LeakIX - Host test.malathapp.com

Domain test.malathapp.com

Germany

Hetzner Online GmbH

Software information

nginx nginx

tcp/443 tcp/80

sw-cp-server

tcp/8443

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 138.201.36.198
Domain: test.malathapp.com
Port: 443
URL: https://test.malathapp.com

First seen 2024-02-29 18:29
Last seen 2026-01-02 17:14
Open for 672 days

Severity: high
Fingerprint: 5f32cf5d6962f09c91500896915008961d78971368b31d0ac65808f53f031c29

Found 37 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/public/avatars
/public/avatars/images
/public/avatars/videos
/public/avatars/videos/WhatsApp Video 2023-02-04 at 11.55.35 AM.mp4
/public/blog-header
/public/blogs
/public/index.html
/public/landingpage
/public/landingpage/png
/public/socialIcons
/public/socialIcons/facebook.png
/public/videos
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2026-01-02 17:14

Severity: high
Fingerprint: 5f32cf5d6962f09cd4047824d404782479c41899334159e0cc8f14bfbe2c0812

Found 35 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/public/avatars
/public/avatars/images
/public/avatars/videos
/public/avatars/videos/WhatsApp Video 2023-02-04 at 11.55.35 AM.mp4
/public/blog-header
/public/blogs
/public/index.html
/public/landingpage
/public/socialIcons
/public/videos
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2025-11-28 13:21

Severity: high
Fingerprint: 5f32cf5d6962f09ca629b8b1a629b8b1461559c234cdbeffcf58e87a18c39cec

Found 34 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/public/avatars
/public/avatars/images
/public/avatars/videos
/public/blog-header
/public/blogs
/public/index.html
/public/landingpage
/public/socialIcons
/public/videos
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2025-11-26 17:00

Severity: high
Fingerprint: 5f32cf5d6962f09c8efce1938efce1937a20865418633541e28537e041e883ca

Found 36 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/public/avatars
/public/avatars/images
/public/avatars/videos
/public/avatars/videos/WhatsApp Video 2023-02-04 at 11.55.35 AM.mp4
/public/blog-header
/public/blogs
/public/index.html
/public/landingpage
/public/landingpage/png
/public/socialIcons
/public/videos
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2025-11-16 10:43

Severity: high
Fingerprint: 5f32cf5d6962f09ca0cc0fcfa0cc0fcf947301c8b0d427050ff20dac9e07eb1c

Found 25 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2025-11-14 09:58

Severity: high
Fingerprint: 5f32cf5d6962f09c81c345f781c345f7610898f0570aa49d70ddb304a66059a0

Found 32 files trough .DS_Store spidering:

/.git
/.vscode
/app.js
/assets
/config
/controllers
/database
/expressCallback.js
/helpers
/index.js
/iplan_db_connect.session.sql
/MathUtils.java
/middleware
/node_modules
/npm-debug.log
/package-lock.json
/package.json
/public
/public/avatars
/public/blog-header
/public/blogs
/public/index.html
/public/landingpage
/public/socialIcons
/public/videos
/README.md
/repositories
/routes
/services
/Socket
/tests
/validation

Found on 2025-11-12 04:28

Create report

Open service 138.201.36.198:443 · test.malathapp.com

2026-01-09 11:10

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Jan 2026 11:10:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 330
Connection: close
Cache-Control: public, max-age=0
X-RateLimit-Limit: 200
X-RateLimit-Reset: 1767957116
X-RateLimit-Remaining: 198
Vary: Origin,Accept-Encoding
X-Powered-By: Express, Phusion Passenger(R) 6.1.0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Last-Modified: Wed, 12 Feb 2025 09:27:18 GMT
ETag: W/"14a-194f97bf7bc"
Status: 200 OK
X-Powered-By: PleskLin

Page title: Document

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <center>
      <h1>API IS RUNNING</h1>
    </center>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 138.201.36.198:443 · test.malathapp.com

2026-01-02 17:14

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jan 2026 17:14:48 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 330
Connection: close
Cache-Control: public, max-age=0
X-RateLimit-Limit: 200
X-RateLimit-Reset: 1767374148
X-RateLimit-Remaining: 198
Vary: Origin,Accept-Encoding
X-Powered-By: Express, Phusion Passenger(R) 6.1.0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Last-Modified: Wed, 12 Feb 2025 09:27:18 GMT
ETag: W/"14a-194f97bf7bc"
Status: 200 OK
X-Powered-By: PleskLin

Page title: Document

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <center>
      <h1>API IS RUNNING</h1>
    </center>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 138.201.36.198:443 · test.malathapp.com

2025-12-23 09:22

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 Dec 2025 09:22:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 330
Connection: close
Cache-Control: public, max-age=0
X-RateLimit-Limit: 200
X-RateLimit-Reset: 1766481797
X-RateLimit-Remaining: 198
Vary: Origin,Accept-Encoding
X-Powered-By: Express, Phusion Passenger(R) 6.1.0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Last-Modified: Wed, 12 Feb 2025 09:27:18 GMT
ETag: W/"14a-194f97bf7bc"
Status: 200 OK
X-Powered-By: PleskLin

Page title: Document

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <center>
      <h1>API IS RUNNING</h1>
    </center>
  </body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 138.201.36.198:443 · test.malathapp.com

2025-12-21 14:36

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 21 Dec 2025 14:36:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 330
Connection: close
Cache-Control: public, max-age=0
X-RateLimit-Limit: 200
X-RateLimit-Reset: 1766327852
X-RateLimit-Remaining: 198
Vary: Origin,Accept-Encoding
X-Powered-By: Express, Phusion Passenger(R) 6.1.0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Last-Modified: Wed, 12 Feb 2025 09:27:18 GMT
ETag: W/"14a-194f97bf7bc"
Status: 200 OK
X-Powered-By: PleskLin

Page title: Document

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <center>
      <h1>API IS RUNNING</h1>
    </center>
  </body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

Open service 138.201.36.198:80 · test.malathapp.com

2025-12-21 14:36

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 21 Dec 2025 14:36:29 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://test.malathapp.com/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

Open service 138.201.36.198:8443 · test.malathapp.com

2025-12-21 14:36

HTTP/1.1 303 See Other
Server: sw-cp-server
Date: Sun, 21 Dec 2025 14:36:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Fri, 28 May 1999 00:00:00 GMT
Last-Modified: Sun, 21 Dec 2025 14:36:29 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Location: https://test.malathapp.com/login.php
X-Content-Type-Options: nosniff

Found 2025-12-21 by HttpPlugin

Create report

Open service 138.201.36.198:443 · test.malathapp.com

2025-12-21 10:32

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 21 Dec 2025 10:32:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 330
Connection: close
Cache-Control: public, max-age=0
X-RateLimit-Limit: 200
X-RateLimit-Reset: 1766313234
X-RateLimit-Remaining: 198
Vary: Origin,Accept-Encoding
X-Powered-By: Express, Phusion Passenger(R) 6.1.0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Last-Modified: Wed, 12 Feb 2025 09:27:18 GMT
ETag: W/"14a-194f97bf7bc"
Status: 200 OK
X-Powered-By: PleskLin

Page title: Document

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <center>
      <h1>API IS RUNNING</h1>
    </center>
  </body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

*.test.malathapp.comtest.malathapp.com

Fingerprint:

2f8e60552dd16bde0f05e5c44e8b6911f6a71f2a9d09975f231b1f55e6c73d3c

CN:

test.malathapp.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-21 13:36

Not after:

2026-03-21 13:36

ecstatic-joliot.138-201-36-198.plesk.page

Fingerprint:

ad142b098d37df91e302e9ed5c062e9486c2680ca4eec82c0daf5c05b2147eff

CN:

ecstatic-joliot.138-201-36-198.plesk.page

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-21 13:36

Not after:

2026-02-19 13:36

*.test.malathapp.comtest.malathapp.com

Fingerprint:

8431724275d9aa8ea832f5cff45a1f40163c95408ce4cf0b39bab487fa1a6c2e

CN:

test.malathapp.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-10-22 11:36

Not after:

2026-01-20 11:36

Domain summary

test.malathapp.com 12

1 recorded

IP summary

138.201.36.198 2

1 recorded