LeakIX - Host brj.com.sa

Domain brj.com.sa

United States

CLOUDFLARENET

Software information

CloudFront

tcp/80

ZGS

tcp/443 tcp/80

cloudflare

tcp/443

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 157.175.103.245
Domain: skillsbox.brj.com.sa
Port: 443
URL: https://skillsbox.brj.com.sa

First seen 2023-11-28 18:49
Last seen 2024-01-07 04:19
Open for 39 days

Severity: high
Fingerprint: 5f32cf5d6962f09c4eb8c9f24eb8c9f21a583a8766d65b7406608e754fdf42e5

Found 114 files trough .DS_Store spidering:

/.well-known
/1.html
/aa.Arabic.vtt
/apps
/apps/copyleaks.png
/apps/facebook-pixel.png
/apps/google-ads.png
/apps/google-analytics.png
/apps/google-tag-manager.png
/apps/hubspot.png
/apps/linkarabi.png
/apps/mailchimp.png
/apps/slack.png
/apps/snap-pixel.png
/apps/tabby-payment.png
/apps/tiktok-pixel.png
/apps/twitter-pixel.png
/apps/unifonic.png
/apps/zapier.png
/assets
/assets/admin
/assets/admin/css
/assets/admin/fonts
/assets/admin/images
/assets/admin/images/blank.png
/assets/admin/images/chat-bubble-left.png
/assets/admin/images/chat-bubble-right.jpg
/assets/admin/images/chat-contact-cloudi.png
/assets/admin/images/cloudi-chat-icon.png
/assets/admin/images/clouds.png
/assets/admin/images/default-thumbnail.jpg
/assets/admin/images/eiffel.jpg
/assets/admin/images/favicon.ico
/assets/admin/images/favicon.png
/assets/admin/images/file-bg.jpg
/assets/admin/images/gift.png
/assets/admin/images/gift.svg
/assets/admin/images/grayscale.svg
/assets/admin/images/grippy_large.png
/assets/admin/images/image-1.jpg
/assets/admin/images/image-2.jpg
/assets/admin/images/image-3.jpg
/assets/admin/images/image-4.jpg
/assets/admin/images/image-5.jpg
/assets/admin/images/landing-thumb.png
/assets/admin/images/lmcbutton.swf
/assets/admin/images/logo-collapsed.png
/assets/admin/images/logo-collapsed@2x.png
/assets/admin/images/logo-white.svg
/assets/admin/images/logo.png
/assets/admin/images/logo.svg
/assets/admin/images/logo@2x.png
/assets/admin/images/notes-lines.png
/assets/admin/images/ok-white-full.png
/assets/admin/images/ok-white.png
/assets/admin/images/ok.png
/assets/admin/images/open-chat.svg
/assets/admin/images/osarh_pro.svg
/assets/admin/images/osarh_pro_whight.svg
/assets/admin/images/page-title-example.png
/assets/admin/images/placeholder_600x400.jpg
/assets/admin/images/popup-bg.svg
/assets/admin/images/pwa
/assets/admin/images/pwa/1.svg
/assets/admin/images/pwa/2.svg
/assets/admin/images/select2.png
/assets/admin/images/select2x2.png
/assets/admin/images/toastr-icon.png
/assets/admin/images/unnamed.png
/assets/admin/images/user-1.png
/assets/admin/images/user-2.png
/assets/admin/images/user-3.png
/assets/admin/images/user-4.png
/assets/admin/images/user-5.png
/assets/admin/images/watermark-bg.png
/assets/admin/js
/assets/admin/js/pages
/assets/admin/js/plugins
/assets/admin/media
/assets/admin/media/logos
/assets/admin/media/svg
/assets/admin/media/users
/assets/admin/plugins
/assets/assets.zip
/assets/bigbluebutton
/assets/ckeditor
/assets/front
/assets/images
/assets/js
/assets/landing
/assets/output
/assets/socials
/assets/system
/assets/update.gif
/favicon.ico
/file.docx
/front
/gzip-layer-v2.zip
/gzip-layer-v3.zip
/gzip-layer.zip
/index.php
/Invoices-2023__11__30__1701351387.zip
/js
/log.txt
/mysql-cli-v3.zip
/scorm-again.js
/scorm2.js
/thumb.jpg
/thumb.php
/thumb2.jpg
/track.php
/twitter-verified-badge.svg
/vendor
/watching.php

Found on 2024-01-07 04:19

Severity: high
Fingerprint: 5f32cf5d6962f09c0f1214d30f1214d3d26b435efb68b923c22de40aa93db7fb

Found 94 files trough .DS_Store spidering:

/.well-known
/1.html
/aa.Arabic.vtt
/apps
/assets
/assets/admin
/assets/admin/css
/assets/admin/fonts
/assets/admin/images
/assets/admin/images/blank.png
/assets/admin/images/chat-bubble-left.png
/assets/admin/images/chat-bubble-right.jpg
/assets/admin/images/chat-contact-cloudi.png
/assets/admin/images/cloudi-chat-icon.png
/assets/admin/images/clouds.png
/assets/admin/images/default-thumbnail.jpg
/assets/admin/images/eiffel.jpg
/assets/admin/images/favicon.ico
/assets/admin/images/favicon.png
/assets/admin/images/file-bg.jpg
/assets/admin/images/gift.png
/assets/admin/images/gift.svg
/assets/admin/images/grayscale.svg
/assets/admin/images/grippy_large.png
/assets/admin/images/image-1.jpg
/assets/admin/images/image-2.jpg
/assets/admin/images/image-3.jpg
/assets/admin/images/image-4.jpg
/assets/admin/images/image-5.jpg
/assets/admin/images/landing-thumb.png
/assets/admin/images/lmcbutton.swf
/assets/admin/images/logo-collapsed.png
/assets/admin/images/logo-collapsed@2x.png
/assets/admin/images/logo-white.svg
/assets/admin/images/logo.png
/assets/admin/images/logo.svg
/assets/admin/images/logo@2x.png
/assets/admin/images/notes-lines.png
/assets/admin/images/ok-white-full.png
/assets/admin/images/ok-white.png
/assets/admin/images/ok.png
/assets/admin/images/open-chat.svg
/assets/admin/images/osarh_pro.svg
/assets/admin/images/osarh_pro_whight.svg
/assets/admin/images/page-title-example.png
/assets/admin/images/placeholder_600x400.jpg
/assets/admin/images/popup-bg.svg
/assets/admin/images/pwa
/assets/admin/images/pwa/1.svg
/assets/admin/images/pwa/2.svg
/assets/admin/images/select2.png
/assets/admin/images/select2x2.png
/assets/admin/images/toastr-icon.png
/assets/admin/images/unnamed.png
/assets/admin/images/user-1.png
/assets/admin/images/user-2.png
/assets/admin/images/user-3.png
/assets/admin/images/user-4.png
/assets/admin/images/user-5.png
/assets/admin/images/watermark-bg.png
/assets/admin/js
/assets/admin/js/pages
/assets/admin/js/plugins
/assets/admin/media
/assets/admin/media/logos
/assets/admin/media/svg
/assets/admin/media/users
/assets/admin/plugins
/assets/assets.zip
/assets/bigbluebutton
/assets/ckeditor
/assets/front
/assets/images
/assets/js
/assets/landing
/assets/output
/assets/socials
/assets/system
/assets/update.gif
/favicon.ico
/file.docx
/front
/index.php
/js
/log.txt
/scorm-again.js
/scorm2.js
/thumb.jpg
/thumb.php
/thumb2.jpg
/track.php
/twitter-verified-badge.svg
/vendor
/watching.php

Found on 2023-12-24 02:46

Severity: low
Fingerprint: 5f32cf5d6962f09c2a439cf82a439cf8d1064eb5e2170ace66fbec5b421e66b7

Found 31 files trough .DS_Store spidering:

/.well-known
/1.html
/aa.Arabic.vtt
/apps
/assets
/assets/admin
/assets/bigbluebutton
/assets/ckeditor
/assets/images
/assets/js
/assets/landing
/assets/output
/assets/socials
/assets/system
/assets/system/js
/assets/system/media
/favicon.ico
/file.docx
/front
/index.php
/js
/log.txt
/scorm-again.js
/scorm2.js
/thumb.jpg
/thumb.php
/thumb2.jpg
/track.php
/twitter-verified-badge.svg
/vendor
/watching.php

Found on 2023-11-28 18:49

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 157.175.103.245
Domain: skillsbox.brj.com.sa
Port: 80
URL: http://skillsbox.brj.com.sa

First seen 2023-11-28 18:49
- Severity: medium
  Fingerprint: 5f32cf5d6962f09c8efce1938efce19300805a9e8219e1e316b47c4a4112b362
```
Found 36 files trough .DS_Store spidering:

/.well-known
/1.html
/aa.Arabic.vtt
/apps
/assets
/assets/admin
/assets/bigbluebutton
/assets/ckeditor
/assets/images
/assets/js
/assets/landing
/assets/output
/assets/socials
/assets/system
/assets/system/js
/assets/system/media
/favicon.ico
/file.docx
/front
/front/css
/front/fonts
/front/images
/front/img
/front/js
/index.php
/js
/log.txt
/scorm-again.js
/scorm2.js
/thumb.jpg
/thumb.php
/thumb2.jpg
/track.php
/twitter-verified-badge.svg
/vendor
/watching.php
```
  Found on 2023-11-28 18:49
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.152.23
Domain: opti.brj.com.sa
Port: 443
URL: https://opti.brj.com.sa

First seen 2025-12-09 19:52
Last seen 2026-02-09 20:01
Open for 62 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 20:01
Create report

Open service 18.172.242.104:80 · brj.com.sa

2026-01-28 00:42

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Wed, 28 Jan 2026 00:42:33 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://brj.com.sa/
X-Cache: Redirect from cloudfront
Via: 1.1 f2c676964a8d25c108e5e06a59569a84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: BUD50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: KwfmbRH6bFky02zh8edpiVmfZ3e4Rp71Fluh4EYcz1Lu0K1d5NFXng==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

Found 2026-01-28 by HttpPlugin

Create report

Open service 172.67.152.23:443 · opti.brj.com.sa

2026-01-23 04:00

HTTP/1.1 200 OK
Date: Fri, 23 Jan 2026 04:00:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
CF-RAY: 9c2461cd5d1ddc96-FRA
Accept-Ranges: bytes
Cache-Control: public, max-age=604800
Last-Modified: Wed, 17 Dec 2025 15:23:56 GMT
Set-Cookie: ARRAffinity=d4ac4b20e5af4946c0a2084466ae900e152b4603fcb720c84a63b737b5261fa4;Path=/;HttpOnly;Secure;Domain=opti.brj.com.sa
Set-Cookie: ARRAffinitySameSite=d4ac4b20e5af4946c0a2084466ae900e152b4603fcb720c84a63b737b5261fa4;Path=/;HttpOnly;SameSite=None;Secure;Domain=opti.brj.com.sa
Request-Context: appId=cid-v1:3eeda15c-9083-4259-89e8-da275e724ff4
cf-cache-status: DYNAMIC
Server: cloudflare
alt-svc: h3=":443"; ma=86400

Page title: Document

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>
    BRJ main page - static page
    Release 1.0.0
</body>

</html>

Found 2026-01-23 by HttpPlugin