LeakIX - Host 16.24.69.129

Host 16.24.69.129

Bahrain

AMAZON-02

Software information

nginx nginx

tcp/443 tcp/80

SSH is potenitally vulnerable

WARNING: This plugin will generate false positive and is purely informative:

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)

IP: 16.24.69.129
Port: 22

First seen 2025-12-07 04:40
Last seen 2026-02-08 14:29
Open for 63 days
- Severity: info
  Fingerprint: 3f43e0ebb5dce37ab8b59eb581e37d9a6fcdf7e36fcdf7e36fcdf7e36fcdf7e3
```
Found potentially vulnerable SSH version:
SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.11
WARNING, RISK IS ESTIMATED FALSE POSITIVE ARE LIKELY
```
  Found on 2026-02-08 14:29
Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 16.24.69.129
Domain: stg.hdtc-on.com
Port: 443
URL: https://stg.hdtc-on.com

First seen 2025-09-13 15:08
Last seen 2026-02-01 22:33
Open for 141 days

Severity: medium
Fingerprint: 5f32cf5d6962f09c680cb8ce680cb8ce0a90ccdf2744bf21a285d877bb423d9e

Found 59 files trough .DS_Store spidering:

/.htaccess
/assets
/assets/admin
/assets/admin/css
/assets/admin/fonts
/assets/admin/img
/assets/admin/js
/assets/admin/vendor
/assets/default
/assets/default/agora
/assets/default/css
/assets/default/fonts
/assets/default/img
/assets/default/img/activity
/assets/default/img/ai
/assets/default/img/auth
/assets/default/img/become-instructor
/assets/default/img/check.png
/assets/default/img/chevron-down.svg
/assets/default/img/chevron-up.svg
/assets/default/img/course
/assets/default/img/footer
/assets/default/img/forms
/assets/default/img/forum
/assets/default/img/gift
/assets/default/img/home
/assets/default/img/icons
/assets/default/img/info.png
/assets/default/img/installment
/assets/default/img/learning
/assets/default/img/lic.svg
/assets/default/img/loading.gif
/assets/default/img/location.png
/assets/default/img/meeting
/assets/default/img/mobile-app
/assets/default/img/no-results
/assets/default/img/plugin.svg
/assets/default/img/profile
/assets/default/img/radial-image.png
/assets/default/img/rewards
/assets/default/img/social
/assets/default/img/stats
/assets/default/img/support.png
/assets/default/img/topics
/assets/default/img/upcoming
/assets/default/js
/assets/default/learning_page
/assets/default/vendors
/assets/learning_page
/assets/vendors
/check.php
/error_log
/index.php
/mix-manifest.json
/robots.txt
/store
/vendor
/ViewerJS
/web.config

Found on 2026-02-01 22:33

Severity: low
Fingerprint: 5f32cf5d6962f09c684e525d684e525dd2dfbd6864318638956c240c47c84d6f

Found 27 files trough .DS_Store spidering:

/.htaccess
/assets
/assets/admin
/assets/admin/css
/assets/admin/fonts
/assets/admin/img
/assets/admin/js
/assets/admin/vendor
/assets/default
/assets/default/agora
/assets/default/css
/assets/default/fonts
/assets/default/img
/assets/default/js
/assets/default/learning_page
/assets/default/vendors
/assets/learning_page
/assets/vendors
/check.php
/error_log
/index.php
/mix-manifest.json
/robots.txt
/store
/vendor
/ViewerJS
/web.config

Found on 2025-11-30 13:05

Severity: low
Fingerprint: 5f32cf5d6962f09c3838040e3838040e74bf0d1fc1c8f7e1015796375e5a57dd

Found 20 files trough .DS_Store spidering:

/.htaccess
/assets
/assets/admin
/assets/admin/css
/assets/admin/fonts
/assets/admin/img
/assets/admin/js
/assets/admin/vendor
/assets/default
/assets/learning_page
/assets/vendors
/check.php
/error_log
/index.php
/mix-manifest.json
/robots.txt
/store
/vendor
/ViewerJS
/web.config

Found on 2025-11-26 10:58

Create report

Open service 16.24.69.129:443 · stg.hdtc-on.com

2026-01-23 08:59

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Fri, 23 Jan 2026 08:59:45 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IisxdFFmWmpaREVmbjRQYjdGYmhFUnc9PSIsInZhbHVlIjoiaXg0aHFKUmk3QXdETWQ2eUZBUFJnNHhmVldMVWM1WWpVRjlaektaaFVwanlnbEVpUktBRHpNSkhEN3VPNnBGY2l5YS9iMFpRMzR4NWhYRlZWQ2dpcHNodzFiNWdpVVZZTU9lMW1kMUxoclJKMnZyMUlZb3p0NnNhejVTT2FEeHYiLCJtYWMiOiJiZjI2ZTM4N2E3N2FmZDVlZDgxZDY4MmY3Y2VkYWU1NTFmZGU3MzE5NDE5Y2UyNzM4NWM2NWRkYmM3MDM5ODEwIiwidGFnIjoiIn0%3D; expires=Sat, 24 Jan 2026 01:39:45 GMT; Max-Age=60000; path=/; secure; samesite=lax
Set-Cookie: hdtc_on_session=eyJpdiI6IkptbkhuL1RDaXljaExsSWVWd2VmcXc9PSIsInZhbHVlIjoiSENlakI2bWJhU0Rsc0RQOWcvK2FsbEJWQktRQ3o5WmtwcGh0NUJ3ZW1DSVd1WkVaN3RRNUVjS3dNeDJDb3ZVM0NsMnlFRGoyK01nQUxDSkpOTjBJcHRLVTFIbVE1VHFoZ2xubFM5QW9ZaU5kZTdNZTJBR1AvYmhkUDN0S3YrcnAiLCJtYWMiOiIwYjRiYmRmNjMxYTE4YWEwY2FjZmMzYmNkNjgyY2JjNDMzNjY3NmYwYzIwNGMzY2UzNWZmZmVjNzJkZjgyNTIxIiwidGFnIjoiIn0%3D; expires=Sat, 24 Jan 2026 01:39:45 GMT; Max-Age=60000; path=/; secure; httponly; samesite=lax
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Found 2026-01-23 by HttpPlugin

Create report

Open service 16.24.69.129:443 · stg.hdtc-on.com

2026-01-11 20:41

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 11 Jan 2026 20:41:50 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImR6US8xbFNhSEsxcTJoczhFeDZXQWc9PSIsInZhbHVlIjoic1VjNXpaNHhjQWhueDJqUU8rQ0Eyejc3WFoxdHBLbDVYUzFNY0x0cTZSSE1odmFHbDJOM3Boc2RYbzgvWURsbDdNaWROWklNOXE1bjdieVBVcUN5azRudm90eDVPczFudER4WFJwSlo4QVd5d1JQR3p1MkVSODVueFBFdEVBamciLCJtYWMiOiJiYmM5YmU3OGI1NzVkYmExNjhmMTQ4YzZiYTQ4OTk1Yzg2MzI0M2JiMDBhMDgzNjFhZmY4Y2ZhYjBiZTdhMDQ1IiwidGFnIjoiIn0%3D; expires=Mon, 12 Jan 2026 13:21:51 GMT; Max-Age=60000; path=/; secure; samesite=lax
Set-Cookie: hdtc_on_session=eyJpdiI6InV6OU1aMXhESlJUWmlwU1hIWmQ5MXc9PSIsInZhbHVlIjoiVHFuQjZpQ1pwVGhZTjk0TDk0UVJCN3NsNTBQK1ZRUDFGeWx5T3NXVllDd2swS3BUMDFKNGpOclFTQkRZeE80eVdjczd5VW9qY21aaUZrbnpUM3VOQ2F6d1RBelh3ZmJ4VmIvMUZlWmdmaE50eDhPMCtHUkRtaXd3bE83YUl6L2ciLCJtYWMiOiJkNjEyZmY2M2I0NDY2Yjc5NTFmYWRhOWRhZDgzNWMxMGE4Y2ViNzdkMzU0YmNhNjkxM2FjM2RiYjI1OThiZDI0IiwidGFnIjoiIn0%3D; expires=Mon, 12 Jan 2026 13:21:51 GMT; Max-Age=60000; path=/; secure; httponly; samesite=lax
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Found 2026-01-11 by HttpPlugin

Create report

Open service 16.24.69.129:80 · stg.hdtc-on.com

2026-01-11 20:41

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 11 Jan 2026 20:41:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://stg.hdtc-on.com/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-11 by HttpPlugin

Create report

stg.hdtc-on.com

Fingerprint:

8fc1b0e3bb151c3daee9da9867ab3fa37a8db45cc7c7813002bc33771b31da51

CN:

stg.hdtc-on.com

Key:

ECDSA-256

Issuer:

Not before:

2026-01-11 19:43

Not after:

2026-04-11 19:43

Domain summary

stg.hdtc-on.com 5

1 recorded

Host 16.24.69.129

Bahrain

Software information

SSH is potenitally vulnerable

MacOS file listing through .DS_Store file

Create report

Create report

Create report

stg.hdtc-on.com

Domain summary