Domain api.idaarah.com
Software information
cloudflare
tcp/443
-
MacOS file listing through .DS_Store file
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
First seen 2025-12-29 17:49-
Severity: high
Fingerprint: 5f32cf5d6962f09cef4770e6ef4770e66baa870859aa519ce15ef61a725b15f3Found 42 files trough .DS_Store spidering: /.editorconfig /.env.example /.gitattributes /.gitignore /.styleci.yml /app /artisan /bootstrap /composer.json /composer.lock /config /database /docker-compose.yml /Dockerfile /install.sh /lang /package.json /packages /packages/marvel /packages/marvel/.gitignore /packages/marvel/.styleci.yml /packages/marvel/composer.json /packages/marvel/config /packages/marvel/database /packages/marvel/license.md /packages/marvel/phpunit.xml /packages/marvel/readme.md /packages/marvel/src /packages/marvel/stubs /packages/marvel/stubs/resources /packages/marvel/stubs/seeders /packages/marvel/stubs/sql /packages/marvel/stubs/sql/chawkbazar /phpunit.xml /public /resources /routes /server.php /storage /tests /webpack.mix.js /yarn.lock
Found on 2025-12-29 17:49
-
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2026-01-02 22:43
Last seen 2026-01-23 03:23
Open for 20 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31135bfeb856f43a9eb251c0623c5e1257036d0e5GraphQL introspection enabled at /graphql Types: 435 (by kind: ENUM: 48, INPUT_OBJECT: 210, OBJECT: 166, SCALAR: 10, UNION: 1) Operations: - Query: Query | fields: abusive_report, address, analytics, popularProducts, singleAddress - Mutation: Mutation | fields: acceptAbusiveReport, createAbusiveReport, deleteAbusiveReport, rejectAbusiveReport, upload Directives: deprecated, include, skip (total: 3)
Found on 2026-01-23 03:23542.5 kBytes
-
-
Open service 172.67.207.23:443 · api.idaarah.com
2026-01-23 03:23
HTTP/1.1 200 OK Date: Fri, 23 Jan 2026 03:23:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private access-control-allow-origin: * Set-Cookie: XSRF-TOKEN=eyJpdiI6IjdxT1piTGNJRGtXTVppZ2FCWFo0ZXc9PSIsInZhbHVlIjoiazZLbWhpWGhISi9uOG01eW45Nlh2NDltdmJtbW8rOU5yclRmMjRiM2FKaURaWFl2R1RwSXpkeUJFSmZhS2ptRFZxV3BNN3gwLzdpeFJQK3Zac3BZbG5UQ0VLL09BTTVrd3ZvV0JqcFVVSUdRQXQxVkpDQ1pkV3A5MExMdlZSYTAiLCJtYWMiOiIxZGZhMzgwMWRmYWJmY2QxZDRkMzU3MzRjODQ0NWQxNTY3NGI2ODU0ZTVlNTBkN2I3MDEyMjU3MzFiMmVhYThhIiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 05:23:52 GMT; Max-Age=7200; path=/; samesite=lax; secure Set-Cookie: chawkbazar_session=eyJpdiI6IjM1TnlhSjQ5V3ZGUDhtYXRVcWNXdHc9PSIsInZhbHVlIjoiUk5rOHdwZzdUdVU4V0dCQlNHU3B4ZWxYVmQyOE5DSXc3NTNPZHRVTHMra0hUS0hPRlFMVm43VS90SVpBK1FMMmtRYk8zbFBuaEIrNnJiVTBiTUdsUWNGbUtucmlrVEcrVFFpN0ZFTXVpeW5pUHZnRFZiY1FWZTgwdUhmcENrSzAiLCJtYWMiOiJkZjRjOWQzNjlmOTE2NjRjOGE0YWE2MzdhOTU3MzA4YTJiODIzZjIzZmI0YmQ4MzkxMjY3MGMxMzFjY2Q2YWE5IiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 05:23:52 GMT; Max-Age=7200; path=/; httponly; samesite=lax; secure Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tkjfaIO8jRFks33hGuP%2B4cWyiPwnH1Ca6Onr%2BdpGNxQnRywF8jcwRLJfSV3nCyBCLim%2BtT8ob%2FvtKIdDIkiiehgqLCzohjajm%2BtAeLo%3D"}]} vary: Accept-Encoding Server: cloudflare alt-svc: h3=":443"; ma=86400 x-turbo-charged-by: LiteSpeed cf-cache-status: DYNAMIC Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Server-Timing: cfCacheStatus;desc="DYNAMIC" Server-Timing: cfEdge;dur=3,cfOrigin;dur=244 CF-RAY: 9c242cc3e8d2e5d0-EWR Page title: Marvel Laravel <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Marvel Laravel</title> <!-- Fonts --> <link href="https://fonts.googleapis.com/css2?family=Raleway:wght@300&display=swap" rel="stylesheet"> <!-- Styles ---> <style> .welcome { display: flex; flex-direction: column; align-items: center; justify-content: center; min-height: 100vh; } .welcome h1 { font-family: 'Raleway', sans-serif; font-size: 40px; font-weight: 300; color: #333333; margin-bottom: 30px; } .welcome ul { list-style: none; margin: 0; padding: 0; display: flex; justify-content: center; } .welcome ul li { margin-right: 30px; } .welcome ul li:last-child { margin-right: 0px; } .welcome ul li a { font-family: system-ui, ui-sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: 14px; color: #222222; text-decoration: none; transition: color 0.3s; text-transform: uppercase; } .welcome ul li a:hover { color: #009f7f; } .welcome ul li a:foucs { outline: none; } /* Put css here */ </style> </head> <body class="welcome"> <h1>Marvel Laravel</h1> <ul> <li><a href="https://chawkbazar-laravel-doc.vercel.app/" target="_blank">Documentation</a></li> <li><a href="http://redqsupport.ticksy.com/" target="_blank">Support</a></li> <li><a href="https://redq.io/" target="_blank">Contact</a></li> </ul> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon='{"version":"2024.11.0","token":"cefeaffa7c824f3e9cee8b8ed62b159d","r":1,"server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> </body> </html>Found 2026-01-23 by HttpPluginCreate report