Domain stgeng-cms.firstpost.com
United States
-
Git configuration and history exposed
The following URL (usually
/.git/config) is publicly accessible and is leaking source code and repository configuration.Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.
First seen 2023-11-28 11:43
Last seen 2025-05-13 04:29
Open for 531 days-
Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522cf04b56e[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true hooksPath = /dev/null [remote "origin"] url = https://gitdeployment:glpat-J_sYJgVsmixEmCVxwsJy@gitlab.network18tech.com/firstpost/firstpost_cms.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "multi_staging_gcp"] remote = origin merge = refs/heads/multi_staging_gcp
Found on 2025-05-13 04:29371 Bytes -
Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652254755dba[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true hooksPath = /dev/null [remote "origin"] url = https://gitdeployment:GitDepL0yment@gitlab.network18tech.com/firstpost/firstpost_cms.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "multi_staging_gcp"] remote = origin merge = refs/heads/multi_staging_gcp
Found on 2025-05-11 17:05358 Bytes -
Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522679786bf[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitdeployment:GitDepL0yment@gitlab.network18tech.com/firstpost/firstpost_cms.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "multi_staging_gcp"] remote = origin merge = refs/heads/multi_staging_gcp
Found on 2025-03-16 22:53335 Bytes -
Severity: critical
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522ec9ca285[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = http://gitdeployment:GitDepL0yment@git.active18.com/firstpost/firstpost_cms.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "multi_staging_gcp"] remote = origin merge = refs/heads/multi_staging_gcp
Found on 2024-08-02 18:45326 Bytes
-
-
MacOS file listing through .DS_Store file
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
First seen 2024-01-05 07:59
Last seen 2024-02-02 05:41
Open for 27 days-
Severity: medium
Fingerprint: 5f32cf5d6962f09cccd847a3ccd847a31b15ea74a5f4912581494be09dc444ebFound 43 files trough .DS_Store spidering: /adminer.php /analytics /api /Backup /composer.json /cron_scripts /cronjob /cronjobs /customs /db-config.php /feeds /fp_conn_config.php /fpbackend /gt /includes /index.php /license.txt /predis /prj-stg-firstpost.json /prj-stg-svc-firstpost4d-affee0e75756.json /prj-stg-svc-news1847-1280cc5ebd0d.json /rcheck.php /readme.html /RedisMaster /rss /vendor /wp-activate.php /wp-admin /wp-blog-header.php /wp-comments-post.php /wp-config-sample.php /wp-config.php /wp-content /wp-cron.php /wp-includes /wp-links-opml.php /wp-load.php /wp-login.php /wp-mail.php /wp-settings.php /wp-signup.php /wp-trackback.php /xmlrpc.php
Found on 2024-02-02 05:41 -
Severity: medium
Fingerprint: 5f32cf5d6962f09c8c9af8b78c9af8b7a42eed08c92471d9aef7563cedfd9b43Found 128 files trough .DS_Store spidering: /adminer.php /analytics /api /Backup /cron_scripts /cronjob /cronjobs /customs /feeds /fp_conn_config.php /fpbackend /gt /includes /index.php /license.txt /predis /rcheck.php /readme.html /RedisMaster /rss /vendor /wp-activate.php /wp-admin /wp-blog-header.php /wp-comments-post.php /wp-config-sample.php /wp-config.php /wp-content /wp-content/_w3-total-cache-config.php /wp-content/advanced-cache.php /wp-content/checklogin.php /wp-content/db.php /wp-content/db_ro.php /wp-content/debug.log /wp-content/firstpost-extra-metafields-for-category /wp-content/get_related_tags.php /wp-content/image2png.php /wp-content/image2png_cache.php /wp-content/image2png_videos.php /wp-content/image2wap.php /wp-content/index.php /wp-content/jsonfiles /wp-content/mt-videos-listing.php /wp-content/news_sitemap /wp-content/object-cache.php /wp-content/OLD db.php /wp-content/plugins /wp-content/plugins/adminer /wp-content/plugins/Adschange /wp-content/plugins/akismet /wp-content/plugins/alsoView /wp-content/plugins/AmazonRankingSystem /wp-content/plugins/amp-validate /wp-content/plugins/AMPErrorLog /wp-content/plugins/AsianRankingSystem /wp-content/plugins/assemblyelection /wp-content/plugins/authorlist /wp-content/plugins/autoblogged /wp-content/plugins/AxisYoutubeList /wp-content/plugins/breakingNews /wp-content/plugins/budget /wp-content/plugins/budget-quiz /wp-content/plugins/byline-management /wp-content/plugins/classic-editor /wp-content/plugins/cms-features /wp-content/plugins/cmsheader /wp-content/plugins/collection /wp-content/plugins/Cricket /wp-content/plugins/custom-post-export /wp-content/plugins/downloadWebstory /wp-content/plugins/downloadWireAuthorReport /wp-content/plugins/downloadWireReport /wp-content/plugins/elections-cms /wp-content/plugins/Entertainment /wp-content/plugins/factYoutube /wp-content/plugins/FCricket /wp-content/plugins/fCrickSeries /wp-content/plugins/fCrickSeriesMain /wp-content/plugins/featured_videos_ranking /wp-content/plugins/Firstpost /wp-content/plugins/firstpost-extra-metafields /wp-content/plugins/firstpost-extra-metafields-for-category /wp-content/plugins/firstpostprint /wp-content/plugins/fms /wp-content/plugins/fms_wp_plugin /wp-content/plugins/fp-elastic-log /wp-content/plugins/FPShows /wp-content/plugins/G20RankingSystem /wp-content/plugins/globetrotter /wp-content/plugins/header-management /wp-content/plugins/hello.php /wp-content/plugins/highlights /wp-content/plugins/hyperdb /wp-content/plugins/index.php /wp-content/plugins/IPLRankingSystem /wp-content/plugins/live-blog /wp-content/plugins/missed-scheduled-posts-publisher /wp-content/plugins/nw-site-optimization /wp-content/plugins/nw-video-cms /wp-content/plugins/nw-video-config /wp-content/plugins/Old_w3-total-cache /wp-content/plugins/opinion /wp-content/plugins/PolicyViolation /wp-content/plugins/premiumarticlequotes /wp-content/plugins/priority-N18 /wp-content/plugins/priority-N18-log /wp-content/plugins/relatedFact /wp-content/plugins/report /wp-content/plugins/reports-management /wp-content/plugins/rhs_video /wp-content/plugins/s3-video /wp-content/plugins/sectionbreakingnews /wp-content/plugins/sectionstreamrankking /wp-content/plugins/showShaHP /wp-content/plugins/suggested_videos_ranking /wp-content/plugins/t20Quotes /wp-content/plugins/T20RankingSystem /wp-content/plugins/tagCleanup /wp-content/plugins/tagUnlink /wp-content/plugins/Tech /wp-content/plugins/tech2.0 /wp-content/plugins/tech2fTech /wp-content/plugins/TechPanelSwap /wp-content/plugins/TechRanking /wp-content/plugins/techReviewCompareImage /wp-content/plugins/techReviewImage /wp-content/plugins/techTopReview /wp-content/plugins/techTopStories
Found on 2024-01-16 04:50 -
Severity: medium
Fingerprint: 5f32cf5d6962f09c8f03d7bd8f03d7bdbfa93286394c1dd7ee56773ef10e47c5Found 38 files trough .DS_Store spidering: /adminer.php /analytics /api /cron_scripts /cronjob /cronjobs /customs /feeds /fp_conn_config.php /fpbackend /gt /includes /index.php /license.txt /predis /rcheck.php /readme.html /RedisMaster /rss /vendor /vendor/aws /wp-activate.php /wp-admin /wp-blog-header.php /wp-comments-post.php /wp-config-sample.php /wp-config.php /wp-content /wp-cron.php /wp-includes /wp-links-opml.php /wp-load.php /wp-login.php /wp-mail.php /wp-settings.php /wp-signup.php /wp-trackback.php /xmlrpc.php
Found on 2024-01-07 12:47 -
Severity: medium
Fingerprint: 5f32cf5d6962f09ce9dbcc92e9dbcc92f57301396f4e92ec7a6148e9f4146356Found 60 files trough .DS_Store spidering: /adminer.php /analytics /api /cron_scripts /cronjob /cronjobs /customs /feeds /fp_conn_config.php /fpbackend /gt /includes /index.php /license.txt /predis /rcheck.php /readme.html /RedisMaster /rss /vendor /vendor/aws /wp-activate.php /wp-admin /wp-blog-header.php /wp-comments-post.php /wp-config-sample.php /wp-config.php /wp-content /wp-content/_w3-total-cache-config.php /wp-content/advanced-cache.php /wp-content/checklogin.php /wp-content/db.php /wp-content/db_ro.php /wp-content/debug.log /wp-content/firstpost-extra-metafields-for-category /wp-content/get_related_tags.php /wp-content/image2png.php /wp-content/image2png_cache.php /wp-content/image2png_videos.php /wp-content/image2wap.php /wp-content/index.php /wp-content/jsonfiles /wp-content/mt-videos-listing.php /wp-content/news_sitemap /wp-content/object-cache.php /wp-content/plugins /wp-content/sitemap-live-score.php /wp-content/themes /wp-content/timthumb.php /wp-content/tinypng.php /wp-cron.php /wp-includes /wp-links-opml.php /wp-load.php /wp-login.php /wp-mail.php /wp-settings.php /wp-signup.php /wp-trackback.php /xmlrpc.php
Found on 2024-01-06 04:39 -
Severity: medium
Fingerprint: 5f32cf5d6962f09c8c9af8b78c9af8b7a42eed08c92471d9aef7563c6d11acb4Found 128 files trough .DS_Store spidering: /adminer.php /analytics /api /cron_scripts /cronjob /cronjobs /customs /feeds /fp_conn_config.php /fpbackend /gt /includes /index.php /license.txt /predis /rcheck.php /readme.html /RedisMaster /rss /vendor /vendor/aws /wp-activate.php /wp-admin /wp-blog-header.php /wp-comments-post.php /wp-config-sample.php /wp-config.php /wp-content /wp-content/_w3-total-cache-config.php /wp-content/advanced-cache.php /wp-content/checklogin.php /wp-content/db.php /wp-content/db_ro.php /wp-content/debug.log /wp-content/firstpost-extra-metafields-for-category /wp-content/get_related_tags.php /wp-content/image2png.php /wp-content/image2png_cache.php /wp-content/image2png_videos.php /wp-content/image2wap.php /wp-content/index.php /wp-content/jsonfiles /wp-content/mt-videos-listing.php /wp-content/news_sitemap /wp-content/object-cache.php /wp-content/plugins /wp-content/plugins/Adschange /wp-content/plugins/akismet /wp-content/plugins/AmazonRankingSystem /wp-content/plugins/AMPErrorLog /wp-content/plugins/AsianRankingSystem /wp-content/plugins/assemblyelection /wp-content/plugins/authorlist /wp-content/plugins/autoblogged /wp-content/plugins/AxisYoutubeList /wp-content/plugins/breakingNews /wp-content/plugins/budget /wp-content/plugins/budget-quiz /wp-content/plugins/byline-management /wp-content/plugins/classic-editor /wp-content/plugins/cms-features /wp-content/plugins/cmsheader /wp-content/plugins/collection /wp-content/plugins/Cricket /wp-content/plugins/downloadWebstory /wp-content/plugins/downloadWireAuthorReport /wp-content/plugins/downloadWireReport /wp-content/plugins/elections-cms /wp-content/plugins/Entertainment /wp-content/plugins/factYoutube /wp-content/plugins/FCricket /wp-content/plugins/fCrickSeries /wp-content/plugins/fCrickSeriesMain /wp-content/plugins/featured_videos_ranking /wp-content/plugins/Firstpost /wp-content/plugins/firstpost-extra-metafields /wp-content/plugins/firstpost-extra-metafields-for-category /wp-content/plugins/firstpostprint /wp-content/plugins/fms /wp-content/plugins/fms_wp_plugin /wp-content/plugins/fp-elastic-log /wp-content/plugins/FPShows /wp-content/plugins/G20RankingSystem /wp-content/plugins/globetrotter /wp-content/plugins/header-management /wp-content/plugins/hello.php /wp-content/plugins/highlights /wp-content/plugins/index.php /wp-content/plugins/IPLRankingSystem /wp-content/plugins/live-blog /wp-content/plugins/nw-site-optimization /wp-content/plugins/Old_w3-total-cache /wp-content/plugins/opinion /wp-content/plugins/PolicyViolation /wp-content/plugins/premiumarticlequotes /wp-content/plugins/priority-N18 /wp-content/plugins/priority-N18-log /wp-content/plugins/relatedFact /wp-content/plugins/report /wp-content/plugins/reports-management /wp-content/plugins/rhs_video /wp-content/plugins/sectionbreakingnews /wp-content/plugins/sectionstreamrankking /wp-content/plugins/showShaHP /wp-content/plugins/suggested_videos_ranking /wp-content/plugins/t20Quotes /wp-content/plugins/T20RankingSystem /wp-content/plugins/tagCleanup /wp-content/plugins/tagUnlink /wp-content/plugins/tech2.0 /wp-content/plugins/tech2fTech /wp-content/plugins/TechPanelSwap /wp-content/plugins/TechRanking /wp-content/plugins/techReviewCompareImage /wp-content/plugins/techReviewImage /wp-content/plugins/techTopReview /wp-content/plugins/techTopStories /wp-content/plugins/TechYouTubeVideos /wp-content/plugins/termfields /wp-content/plugins/trendingtags /wp-content/plugins/uploadLargeFile /wp-content/plugins/user-photo /wp-content/plugins/VantageSwitches /wp-content/plugins/video-recommendation /wp-content/plugins/video_player_config /wp-content/plugins/webstory_zip_uploader /wp-content/plugins/wp-category-permalink /wp-content/plugins/youtube-recommendation
Found on 2024-01-05 07:59
-
-
Open service 34.102.213.80:443 · stgeng-cms.firstpost.com
2026-01-08 17:14
HTTP/1.1 403 Forbidden content-type: text/html; charset=UTF-8 Content-Length: 134 via: 1.1 google date: Thu, 08 Jan 2026 17:14:39 GMT Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Page title: 403 <!doctype html><meta charset="utf-8"><meta name=viewport content="width=device-width, initial-scale=1"><title>403</title>403 Forbidden
Found 2026-01-08 by HttpPluginCreate report