPlay/v2/getPlayOpenTreasureChest POST /api/starkid/unitPlay/v2/getUnitPlay POST /api/starkid/unitPlay/v2/getUnitPlayDubbing POST /api/starkid/unitPlay/v2/getUnitPlayOpenTreasureChest POST /api/starkid/unitPlay/v2/getUnitTreasureChest POST /api/starkid/unitPlay/v2/saveRecordVideo POST /api/starkid/unitPlay/v2/saveUnitTreasureChest POST /api/starkid/updateBaby POST /api/starkid/updatePassword POST /api/starkid/verifyMobile POST /api/starkid/verifyMobileByCancellation POST /api/starkid/web/duiaLogin POST /api/starkid/web/loginByMsgCode POST /api/starkid/web/loginByPassword POST /api/starkid/web/register POST /api/starkid/web/wechatPay POST /api/starkid/wordCard/findWordCardListBylevel POST /api/starkid/wordCard/getWordCardConfigByCardId POST /api/starkid_v2/bindMobileByTrd POST /api/starkid_v2/codeLogin POST /api/starkid_v2/duiaLogin POST /api/starkid_v2/getDeviceInfo POST /api/starkid_v2/getUserInfo POST /api/starkid_v2/level/getAnimation POST /api/starkid_v2/level/getUnits POST /api/starkid_v2/level/punchShare POST /api/starkid_v2/level/submitOpenNum POST /api/starkid_v2/login POST /api/starkid_v2/register POST /api/starkid_v2/thirdlogin POST /handPuppets/getHandPuppets POST /handPuppets/getHandPuppetsList POST /handPuppets/getHandPuppetsSeries POST /handPuppets/saveHandPuppetsPlayTime POST /iosMainCourse/getAnimation POST /iosMainCourse/getChildrenSong POST /iosMainCourse/getDubbingInfo POST /iosMainCourse/getUnitPlay POST /iosMainCourse/getUnitPlayDubbing POST /iosMainCourse/getUnitTreasureChest POST /iosMainCourse/parentClass POST /parentChildGame/getParentChildGameList POST /parentChildGame/getParentChildGameVideo POST /parentChildGame/saveParentChildGamePlayTime
Found on 2026-02-09 03:40
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-24 02:13
Last seen 2026-02-09 15:13
Open for 47 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331eca3bf58b984d22c6c4b831f2288812379cd5f86c5Public Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /api/starkid/common/getLevelLiveAddress GET /api/starkid/common/getWordLiveAddress GET /api/starkid/open/class GET /api/starkid/open/installSellInfo GET /api/starkid/open/modifyUnlock GET /api/starkid/star/alipayNotifyStar GET /refresh/data/refreshOrder POST /api/apple/createApplePayOrder POST /api/apple/proof POST /api/parents/collection POST /api/parents/mySongs POST /api/parents/studySituation POST /api/parents/wrongs POST /api/starkid/bindMobile POST /api/starkid/bindMobileByTrd POST /api/starkid/bindOrUnbindAccount POST /api/starkid/cancellation POST /api/starkid/certificate/checkCertificate POST /api/starkid/certificate/convertCourse POST /api/starkid/certificate/getHistoryConvert POST /api/starkid/codeLogin POST /api/starkid/common/getAppShare POST /api/starkid/common/getBuyClassConfig POST /api/starkid/common/getCOSCredentials POST /api/starkid/common/getCommonParameter POST /api/starkid/common/getValidateCode POST /api/starkid/common/getVersionInfo POST /api/starkid/common/getVideo POST /api/starkid/common/uploadImg POST /api/starkid/common/uploadVideo POST /api/starkid/common/uploadVoice POST /api/starkid/correctionClass/getCOSCredentials POST /api/starkid/correctionClass/getCorrectionClass POST /api/starkid/correctionClass/getUserCorrectionClassLog POST /api/starkid/correctionClass/saveCorrectionClass POST /api/starkid/cos/getResourceUrl POST /api/starkid/deleteMessage POST /api/starkid/duiaLogin POST /api/starkid/exit POST /api/starkid/experienceClass/eClassPunchShare POST /api/starkid/experienceClass/getAllUnit POST /api/starkid/experienceClass/getAllUnitV2 POST /api/starkid/experienceClass/submitExperienceClassTime POST /api/starkid/follower/delete POST /api/starkid/follower/getList POST /api/starkid/follower/passOrNoPass POST /api/starkid/follower/setRelation POST /api/starkid/getCoupons POST /api/starkid/getMessage POST /api/starkid/getShareInfo POST /api/starkid/getSystemMessages POST /api/starkid/getUnreadMessagesCount POST /api/starkid/getUserInfo POST /api/starkid/isCancellation POST /api/starkid/level/baseInfo POST /api/starkid/level/getAnimation POST /api/starkid/level/getCOSCredentials POST /api/starkid/level/getChildrenSong POST /api/starkid/level/getPlay POST /api/starkid/level/getStudyReport POST /api/starkid/level/getStudyTime POST /api/starkid/level/getTeacherWechat POST /api/starkid/level/getUnitBylevel POST /api/starkid/level/getUserSell POST /api/starkid/level/parentClass POST /api/starkid/level/play/answer POST /api/starkid/level/saveAttendance POST /api/starkid/level/saveCollection POST /api/starkid/level/savePlayTime POST /api/starkid/level/saveUnitSong POST /api/starkid/level/saveUserUnitAnimation POST /api/starkid/level/studyTime POST /api/starkid/level/submitUnitSong POST /api/starkid/levelCartoonbooks/getCartoonbooksByLevel POST /api/starkid/levelCartoonbooks/getCartoonbooksInfo POST /api/starkid/login POST /api/starkid/naturalSpell/getCOSCredentials POST /api/starkid/naturalSpell/getCardCollectList POST /api/starkid/naturalSpell/getCardList POST /api/starkid/naturalSpell/getCommonResources POST /api/starkid/naturalSpell/getFormalLevel POST /api/starkid/naturalSpell/getGalaxy POST /api/starkid/naturalSpell/getLevelInfo POST /api/starkid/naturalSpell/getPronunciation POST /api/starkid/naturalSpell/getResource POST /api/starkid/naturalSpell/getStarInfo POST /api/starkid/naturalSpell/getStarInternalInfo POST /api/starkid/naturalSpell/putCardInfo POST /api/starkid/naturalSpell/putLevelCardInfo POST /api/starkid/naturalSpell/submitStudyInfo POST /api/starkid/oral/clearOral POST /api/starkid/oral/clearVideo POST /api/starkid/oral/getFreeAnimation POST /api/starkid/oral/getOralList POST /api/starkid/oral/getTalkListById POST /api/starkid/oral/getVideoList POST /api/starkid/order/balancePay POST /api/starkid/order/createOrder POST /api/starkid/order/getAddress POST /api/starkid/order/getAddressInfo POST /api/starkid/order/getCoupons POST /api/starkid/order/getHotProducts POST /api/starkid/order/getLevelInfo POST /api/starkid/order/getOrderDetail POST /api/starkid/order/getProducts POST /api/starkid/order/getProductsV2 POST /api/starkid/order/getStarCoinList POST /api/starkid/order/getUserInfo POST /api/starkid/order/myOrders POST /api/starkid/order/prepareOrder POST /api/starkid/order/saveAddress POST /api/starkid/order/starNotePay POST /api/starkid/order/weixinPay POST /api/starkid/order/weixinPaySuccess POST /api/starkid/order/zhifubaoPay POST /api/starkid/order/zhifubaoPaySuccess POST /api/starkid/partner/commissionDetails POST /api/starkid/partner/contactService POST /api/starkid/partner/getHistorySales POST /api/starkid/partner/getPartnerInfo POST /api/starkid/partner/getQrCode POST /api/starkid/partner/partnerCondition POST /api/starkid/partner/partnerRegistered POST /api/starkid/partner/signContract POST /api/starkid/partner/updateStatus POST /api/starkid/partner/withdraw POST /api/starkid/partner/withdrawInfo POST /api/starkid/register POST /api/starkid/singSong/clearSingSong POST /api/starkid/singSong/getRandomSongs POST /api/starkid/singSong/getSongDetail POST /api/starkid/singSong/getSongs POST /api/starkid/singSong/saveSingSongUrl POST /api/starkid/singSong/submitSingSong POST /api/starkid/star/getStarProductDetail POST /api/starkid/star/getStarProducts POST /api/starkid/star/prepareStarOrder POST /api/starkid/star/starAndWechatPay POST /api/starkid/star/starOrderQuery POST /api/starkid/star/starPay POST /api/starkid/star/starUserLog POST /api/starkid/star/zhifubaoStarPay POST /api/starkid/star/zhifubaoStarPaySuccess POST /api/starkid/thirdlogin POST /api/starkid/unitPlay/v2/getCOSCredentials POST /api/starkid/unitPlay/v2/getDubbingInfo POST /api/starkid/unitPlay/v2/getPlayOpenTreasureChest POST /api/starkid/unitPlay/v2/getUnitPlay POST /api/starkid/unitPlay/v2/getUnitPlayDubbing POST /api/starkid/unitPlay/v2/getUnitPlayOpenTreasureChest POST /api/starkid/unitPlay/v2/getUnitTreasureChest POST /api/starkid/unitPlay/v2/saveRecordVideo POST /api/starkid/unitPlay/v2/saveUnitTreasureChest POST /api/starkid/updateBaby POST /api/starkid/updatePassword POST /api/starkid/verifyMobile POST /api/starkid/verifyMobileByCancellation POST /api/starkid/web/duiaLogin POST /api/starkid/web/loginByMsgCode POST /api/starkid/web/loginByPassword POST /api/starkid/web/register POST /api/starkid/web/wechatPay POST /api/starkid/wordCard/findWordCardListBylevel POST /api/starkid/wordCard/getWordCardConfigByCardId POST /api/starkid_v2/bindMobileByTrd POST /api/starkid_v2/codeLogin POST /api/starkid_v2/duiaLogin POST /api/starkid_v2/getDeviceInfo POST /api/starkid_v2/getUserInfo POST /api/starkid_v2/level/getAnimation POST /api/starkid_v2/level/getUnits POST /api/starkid_v2/level/punchShare POST /api/starkid_v2/level/submitOpenNum POST /api/starkid_v2/login POST /api/starkid_v2/register POST /api/starkid_v2/thirdlogin POST /handPuppets/getHandPuppets POST /handPuppets/getHandPuppetsList POST /handPuppets/getHandPuppetsSeries POST /handPuppets/saveHandPuppetsPlayTime POST /iosMainCourse/getAnimation POST /iosMainCourse/getChildrenSong POST /iosMainCourse/getDubbingInfo POST /iosMainCourse/getUnitPlay POST /iosMainCourse/getUnitPlayDubbing POST /iosMainCourse/getUnitTreasureChest POST /iosMainCourse/parentClass POST /parentChildGame/getParentChildGameList POST /parentChildGame/getParentChildGameVideo POST /parentChildGame/saveParentChildGamePlayTime
Found on 2026-02-09 15:13
-
-
Open service 122.188.44.139:80 · api.istarkid.com
2026-01-23 09:10
HTTP/1.1 200 OK Server: nginx Date: Thu, 22 Jan 2026 05:58:02 GMT Content-Type: application/json;charset=UTF-8 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: * Access-Control-Allow-Headers: tokenId, content-type, phone, accept, x-requested-with,token,signature,requestTime,appVersion,clientType Access-Control-Allow-Origin: * Access-Control-Request-Method: POST Content-Length: 49 Accept-Ranges: bytes X-NWS-LOG-UUID: 17043222672591705623 Connection: close X-Cache-Lookup: Cache Hit {"data":{},"msg":"接口不存在","msgCode":999}Found 2026-01-23 by HttpPluginCreate report
-
Open service 122.188.44.139:443 · api.istarkid.com
2026-01-22 23:23
HTTP/1.1 200 OK Server: nginx Date: Thu, 22 Jan 2026 05:58:02 GMT Content-Type: application/json;charset=UTF-8 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: * Access-Control-Allow-Headers: tokenId, content-type, phone, accept, x-requested-with,token,signature,requestTime,appVersion,clientType Access-Control-Allow-Origin: * Access-Control-Request-Method: POST Content-Length: 49 Accept-Ranges: bytes X-NWS-LOG-UUID: 2019695998226251438 Connection: close X-Cache-Lookup: Cache Hit {"data":{},"msg":"接口不存在","msgCode":999}Found 2026-01-22 by HttpPluginCreate report
-
Open service 122.188.44.139:80 · api.istarkid.com
2026-01-10 01:11
HTTP/1.1 200 OK Server: nginx Date: Thu, 18 Dec 2025 08:57:18 GMT Content-Type: application/json;charset=UTF-8 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: * Access-Control-Allow-Headers: tokenId, content-type, phone, accept, x-requested-with,token,signature,requestTime,appVersion,clientType Access-Control-Allow-Origin: * Access-Control-Request-Method: POST Content-Length: 49 Accept-Ranges: bytes X-NWS-LOG-UUID: 15703891031543276806 Connection: close X-Cache-Lookup: Cache Hit {"data":{},"msg":"接口不存在","msgCode":999}Found 2026-01-10 by HttpPluginCreate report
*.istarkid.com*.api.istarkid.comistarkid.com
CN:
*.istarkid.com
Not before:
2025-12-24 00:00
Not after:
2027-01-05 23:59