LeakIX - Host api.wuziya.com

Domain api.wuziya.com

Germany

Zhejiang Taobao Network Co.,Ltd

Software information

Tengine

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 155.102.51.7
Domain: api.wuziya.com
Port: 80
URL: http://api.wuziya.com

First seen 2025-10-27 04:06
Last seen 2025-12-01 11:51
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf79e6f8c2eb3c5c9acc51dd2b15489ba21d5fd4477

Public Swagger UI/API detected at path: /swagger-ui.html - sample paths:
GET /callback/callbackBeforeAddFriendCommand
GET /callback/callbackBeforeSendGroupMsgCommand
GET /callback/callbackBeforeSendSingleMsgCommand
GET /imUserGroupRemarke/editImUserGroupRemarke
GET /imUserGroupRemarke/getList
GET /v5/auth/imRedInfo/getRedPackageReceiveInfo
GET /v5/auth/imRedInfo/receiveRedPackage
GET /v5/auth/imRedInfo/receiveRedPackageBefor
GET /v5/auth/imUser/countUserRedPackage
GET /v5/auth/imUser/getByIdNew
GET /v5/auth/imUser/getInventCount
GET /v5/auth/imUser/getLastId
GET /v5/auth/imUser/huazhuan
GET /v5/auth/imUser/likeByNickName
GET /v5/auth/imUser/shandui
GET /v5/auth/imUser/updateUserJF
GET /v5/auth/imUserCollection/delete
GET /v5/auth/imUserCollection/findByPage
GET /v5/auth/imUserMoneyPackage/delete
GET /v5/auth/imUserMoneyPackage/list
GET /v5/auth/imUserPyq/delete
GET /v5/auth/imUserPyq/findById
GET /v5/auth/imUserPyq/findByPage
GET /v5/auth/imUserPyq/pyqBgImage
GET /v5/auth/imUserPyq/zan
GET /v5/auth/kinfo/list
GET /v5/auth/kinfo/pay
GET /v5/auth/rongy/queryRTC
GET /v5/auth/rongy/tRTC
GET /v5/auth/sysConfig/getKeFu
GET /v5/auth/sysConfig/getOne
GET /v5/auth/sysConfig/getUsdtKeFu
GET /v5/auth/sysContentOption/getContentList
GET /v5/auth/sysContentOption/getContentOne
GET /v5/auth/sysRuxiZixun/list
GET /v5/auth/userAccountTradeRecord/recordList
GET /v5/common/getMyInfo
GET /v5/common/getMyVip
GET /v5/common/getVipList
GET /v5/common/sendSms
POST /v5/auth/imRedInfo/sendRedPackage
POST /v5/auth/imUser/getById
POST /v5/auth/imUser/login
POST /v5/auth/imUser/reg
POST /v5/auth/imUser/updateUser
POST /v5/auth/imUserCollection/save
POST /v5/auth/imUserMoneyPackage/add
POST /v5/auth/imUserPyq/add
POST /v5/auth/imUserPyq/comment
POST /v5/auth/imUserTixian/tixian
POST /v5/auth/rongy/createGroup
POST /v5/auth/rongy/dismissGroup
POST /v5/auth/rongy/joinGroup
POST /v5/auth/rongy/tGroup
POST /v5/common/cancelOrder
POST /v5/common/orderCheck
POST /v5/common/t
POST /v5/common/upload

Found on 2025-12-01 11:51

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 155.102.51.1
Domain: api.wuziya.com
Port: 443
URL: https://api.wuziya.com

First seen 2025-10-27 04:06
Last seen 2025-12-01 17:05
Open for 35 days

Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf79e6f8c2eb3c5c9acc51dd2b15489ba21d5fd4477

Public Swagger UI/API detected at path: /swagger-ui.html - sample paths:
GET /callback/callbackBeforeAddFriendCommand
GET /callback/callbackBeforeSendGroupMsgCommand
GET /callback/callbackBeforeSendSingleMsgCommand
GET /imUserGroupRemarke/editImUserGroupRemarke
GET /imUserGroupRemarke/getList
GET /v5/auth/imRedInfo/getRedPackageReceiveInfo
GET /v5/auth/imRedInfo/receiveRedPackage
GET /v5/auth/imRedInfo/receiveRedPackageBefor
GET /v5/auth/imUser/countUserRedPackage
GET /v5/auth/imUser/getByIdNew
GET /v5/auth/imUser/getInventCount
GET /v5/auth/imUser/getLastId
GET /v5/auth/imUser/huazhuan
GET /v5/auth/imUser/likeByNickName
GET /v5/auth/imUser/shandui
GET /v5/auth/imUser/updateUserJF
GET /v5/auth/imUserCollection/delete
GET /v5/auth/imUserCollection/findByPage
GET /v5/auth/imUserMoneyPackage/delete
GET /v5/auth/imUserMoneyPackage/list
GET /v5/auth/imUserPyq/delete
GET /v5/auth/imUserPyq/findById
GET /v5/auth/imUserPyq/findByPage
GET /v5/auth/imUserPyq/pyqBgImage
GET /v5/auth/imUserPyq/zan
GET /v5/auth/kinfo/list
GET /v5/auth/kinfo/pay
GET /v5/auth/rongy/queryRTC
GET /v5/auth/rongy/tRTC
GET /v5/auth/sysConfig/getKeFu
GET /v5/auth/sysConfig/getOne
GET /v5/auth/sysConfig/getUsdtKeFu
GET /v5/auth/sysContentOption/getContentList
GET /v5/auth/sysContentOption/getContentOne
GET /v5/auth/sysRuxiZixun/list
GET /v5/auth/userAccountTradeRecord/recordList
GET /v5/common/getMyInfo
GET /v5/common/getMyVip
GET /v5/common/getVipList
GET /v5/common/sendSms
POST /v5/auth/imRedInfo/sendRedPackage
POST /v5/auth/imUser/getById
POST /v5/auth/imUser/login
POST /v5/auth/imUser/reg
POST /v5/auth/imUser/updateUser
POST /v5/auth/imUserCollection/save
POST /v5/auth/imUserMoneyPackage/add
POST /v5/auth/imUserPyq/add
POST /v5/auth/imUserPyq/comment
POST /v5/auth/imUserTixian/tixian
POST /v5/auth/rongy/createGroup
POST /v5/auth/rongy/dismissGroup
POST /v5/auth/rongy/joinGroup
POST /v5/auth/rongy/tGroup
POST /v5/common/cancelOrder
POST /v5/common/orderCheck
POST /v5/common/t
POST /v5/common/upload

Found on 2025-12-01 17:05

Create report

Open service 155.102.51.7:80 · api.wuziya.com

2026-01-08 22:29

HTTP/1.1 403 Forbidden
Server: Tengine
Date: Thu, 08 Jan 2026 22:29:55 GMT
Content-Type: text/html
Content-Length: 238
Connection: close
X-Tengine-Error: non-existent domain
Via: ens-cache5.de7[,0]
Timing-Allow-Origin: *
EagleId: a3b5839917679113957035970e

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body>
</html>

Found 2026-01-08 by HttpPlugin

Create report

Open service 155.102.51.1:443 · api.wuziya.com

2026-01-08 18:56

HTTP/1.1 400 Bad Request
Server: Tengine
Date: Thu, 08 Jan 2026 18:56:48 GMT
Content-Type: text/html
Content-Length: 263
Connection: close
Via: ens-cache1.de7[,0]
EagleId: 0000000017678986086361687e

Page title: 400 The plain HTTP request was sent to HTTPS port

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<h1>400 Bad Request</h1>
<p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body>
</html>

Found 2026-01-08 by HttpPlugin

Create report

Open service 155.102.51.7:80 · api.wuziya.com

2026-01-02 00:33

HTTP/1.1 403 Forbidden
Server: Tengine
Date: Fri, 02 Jan 2026 00:33:05 GMT
Content-Type: text/html
Content-Length: 238
Connection: close
X-Tengine-Error: non-existent domain
Via: ens-cache7.de7[,0]
Timing-Allow-Origin: *
EagleId: a3b5839b17673139856263316e

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 155.102.51.1:443 · api.wuziya.com

2026-01-01 19:27

HTTP/1.1 400 Bad Request
Server: Tengine
Date: Thu, 01 Jan 2026 19:27:32 GMT
Content-Type: text/html
Content-Length: 263
Connection: close
Via: ens-cache3.de7[,0]
EagleId: 0000000017672956524248912e

Page title: 400 The plain HTTP request was sent to HTTPS port

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<h1>400 Bad Request</h1>
<p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body>
</html>

Found 2026-01-01 by HttpPlugin

Create report

Open service 155.102.51.7:80 · api.wuziya.com

2025-12-30 08:10

HTTP/1.1 403 Forbidden
Server: Tengine
Date: Tue, 30 Dec 2025 08:10:58 GMT
Content-Type: text/html
Content-Length: 238
Connection: close
X-Tengine-Error: non-existent domain
Via: ens-cache1.de7[,0]
Timing-Allow-Origin: *
EagleId: a3b5839517670822582842420e

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 155.102.51.1:443 · api.wuziya.com

2025-12-30 03:59

HTTP/1.1 400 Bad Request
Server: Tengine
Date: Tue, 30 Dec 2025 03:59:58 GMT
Content-Type: text/html
Content-Length: 263
Connection: close
Via: ens-cache5.de7[,0]
EagleId: 0000000017670671982848719e

Page title: 400 The plain HTTP request was sent to HTTPS port

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<h1>400 Bad Request</h1>
<p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 155.102.51.7:80 · api.wuziya.com

2025-12-22 09:29

HTTP/1.1 403 Forbidden
Server: Tengine
Date: Mon, 22 Dec 2025 09:29:01 GMT
Content-Type: text/html
Content-Length: 238
Connection: close
X-Tengine-Error: non-existent domain
Via: ens-cache3.de7[,0]
Timing-Allow-Origin: *
EagleId: a3b5839717663957412723012e

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 155.102.51.1:443 · api.wuziya.com

2025-12-22 04:43

HTTP/1.1 400 Bad Request
Server: Tengine
Date: Mon, 22 Dec 2025 04:43:52 GMT
Content-Type: text/html
Content-Length: 263
Connection: close
Via: ens-cache2.de7[,0]
EagleId: 0000000017663786321251457e

Page title: 400 The plain HTTP request was sent to HTTPS port

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<h1>400 Bad Request</h1>
<p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 155.102.51.7:80 · api.wuziya.com

2025-12-20 10:14

HTTP/1.1 403 Forbidden
Server: Tengine
Date: Sat, 20 Dec 2025 10:14:55 GMT
Content-Type: text/html
Content-Length: 238
Connection: close
X-Tengine-Error: non-existent domain
Via: ens-cache5.de7[,0]
Timing-Allow-Origin: *
EagleId: a3b5839917662256950977009e

Page title: 403 Forbidden

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 155.102.51.1:443 · api.wuziya.com

2025-12-20 04:40

HTTP/1.1 400 Bad Request
Server: Tengine
Date: Sat, 20 Dec 2025 04:41:00 GMT
Content-Type: text/html
Content-Length: 263
Connection: close
Via: ens-cache2.de7[,0]
EagleId: 0000000017662056603054862e

Page title: 400 The plain HTTP request was sent to HTTPS port

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<h1>400 Bad Request</h1>
<p>The plain HTTP request was sent to HTTPS port.<hr/>Powered by Tengine</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Domain summary

api.wuziya.com 11

1 recorded

IP summary

155.102.51.7 1 155.102.51.1 1

2 recorded