LeakIX - Host trackcash.com.br

Domain trackcash.com.br

United States

NETWORK-SOLUTIONS-HOSTING

Software information

Apache Apache

tcp/443 tcp/80

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 13.224.189.103
Domain: trackcash.com.br
Port: 443
URL: https://trackcash.com.br

First seen 2023-02-27 20:22
Last seen 2025-01-14 06:46
Open for 686 days
- Severity: medium
  Fingerprint: 5f32cf5d6962f09cccd847a3ccd847a3297d16a4b070371450b7beb07b93b938
```
Found 43 files trough .DS_Store spidering:

/.git
/css
/img
/img/analysis.svg
/img/arrow-down.svg
/img/arrow-up.svg
/img/b2w.svg
/img/cassio.jpg
/img/catherine.jpg
/img/compare.svg
/img/connect.svg
/img/credit-card.svg
/img/e.png
/img/ewerton.jpg
/img/extra.svg
/img/flag.svg
/img/gabriel.jpg
/img/graphic.svg
/img/madeira-madeira.svg
/img/market.svg
/img/menu-mobile.svg
/img/mercado-livre.svg
/img/money.svg
/img/payments-cielo.svg
/img/payments-getnet.svg
/img/payments-pagarme.svg
/img/payments-stone.svg
/img/payments-wirecard.svg
/img/refund.svg
/img/regis.jpg
/img/revenue.svg
/img/share.svg
/img/star.svg
/img/submarino.svg
/img/tax.svg
/img/time.svg
/img/trackcash-full-color-3.svg
/img/Trackcash.svg
/img/user.svg
/index.html
/js
/sass
/videos
```
  Found on 2025-01-14 06:46
- Severity: low
  Fingerprint: 5f32cf5d6962f09c026392ab026392ab959c1a4cef1235ec1c9131186b47a934
```
Found 7 files trough .DS_Store spidering:

/.git
/css
/img
/index.html
/js
/sass
/videos
```
  Found on 2025-01-14 06:46
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 52.5.25.98
Domain: test.trackcash.com.br
Port: 443
URL: https://test.trackcash.com.br

First seen 2023-07-06 04:17

Severity: medium
Fingerprint: 5f32cf5d6962f09c74247ea574247ea5bd49adeaf32c4f873ac8abc83b4fc1f7

Found 56 files trough .DS_Store spidering:

/auth
/auth/css
/auth/img
/auth/js
/bootstrap
/bootstrap/dist
/bootstrap/fonts
/bootstrap/grunt
/bootstrap/js
/bootstrap/less
/build
/css
/css/colors
/css/icons
/customer.js
/Documentação - Planilha de Pedidos_v1_2.pdf
/emails
/emails/css
/emails/img
/favicon.ico
/front
/front/css
/front/fonts
/front/images
/front/js
/front/js/bootstrap.min.js
/front/js/easeljs-0.7.1.min.js
/front/js/jquery-1.11.2.min.js
/front/js/jquery.validate.min.js
/front/js/logo.js
/front/js/main.js
/front/js/movieclip-0.7.1.min.js
/front/js/npm.js
/front/js/slick.min.js
/front/js/tweenjs-0.5.1.min.js
/images
/images/card
/images/doc
/images/logo
/images/mkp
/index.php
/js
/landing
/painel
/Pedidos_TrackCash_CSV.csv
/Pedidos_TrackCash_XLSX.xlsx
/plugins
/robots.txt
/termos
/Trackcash_Lojas_insert.xlsx
/TrackCash_pedidos.xlsx
/TrackCash_produtos.csv
/TrackCash_produtos_marketplace.csv
/v1
/v3
/vendor

Found on 2023-07-06 04:17

Severity: medium
Fingerprint: 5f32cf5d6962f09ca629b8b1a629b8b1e75eb236e8cd247b73d9d164f2605207

Found 34 files trough .DS_Store spidering:

/auth
/auth/css
/auth/img
/auth/js
/bootstrap
/bootstrap/dist
/bootstrap/fonts
/bootstrap/grunt
/bootstrap/js
/bootstrap/less
/build
/css
/customer.js
/Documentação - Planilha de Pedidos_v1_2.pdf
/emails
/favicon.ico
/front
/images
/index.php
/js
/landing
/painel
/Pedidos_TrackCash_CSV.csv
/Pedidos_TrackCash_XLSX.xlsx
/plugins
/robots.txt
/termos
/Trackcash_Lojas_insert.xlsx
/TrackCash_pedidos.xlsx
/TrackCash_produtos.csv
/TrackCash_produtos_marketplace.csv
/v1
/v3
/vendor

Found on 2023-07-06 04:17

Severity: medium
Fingerprint: 5f32cf5d6962f09ca29b58f1a29b58f1b3b393f6af61c33b8c905b248938b7cd

Found 78 files trough .DS_Store spidering:

/auth
/auth/css
/auth/img
/auth/js
/bootstrap
/bootstrap/dist
/bootstrap/fonts
/bootstrap/grunt
/bootstrap/js
/bootstrap/less
/build
/css
/css/colors
/css/icons
/customer.js
/Documentação - Planilha de Pedidos_v1_2.pdf
/emails
/emails/css
/emails/img
/favicon.ico
/front
/front/css
/front/fonts
/front/images
/front/js
/front/js/bootstrap.min.js
/front/js/easeljs-0.7.1.min.js
/front/js/jquery-1.11.2.min.js
/front/js/jquery.validate.min.js
/front/js/logo.js
/front/js/main.js
/front/js/movieclip-0.7.1.min.js
/front/js/npm.js
/front/js/slick.min.js
/front/js/tweenjs-0.5.1.min.js
/images
/images/card
/images/doc
/images/logo
/images/mkp
/index.php
/js
/landing
/landing/css
/landing/gif
/landing/img
/landing/js
/landing/scss
/landing/site
/landing/vendor
/painel
/painel/bootstrap
/painel/chart.js
/painel/css
/painel/dist
/painel/fastclick
/painel/font-awesome
/painel/introjs
/painel/Ionicons
/painel/jquery
/painel/jquery-slimscroll
/painel/jquery-sparkline
/painel/js
/painel/jvectormap
/painel/less
/painel/plugins
/Pedidos_TrackCash_CSV.csv
/Pedidos_TrackCash_XLSX.xlsx
/plugins
/robots.txt
/termos
/Trackcash_Lojas_insert.xlsx
/TrackCash_pedidos.xlsx
/TrackCash_produtos.csv
/TrackCash_produtos_marketplace.csv
/v1
/v3
/vendor

Found on 2023-07-06 04:17

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 13.224.189.98
Domain: www.trackcash.com.br
Port: 443
URL: https://www.trackcash.com.br

First seen 2023-02-28 05:05
Last seen 2025-01-14 06:46
Open for 686 days
- Severity: medium
  Fingerprint: 5f32cf5d6962f09cccd847a3ccd847a3297d16a4b070371450b7beb07b93b938
```
Found 43 files trough .DS_Store spidering:

/.git
/css
/img
/img/analysis.svg
/img/arrow-down.svg
/img/arrow-up.svg
/img/b2w.svg
/img/cassio.jpg
/img/catherine.jpg
/img/compare.svg
/img/connect.svg
/img/credit-card.svg
/img/e.png
/img/ewerton.jpg
/img/extra.svg
/img/flag.svg
/img/gabriel.jpg
/img/graphic.svg
/img/madeira-madeira.svg
/img/market.svg
/img/menu-mobile.svg
/img/mercado-livre.svg
/img/money.svg
/img/payments-cielo.svg
/img/payments-getnet.svg
/img/payments-pagarme.svg
/img/payments-stone.svg
/img/payments-wirecard.svg
/img/refund.svg
/img/regis.jpg
/img/revenue.svg
/img/share.svg
/img/star.svg
/img/submarino.svg
/img/tax.svg
/img/time.svg
/img/trackcash-full-color-3.svg
/img/Trackcash.svg
/img/user.svg
/index.html
/js
/sass
/videos
```
  Found on 2025-01-14 06:46
- Severity: low
  Fingerprint: 5f32cf5d6962f09c026392ab026392ab959c1a4cef1235ec1c9131186b47a934
```
Found 7 files trough .DS_Store spidering:

/.git
/css
/img
/index.html
/js
/sass
/videos
```
  Found on 2023-02-28 05:05
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 13.224.189.37
Domain: www.trackcash.com.br
Port: 443
URL: https://www.trackcash.com.br

First seen 2023-02-28 05:05
Last seen 2025-01-14 06:46
Open for 686 days
- Severity: critical
  Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81fb6f5c81
```
[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:gvZ4v1G6kZ2tUPEYEHQ3@gitlab.com/trackcash/site.git
	fetch = +refs/heads/*:refs/remotes/origin/*
```
  Found on 2025-01-14 06:46
  
  301 Bytes
Create report
Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

Additionally the GIT credentials are present and could give unauthorized access to source code repository of private projects.

IP: 13.224.189.19
Domain: trackcash.com.br
Port: 443
URL: https://trackcash.com.br

First seen 2023-02-27 20:22
Last seen 2025-01-14 06:46
Open for 686 days
- Severity: critical
  Fingerprint: 2580fa947178c88c8f88f4f64b143e4f192660cba91884022e566c81fb6f5c81
```
[init]
	defaultBranch = none
[fetch]
	recurseSubmodules = false
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://gitlab-ci-token:gvZ4v1G6kZ2tUPEYEHQ3@gitlab.com/trackcash/site.git
	fetch = +refs/heads/*:refs/remotes/origin/*
```
  Found on 2025-01-14 06:46
  
  301 Bytes
Create report

Open service 162.241.61.99:80 · blog.trackcash.com.br

2026-02-09 10:20

HTTP/1.1 200 OK
Date: Mon, 09 Feb 2026 10:21:06 GMT
Server: Apache
Link: <http://blog.trackcash.com.br/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Found 2026-02-09 by HttpPlugin

Create report

Open service 162.241.61.99:80 · blog.trackcash.com.br

2026-01-23 06:36

HTTP/1.1 200 OK
Date: Fri, 23 Jan 2026 06:36:28 GMT
Server: Apache
Link: <http://blog.trackcash.com.br/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Found 2026-01-23 by HttpPlugin

Create report

Open service 162.241.61.99:443 · blog.trackcash.com.br

2026-01-23 06:36

HTTP/1.1 200 OK
Date: Fri, 23 Jan 2026 06:36:18 GMT
Server: Apache
Link: <https://blog.trackcash.com.br/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Found 2026-01-23 by HttpPlugin

Create report

Open service 162.241.61.99:80 · developer.trackcash.com.br

2026-01-11 17:32

HTTP/1.1 200 OK
Date: Sun, 11 Jan 2026 17:32:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Found 2026-01-11 by HttpPlugin

Create report

Open service 162.241.61.99:80 · www.developer.trackcash.com.br

2026-01-11 17:32

HTTP/1.1 200 OK
Date: Sun, 11 Jan 2026 17:32:44 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Found 2026-01-11 by HttpPlugin

Create report

Open service 162.241.61.99:443 · developer.trackcash.com.br

2026-01-11 17:32

HTTP/1.1 200 OK
Date: Sun, 11 Jan 2026 17:32:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Found 2026-01-11 by HttpPlugin

Create report

Open service 162.241.61.99:443 · www.developer.trackcash.com.br

2026-01-11 17:32

HTTP/1.1 200 OK
Date: Sun, 11 Jan 2026 17:32:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

Found 2026-01-11 by HttpPlugin

Create report

blog.trackcash.com.br

Fingerprint:

47782e2d6b09fc46442e4b4d6732a21aa4d78cbd849d6e767f017296355fe268

CN:

blog.trackcash.com.br

Key:

RSA-2048

Issuer:

R12

Not before:

2026-01-03 16:30

Not after:

2026-04-03 16:30

developer.trackcash.com.brwww.developer.trackcash.com.br

Fingerprint:

1c1c170390a1256be036917c1bbc53c043a67508e96dc028b20133f356507c38

CN:

developer.trackcash.com.br

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-11 16:31

Not after:

2026-02-09 16:31

Domain summary

trackcash.com.br 3 test.trackcash.com.br 3 www.trackcash.com.br 3 blog.trackcash.com.br 2 developer.trackcash.com.br 1 www.developer.trackcash.com.br 1

6 recorded

IP summary

162.241.61.99 6 13.224.189.103 2 13.224.189.19 1 52.5.25.98 1 3.217.134.92 1 52.206.88.248 1 13.224.189.98 1 13.224.189.37 1

8 recorded

Domain trackcash.com.br

United States

Software information

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Git configuration and history exposed

Git configuration and history exposed

Create report

Create report

Create report

Create report

Create report

Create report

Create report

blog.trackcash.com.br

developer.trackcash.com.brwww.developer.trackcash.com.br

Domain summary

IP summary