LeakIX - Host api.ooxab.cn

Domain api.ooxab.cn

Singapore

ACE

Software information

nginx nginx

tcp/443 tcp/80

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 43.152.43.121
Domain: api.ooxab.cn
Port: 80
URL: http://api.ooxab.cn

First seen 2025-11-04 09:34
Last seen 2026-02-02 10:01
Open for 90 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c3af247253af247251e0762cd3127e62e848dd348dffb056d
```
Found 9 files trough .DS_Store spidering:

/admin
/admin/images
/admin/js
/admin/tree
/admin/tree/css
/admin/tree/js
/css
/mobile
/uploads
```
  Found on 2026-02-02 10:01
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 43.152.43.121
Domain: api.ooxab.cn
Port: 443
URL: https://api.ooxab.cn

First seen 2025-11-04 09:34
Last seen 2026-02-02 02:16
Open for 89 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c3af247253af247251e0762cd3127e62e848dd348dffb056d
```
Found 9 files trough .DS_Store spidering:

/admin
/admin/images
/admin/js
/admin/tree
/admin/tree/css
/admin/tree/js
/css
/mobile
/uploads
```
  Found on 2026-02-02 02:16
Create report

Open service 43.152.43.121:80 · api.ooxab.cn

2026-01-23 04:49

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 23 Jan 2026 04:49:23 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS
Access-Control-Allow-Credentials: true
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik5WanZzTTgrYjI2dlZhcGdwQ01wUlE9PSIsInZhbHVlIjoiWkFPajluUjBQQVJ6cUNoUjN5ek53RjBzRHc1UVhPZUdUeWs1cWtvYmk1RW85NUliY3hWQXd1SkpCOU5DWHdNQk52Yld3S0JoWmFUR0dQMEIrQk1PVm1BQWdUUmJxbTJ5YUFOVW5zekRwU0xGYkVPdzBlOWVLcXhHSVpiek45MnAiLCJtYWMiOiI0ZGI2OGExYzNmY2E1NDFhZWMwYTZkOWM3ZTFhN2RlYzFkMTM5MDI0MzU4NmVjZTJlNDI5MWQ5Y2VjODdjN2EwIiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 06:49:23 GMT; Max-Age=7200; path=/; secure; samesite=lax
Set-Cookie: jhf_session=eyJpdiI6Im5ZemN6bkxqMlVXUms2NlFlL1ZiVlE9PSIsInZhbHVlIjoieUR3c0xlNkgrYnY2OS8zNWxVQWpjZTFEMklOdWdqNERqeHpXeElVUDhrang5RXMvNWNmZGlmcE5vUWNlc2hEeEtadXB6elJnRkhkellCTUp0NzE4cThZNGJvd2EwZFVNNGR6Y2hob0FVY0JuRUpMSEZEVlVHeVFHQk1hVVBsMFciLCJtYWMiOiJlZjUyYTQxZDBmM2IzNmIxOWM5MmI1ZGU0Y2RiNzVlY2M3YjkyNGFkMWI1ZDlhMTE2YmI3OWMxZTYzMDViNjYyIiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 06:49:23 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=31536000
Alt-Svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
Cache-Control: private, no-cache
Transfer-Encoding: chunked
X-NWS-LOG-UUID: 2157468970820540541
Connection: close
X-Cache-Lookup: Cache Miss

Found 2026-01-23 by HttpPlugin

Create report

Open service 43.152.43.121:443 · api.ooxab.cn

2026-01-23 01:43

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 23 Jan 2026 01:44:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS
Access-Control-Allow-Credentials: true
Set-Cookie: XSRF-TOKEN=eyJpdiI6InJKQUpaVWpIV3FFaGtrajd1emttckE9PSIsInZhbHVlIjoiY3k4NjZiNEZQT2tETlJSVGxVOWZmVExqbUFyOVJueTNYVG5jTkZITWNJT0xmazNOVUJrQ0Y2SUNtYTFENEdyRmY5M01YU0tISlZBUSt3aUpieElKRmJPMExlRDMxTnB3U2J2SDdabkNRZHhyOWlaMEpmQ2E2ZFhVRnJFZlNXWXYiLCJtYWMiOiIwMTc0YzUzOGMwOWEzNzA5Y2RlZDE2ODBhMjU2N2E0ODdiOGZmZTM5YzBkZjk2YjQ3NzY3MjMwNDkzNzIyMTJiIiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 03:44:02 GMT; Max-Age=7200; path=/; secure; samesite=lax
Set-Cookie: jhf_session=eyJpdiI6ImJ3RkxKczdzNzNPQ2lSVkU1Zk8rWkE9PSIsInZhbHVlIjoiamZ5Z2NCYit4ZEVGSGcxdUhYamZxSmRRbnkwQTFDYmZheWFwWHdtcU5Nb2hUYVJoUElmaExFRnJWaUZOVTZBWG5ocUFRWkhVdldYSTg4MWxvUGVDKzhOOURrZzEvZFFVcFJNVEx0NDhJRW0wUkdGczRZVit6ZEhOdU9sVlhwd24iLCJtYWMiOiIwNTEwMDAxNmRhMjkzZjIzZGI3MjYzZTAzMjBjNTg0NjZjYTEzNTZjYmMwZDBlN2ZmNWMyYWFhYWQ1NTQ4MDQxIiwidGFnIjoiIn0%3D; expires=Fri, 23 Jan 2026 03:44:02 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=31536000
Alt-Svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
Cache-Control: private, no-cache
Transfer-Encoding: chunked
X-NWS-LOG-UUID: 7884646675701956717
Connection: close
X-Cache-Lookup: Cache Miss

Found 2026-01-23 by HttpPlugin

Create report

Open service 43.152.43.121:80 · api.ooxab.cn

2026-01-09 18:44

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 09 Jan 2026 18:44:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS
Access-Control-Allow-Credentials: true
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlhMQ0Rickl0QWc2aEJHMDNuK2I3Q0E9PSIsInZhbHVlIjoiL2d2TVJxczdOM1ZMQTFLTHFhNk1aSjJxU2hpSVV0TlBJOFVkbSticFoybU5hbUQvb0dLVHhMQksydEhCT21lMVpVMXl2MG92K2dvY0tLeFhmK2JRZUNQeFF1RCtyUUhqTWlvS29zSzIzNWZSbzNlZW9Dd3lSMzhKWm1RQVlSRk0iLCJtYWMiOiIxMWE3NzE4MDA1YjAyNWU0NzNkOGFiZDdlZDk4N2U1MDA2NzYxMWUxMTJhOGQxNTQ1NzgyMGE1Yzg5MzBjNmJkIiwidGFnIjoiIn0%3D; expires=Fri, 09 Jan 2026 20:44:55 GMT; Max-Age=7200; path=/; secure; samesite=lax
Set-Cookie: jhf_session=eyJpdiI6ImJ3UkV6ZUkrbGpMb3ZDbmtieVhVRUE9PSIsInZhbHVlIjoiTWpHeVhYSEdtNldYYnk4WWJYamVmUWpmWStTRVh4S2RLYWdlcVhCb3VJcmF2SUlBQU1TV09Pb1lYbnhEYk5MeXpwTmh5NklkYjhnb3BlZFJ6RnhuWWYvT2hXMGg0N2VvL0t2L096NXdJRzJKMlNXR1RMa3ZaM2VlNy9JRlhIdEwiLCJtYWMiOiIyYmI1ZTE0ZDgzYTBhZDkyMThiNDI2NTk1YzcxNzZlZDk3OWRkNjRjZTBjMTJhN2U1YzViMjdhNTg1NWMwZWUxIiwidGFnIjoiIn0%3D; expires=Fri, 09 Jan 2026 20:44:55 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=31536000
Alt-Svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
Cache-Control: private, no-cache
Transfer-Encoding: chunked
X-NWS-LOG-UUID: 9883701493574950329
Connection: close
X-Cache-Lookup: Cache Miss

Found 2026-01-09 by HttpPlugin

Create report

api.ooxab.cn

Fingerprint:

a7f0f057aee2543f3aa6615e85bc2a8176452c0b75ea26da0b238cfb946ef381

CN:

api.ooxab.cn

Key:

RSA-2048

Issuer:

TrustAsia DV TLS RSA CA 2025

Not before:

2025-11-04 00:00

Not after:

2026-02-01 23:59

Domain summary

api.ooxab.cn 4

1 recorded

IP summary

43.152.43.121 2

1 recorded

Domain api.ooxab.cn

Singapore

Software information

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Create report

Create report

Create report

api.ooxab.cn

Domain summary

IP summary