LeakIX - Host payment.steelytoe.com

Domain payment.steelytoe.com

Indonesia

INDO Internet, PT

Ubuntu

Software information

nginx nginx 1.18.0

tcp/443 tcp/80

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 202.159.30.243
Domain: payment.steelytoe.com
Port: 443
URL: https://payment.steelytoe.com

First seen 2024-12-20 02:07
Last seen 2026-01-14 21:30
Open for 390 days

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652277a767dd

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://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@github.com/eriklukiman/payment_gateway.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "amal"]
	remote = origin
	merge = refs/heads/amal
[branch "qr_va_endpoint"]
	remote = origin
	merge = refs/heads/qr_va_endpoint
[branch "production"]
	remote = origin
	merge = refs/heads/production

Found on 2026-01-14 21:30

460 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65224231597c

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://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@github.com/eriklukiman/payment_gateway.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "amal"]
	remote = origin
	merge = refs/heads/amal
[branch "qr_va_endpoint"]
	remote = origin
	merge = refs/heads/qr_va_endpoint

Found on 2025-07-22 07:46

390 Bytes

Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652246072e05

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://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@github.com/eriklukiman/payment_gateway.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "amal"]
	remote = origin
	merge = refs/heads/amal
[branch "qr_va_endpoint"]
	remote = origin
	merge = refs/heads/qr_va_endpoint

Found on 2025-07-13 00:07

390 Bytes

Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65222f5990ed

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://culhan: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@github.com/eriklukiman/payment_gateway.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "amal"]
	remote = origin
	merge = refs/heads/amal
[branch "qr_va_endpoint"]
	remote = origin
	merge = refs/heads/qr_va_endpoint

Found on 2025-02-06 13:15

397 Bytes

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 202.159.30.243
Domain: payment.steelytoe.com
Port: 8443
URL: https://payment.steelytoe.com:8443

First seen 2025-10-14 01:46
Last seen 2026-01-09 10:54
Open for 87 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-09 10:54
Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-12 21:17

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Jan 2026 21:17:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 3 days ago by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-12 19:18

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Jan 2026 19:18:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-12 by HttpPlugin

Create report

Open service 202.159.30.243:80 · payment.steelytoe.com

2026-01-12 19:18

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 12 Jan 2026 19:18:13 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 14:09:01 GMT
Connection: close
ETag: "5e9efe7d-264"
Accept-Ranges: bytes

Page title: Welcome to nginx!

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Found 2026-01-12 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-11 21:22

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 11 Jan 2026 21:22:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-11 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-10 21:21

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 10 Jan 2026 21:21:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-10 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-09 21:46

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 09 Jan 2026 21:46:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-09 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2026-01-09 10:54

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Fri, 09 Jan 2026 10:54:32 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-08 21:40

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 08 Jan 2026 21:40:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-08 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-07 21:21

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 07 Jan 2026 21:21:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-07 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-06 21:15

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 06 Jan 2026 21:15:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-06 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-03 21:23

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 03 Jan 2026 21:23:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-03 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-02 21:11

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 02 Jan 2026 21:11:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-02 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2026-01-02 02:27

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Fri, 02 Jan 2026 02:27:43 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2026-01-01 21:39

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 01 Jan 2026 21:39:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2026-01-01 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-31 21:39

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 31 Dec 2025 21:39:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-31 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-30 21:36

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 30 Dec 2025 21:36:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-30 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-29 20:16

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Dec 2025 20:16:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-29 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2025-12-29 20:16

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Mon, 29 Dec 2025 20:16:47 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2025-12-29 by HttpPlugin

Create report

Open service 202.159.30.243:80 · payment.steelytoe.com

2025-12-29 20:16

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 29 Dec 2025 20:16:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 14:09:01 GMT
Connection: close
ETag: "5e9efe7d-264"
Accept-Ranges: bytes

Page title: Welcome to nginx!

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Found 2025-12-29 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-23 02:32

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 23 Dec 2025 02:32:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-23 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2025-12-22 22:25

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Mon, 22 Dec 2025 22:25:57 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-22 20:48

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 22 Dec 2025 20:48:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-22 by HttpPlugin

Create report

Open service 202.159.30.243:80 · payment.steelytoe.com

2025-12-22 20:48

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 22 Dec 2025 20:48:06 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 14:09:01 GMT
Connection: close
ETag: "5e9efe7d-264"
Accept-Ranges: bytes

Page title: Welcome to nginx!

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2025-12-22 20:48

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Mon, 22 Dec 2025 20:48:06 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 202.159.30.243:8443 · payment.steelytoe.com

2025-12-21 08:54

HTTP/1.1 302 Found
location: http://payment.steelytoe.com/manager
content-length: 0
date: Sun, 21 Dec 2025 08:54:20 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
connection: close

Found 2025-12-21 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-21 08:19

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 21 Dec 2025 08:19:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Found 2025-12-21 by HttpPlugin

Create report

Open service 202.159.30.243:443 · payment.steelytoe.com

2025-12-19 05:52

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Dec 2025 05:52:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding


{"status":{"error":true,"errorCode":404,"message":"Handler not found!"}}

Not after:

2026-03-15 20:18

Domain summary

payment.steelytoe.com 31

1 recorded

IP summary

202.159.30.243 2

1 recorded

Domain payment.steelytoe.com

Indonesia

Software information

Git configuration and history exposed

Swagger API description is publicly available

payment.steelytoe.com

payment.steelytoe.com

localhost

payment.steelytoe.com

payment.steelytoe.com

payment.steelytoe.com

Domain summary

IP summary