Domain api.xzz99.com
Germany
Software information
marco 3.2
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-30 02:59-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf7b821b3af6031951de52e43cf8eac3cc16a81eb44Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: DELETE /api/v1/activationcode/{id} DELETE /api/v1/article/category/{id} DELETE /api/v1/feedback/{id} DELETE /api/v1/game/label/{id} DELETE /api/v1/game/package/{id} DELETE /api/v1/game/patches/{id} DELETE /api/v1/game/{id} DELETE /api/v1/navigation/{id} DELETE /api/v1/security/permission/clear DELETE /api/v1/security/role/{code} GET /api/open/article/comment/{id} GET /api/open/article/{id} GET /api/open/attachment/{id} GET /api/open/version/checkupdate GET /api/v1/article/collection/collected/{articleId} GET /api/v1/article/comment/{id} GET /api/v1/article/label/{id} GET /api/v1/article/praise/{id} GET /api/v1/article/{id} GET /api/v1/attachment/fbb/{relationId}/{belongsTo} GET /api/v1/attachment/{id} GET /api/v1/auth/refreshToken GET /api/v1/bible/item/get GET /api/v1/bible/item/queryByParentCode GET /api/v1/bible/item/{id} GET /api/v1/bible/queryByCode GET /api/v1/bible/{id} GET /api/v1/game/collection/collected/{gameId} GET /api/v1/i18n/{id} GET /api/v1/me GET /api/v1/navigation/me GET /api/v1/navigation/queryById GET /api/v1/navigation/queryByParentId GET /api/v1/navigation/queryByRoleId GET /api/v1/order/{orderNo} GET /api/v1/security/permission/queryAll GET /api/v1/security/permission/queryByGuid GET /api/v1/security/permission/queryByRole GET /api/v1/security/permission/queryByRoles GET /api/v1/security/permission/queryPage GET /api/v1/security/permission/tree GET /api/v1/security/role/queryByCode/{code} GET /api/v1/security/role/queryByGuid/{guid} GET /api/v1/security/role/queryById/{id} GET /api/v1/security/user/me GET /api/v1/security/user/{guid} GET /api/v1/userinfo/me GET /api/v1/userinfo/{guid} GET /api/v1/version/{id} POST /api/auth/login POST /api/captcha/send POST /api/captcha/verify POST /api/open/article/category/count POST /api/open/article/category/list POST /api/open/article/category/one POST /api/open/article/category/page POST /api/open/article/comment/list POST /api/open/article/comment/page POST /api/open/article/list POST /api/open/article/one POST /api/open/article/page POST /api/open/attachment/list POST /api/open/attachment/page POST /api/open/callback/unified/payment/alipay POST /api/open/callback/unified/payment/wechat POST /api/open/game/list POST /api/open/game/one POST /api/open/game/page POST /api/open/order/notify/paypal POST /api/open/version/one POST /api/user/password/forget POST /api/user/registration POST /api/user/registration/availablitity POST /api/user/registration/verifyReferral POST /api/v1/activationcode POST /api/v1/activationcode/count POST /api/v1/activationcode/list POST /api/v1/activationcode/one POST /api/v1/activationcode/page POST /api/v1/article POST /api/v1/article/category POST /api/v1/article/category/count POST /api/v1/article/category/list POST /api/v1/article/category/one POST /api/v1/article/category/page POST /api/v1/article/collection/count POST /api/v1/article/collection/list POST /api/v1/article/collection/page POST /api/v1/article/collection/{articleId} POST /api/v1/article/comment POST /api/v1/article/comment/count POST /api/v1/article/comment/list POST /api/v1/article/comment/me POST /api/v1/article/comment/page POST /api/v1/article/count POST /api/v1/article/label POST /api/v1/article/label/count POST /api/v1/article/label/list POST /api/v1/article/label/one POST /api/v1/article/label/page POST /api/v1/article/list POST /api/v1/article/one POST /api/v1/article/page POST /api/v1/article/praise/count POST /api/v1/article/praise/list POST /api/v1/article/praise/one POST /api/v1/article/praise/page POST /api/v1/article/praise/{articleId} POST /api/v1/article/set/labels POST /api/v1/attachment/create POST /api/v1/attachment/list POST /api/v1/attachment/page POST /api/v1/attachment/upload POST /api/v1/attachment/upload/{relationId}/{belongsTo} POST /api/v1/bible/create POST /api/v1/bible/item/create POST /api/v1/bible/item/queryList POST /api/v1/bible/item/queryPage POST /api/v1/bible/queryList POST /api/v1/bible/queryPage POST /api/v1/captcha/send POST /api/v1/email/list POST /api/v1/email/one POST /api/v1/email/page POST /api/v1/feedback POST /api/v1/feedback/count POST /api/v1/feedback/list POST /api/v1/feedback/one POST /api/v1/feedback/page POST /api/v1/game POST /api/v1/game/collection/count POST /api/v1/game/collection/list POST /api/v1/game/collection/page POST /api/v1/game/collection/{gameId} POST /api/v1/game/count POST /api/v1/game/download POST /api/v1/game/label POST /api/v1/game/label/count POST /api/v1/game/label/list POST /api/v1/game/label/one POST /api/v1/game/label/page POST /api/v1/game/list POST /api/v1/game/one POST /api/v1/game/package POST /api/v1/game/package/count POST /api/v1/game/package/list POST /api/v1/game/package/one POST /api/v1/game/package/page POST /api/v1/game/page POST /api/v1/game/patches POST /api/v1/game/patches/count POST /api/v1/game/patches/download POST /api/v1/game/patches/list POST /api/v1/game/patches/one POST /api/v1/game/patches/page POST /api/v1/game/setlabel POST /api/v1/i18n POST /api/v1/i18n/list POST /api/v1/i18n/page POST /api/v1/i18n/reload POST /api/v1/i18n/test/{i18nkey} POST /api/v1/mygame/count POST /api/v1/mygame/installed POST /api/v1/mygame/list POST /api/v1/mygame/one POST /api/v1/mygame/page POST /api/v1/navigation/create POST /api/v1/navigation/list POST /api/v1/navigation/page POST /api/v1/order POST /api/v1/order/activationcode POST /api/v1/order/list POST /api/v1/order/one POST /api/v1/order/page POST /api/v1/order/repair POST /api/v1/security/permission POST /api/v1/security/role/create POST /api/v1/security/role/grant/{code} POST /api/v1/security/role/queryPage POST /api/v1/security/user POST /api/v1/security/user/disabled/{guid} POST /api/v1/security/user/grant POST /api/v1/security/user/list POST /api/v1/security/user/locked/{guid} POST /api/v1/security/user/one POST /api/v1/security/user/page POST /api/v1/unified/payment/create POST /api/v1/user/password/captcha POST /api/v1/user/password/raw POST /api/v1/userinfo/list POST /api/v1/userinfo/page POST /api/v1/version POST /api/v1/version/count POST /api/v1/version/list POST /api/v1/version/one POST /api/v1/version/page PUT /api/v1/attachment/update PUT /api/v1/bible/item/update PUT /api/v1/bible/update PUT /api/v1/navigation/display PUT /api/v1/navigation/grant PUT /api/v1/navigation/update PUT /api/v1/security/role/updateFound on 2025-12-30 02:59
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-30 02:59-
Severity: info
Fingerprint: 5733ddf49ff49cd18553ecf7b821b3af6031951de52e43cf8eac3cc16a81eb44Public Swagger UI/API detected at path: /swagger-ui.html - sample paths: DELETE /api/v1/activationcode/{id} DELETE /api/v1/article/category/{id} DELETE /api/v1/feedback/{id} DELETE /api/v1/game/label/{id} DELETE /api/v1/game/package/{id} DELETE /api/v1/game/patches/{id} DELETE /api/v1/game/{id} DELETE /api/v1/navigation/{id} DELETE /api/v1/security/permission/clear DELETE /api/v1/security/role/{code} GET /api/open/article/comment/{id} GET /api/open/article/{id} GET /api/open/attachment/{id} GET /api/open/version/checkupdate GET /api/v1/article/collection/collected/{articleId} GET /api/v1/article/comment/{id} GET /api/v1/article/label/{id} GET /api/v1/article/praise/{id} GET /api/v1/article/{id} GET /api/v1/attachment/fbb/{relationId}/{belongsTo} GET /api/v1/attachment/{id} GET /api/v1/auth/refreshToken GET /api/v1/bible/item/get GET /api/v1/bible/item/queryByParentCode GET /api/v1/bible/item/{id} GET /api/v1/bible/queryByCode GET /api/v1/bible/{id} GET /api/v1/game/collection/collected/{gameId} GET /api/v1/i18n/{id} GET /api/v1/me GET /api/v1/navigation/me GET /api/v1/navigation/queryById GET /api/v1/navigation/queryByParentId GET /api/v1/navigation/queryByRoleId GET /api/v1/order/{orderNo} GET /api/v1/security/permission/queryAll GET /api/v1/security/permission/queryByGuid GET /api/v1/security/permission/queryByRole GET /api/v1/security/permission/queryByRoles GET /api/v1/security/permission/queryPage GET /api/v1/security/permission/tree GET /api/v1/security/role/queryByCode/{code} GET /api/v1/security/role/queryByGuid/{guid} GET /api/v1/security/role/queryById/{id} GET /api/v1/security/user/me GET /api/v1/security/user/{guid} GET /api/v1/userinfo/me GET /api/v1/userinfo/{guid} GET /api/v1/version/{id} POST /api/auth/login POST /api/captcha/send POST /api/captcha/verify POST /api/open/article/category/count POST /api/open/article/category/list POST /api/open/article/category/one POST /api/open/article/category/page POST /api/open/article/comment/list POST /api/open/article/comment/page POST /api/open/article/list POST /api/open/article/one POST /api/open/article/page POST /api/open/attachment/list POST /api/open/attachment/page POST /api/open/callback/unified/payment/alipay POST /api/open/callback/unified/payment/wechat POST /api/open/game/list POST /api/open/game/one POST /api/open/game/page POST /api/open/order/notify/paypal POST /api/open/version/one POST /api/user/password/forget POST /api/user/registration POST /api/user/registration/availablitity POST /api/user/registration/verifyReferral POST /api/v1/activationcode POST /api/v1/activationcode/count POST /api/v1/activationcode/list POST /api/v1/activationcode/one POST /api/v1/activationcode/page POST /api/v1/article POST /api/v1/article/category POST /api/v1/article/category/count POST /api/v1/article/category/list POST /api/v1/article/category/one POST /api/v1/article/category/page POST /api/v1/article/collection/count POST /api/v1/article/collection/list POST /api/v1/article/collection/page POST /api/v1/article/collection/{articleId} POST /api/v1/article/comment POST /api/v1/article/comment/count POST /api/v1/article/comment/list POST /api/v1/article/comment/me POST /api/v1/article/comment/page POST /api/v1/article/count POST /api/v1/article/label POST /api/v1/article/label/count POST /api/v1/article/label/list POST /api/v1/article/label/one POST /api/v1/article/label/page POST /api/v1/article/list POST /api/v1/article/one POST /api/v1/article/page POST /api/v1/article/praise/count POST /api/v1/article/praise/list POST /api/v1/article/praise/one POST /api/v1/article/praise/page POST /api/v1/article/praise/{articleId} POST /api/v1/article/set/labels POST /api/v1/attachment/create POST /api/v1/attachment/list POST /api/v1/attachment/page POST /api/v1/attachment/upload POST /api/v1/attachment/upload/{relationId}/{belongsTo} POST /api/v1/bible/create POST /api/v1/bible/item/create POST /api/v1/bible/item/queryList POST /api/v1/bible/item/queryPage POST /api/v1/bible/queryList POST /api/v1/bible/queryPage POST /api/v1/captcha/send POST /api/v1/email/list POST /api/v1/email/one POST /api/v1/email/page POST /api/v1/feedback POST /api/v1/feedback/count POST /api/v1/feedback/list POST /api/v1/feedback/one POST /api/v1/feedback/page POST /api/v1/game POST /api/v1/game/collection/count POST /api/v1/game/collection/list POST /api/v1/game/collection/page POST /api/v1/game/collection/{gameId} POST /api/v1/game/count POST /api/v1/game/download POST /api/v1/game/label POST /api/v1/game/label/count POST /api/v1/game/label/list POST /api/v1/game/label/one POST /api/v1/game/label/page POST /api/v1/game/list POST /api/v1/game/one POST /api/v1/game/package POST /api/v1/game/package/count POST /api/v1/game/package/list POST /api/v1/game/package/one POST /api/v1/game/package/page POST /api/v1/game/page POST /api/v1/game/patches POST /api/v1/game/patches/count POST /api/v1/game/patches/download POST /api/v1/game/patches/list POST /api/v1/game/patches/one POST /api/v1/game/patches/page POST /api/v1/game/setlabel POST /api/v1/i18n POST /api/v1/i18n/list POST /api/v1/i18n/page POST /api/v1/i18n/reload POST /api/v1/i18n/test/{i18nkey} POST /api/v1/mygame/count POST /api/v1/mygame/installed POST /api/v1/mygame/list POST /api/v1/mygame/one POST /api/v1/mygame/page POST /api/v1/navigation/create POST /api/v1/navigation/list POST /api/v1/navigation/page POST /api/v1/order POST /api/v1/order/activationcode POST /api/v1/order/list POST /api/v1/order/one POST /api/v1/order/page POST /api/v1/order/repair POST /api/v1/security/permission POST /api/v1/security/role/create POST /api/v1/security/role/grant/{code} POST /api/v1/security/role/queryPage POST /api/v1/security/user POST /api/v1/security/user/disabled/{guid} POST /api/v1/security/user/grant POST /api/v1/security/user/list POST /api/v1/security/user/locked/{guid} POST /api/v1/security/user/one POST /api/v1/security/user/page POST /api/v1/unified/payment/create POST /api/v1/user/password/captcha POST /api/v1/user/password/raw POST /api/v1/userinfo/list POST /api/v1/userinfo/page POST /api/v1/version POST /api/v1/version/count POST /api/v1/version/list POST /api/v1/version/one POST /api/v1/version/page PUT /api/v1/attachment/update PUT /api/v1/bible/item/update PUT /api/v1/bible/update PUT /api/v1/navigation/display PUT /api/v1/navigation/grant PUT /api/v1/navigation/update PUT /api/v1/security/role/updateFound on 2025-12-30 02:59
-
-
Open service 185.232.59.135:443 · api.xzz99.com
2026-01-23 04:50
HTTP/1.1 405 Not Allowed Server: marco/3.2 Date: Fri, 23 Jan 2026 04:50:32 GMT Content-Type: application/json Connection: close X-Error-Code: 40510001 X-Request-Id: 5ae6091a357cb5aeb47e679ba63e0cfa Content-Length: 44 Via: M.gtt-de-fra3-133 {"code":"40510001","msg":"invisible bucket"}Found 2026-01-23 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · api.xzz99.com
2026-01-09 18:07
HTTP/1.1 405 Not Allowed Server: marco/3.2 Date: Fri, 09 Jan 2026 18:07:48 GMT Content-Type: application/json Connection: close X-Error-Code: 40510001 X-Request-Id: 1ff59f120f1195731eec600ac9fe7052 Content-Length: 44 Via: M.gtt-de-fra3-133 {"code":"40510001","msg":"invisible bucket"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · api.xzz99.com
2026-01-08 19:54
HTTP/1.1 405 Not Allowed Server: marco/3.2 Date: Thu, 08 Jan 2026 19:54:56 GMT Content-Type: application/json Connection: close X-Error-Code: 40510001 X-Request-Id: 82bfc2e9df08a4bb3cff82929ba51f0f Content-Length: 44 Via: M.gtt-de-fra3-133 {"code":"40510001","msg":"invisible bucket"}Found 2026-01-08 by HttpPluginCreate report
-
Open service 185.232.59.135:443 · api.xzz99.com
2026-01-02 17:31
HTTP/1.1 405 Not Allowed Server: marco/3.2 Date: Fri, 02 Jan 2026 17:31:56 GMT Content-Type: application/json Connection: close X-Error-Code: 40510001 X-Request-Id: 8951e282a95fcf1f338127d9ae618261 Content-Length: 44 Via: M.gtt-de-fra3-133 {"code":"40510001","msg":"invisible bucket"}Found 2026-01-02 by HttpPluginCreate report
-
Open service 185.232.59.135:80 · api.xzz99.com
2026-01-01 20:24
HTTP/1.1 405 Not Allowed Server: marco/3.2 Date: Thu, 01 Jan 2026 20:24:50 GMT Content-Type: application/json Connection: close X-Error-Code: 40510001 X-Request-Id: de8bd7d127582c0141d52140663b02c4 Content-Length: 44 Via: M.gtt-de-fra3-133 {"code":"40510001","msg":"invisible bucket"}Found 2026-01-01 by HttpPluginCreate report