Host 47.76.85.245
Hong Kong
Software information
Caddy
tcp/80
Python 3.9.2
tcp/443
Rocket
tcp/443
Werkzeug 3.0.3
tcp/443
-
Git configuration and history exposed
The following URL (usually
/.git/config) is publicly accessible and is leaking source code and repository configuration.First seen 2025-04-29 05:02
Last seen 2025-09-18 22:49
Open for 142 days-
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652228df335e[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://github.com/pdmaker/watermark-master fetch = +refs/heads/*:refs/remotes/origin/* [branch "main"] remote = origin merge = refs/heads/main
Found on 2025-09-18 22:49264 Bytes
-
-
MacOS file listing through .DS_Store file
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
First seen 2025-04-29 05:02
Last seen 2025-09-18 22:49
Open for 142 days-
Severity: medium
Fingerprint: 5f32cf5d6962f09cfb7dc6fdfb7dc6fdf471543684a7700578bd146a38fc3bd5Found 74 files trough .DS_Store spidering: /.git /blog /blog/en /blog/images /blog/zh /images /legal /legal/en /legal/zh /node_modules /node_modules/.bin /node_modules/accepts /node_modules/array-flatten /node_modules/body-parser /node_modules/bytes /node_modules/call-bind /node_modules/content-disposition /node_modules/content-type /node_modules/cookie /node_modules/cookie-signature /node_modules/debug /node_modules/define-data-property /node_modules/depd /node_modules/destroy /node_modules/ee-first /node_modules/encodeurl /node_modules/es-define-property /node_modules/es-errors /node_modules/escape-html /node_modules/etag /node_modules/express /node_modules/finalhandler /node_modules/forwarded /node_modules/fresh /node_modules/function-bind /node_modules/get-intrinsic /node_modules/gopd /node_modules/has-property-descriptors /node_modules/has-proto /node_modules/has-symbols /node_modules/hasown /node_modules/http-errors /node_modules/iconv-lite /node_modules/inherits /node_modules/ipaddr.js /node_modules/media-typer /node_modules/merge-descriptors /node_modules/methods /node_modules/mime /node_modules/mime-db /node_modules/mime-types /node_modules/ms /node_modules/negotiator /node_modules/object-inspect /node_modules/on-finished /node_modules/parseurl /node_modules/path-to-regexp /node_modules/proxy-addr /node_modules/qs /node_modules/range-parser /node_modules/raw-body /node_modules/safe-buffer /node_modules/safer-buffer /node_modules/send /node_modules/serve-static /node_modules/set-function-length /node_modules/setprototypeof /node_modules/side-channel /node_modules/statuses /node_modules/toidentifier /node_modules/type-is /node_modules/unpipe /node_modules/utils-merge /node_modules/vary
Found on 2025-09-18 22:49 -
Severity: medium
Fingerprint: 5f32cf5d6962f09ca728a86fa728a86fd87148682a4272bb6301cb407f35b668Found 76 files trough .DS_Store spidering: /.git /blog /blog/en /blog/images /blog/zh /images /legal /legal/en /legal/zh /node_modules /node_modules/.bin /node_modules/accepts /node_modules/array-flatten /node_modules/body-parser /node_modules/bytes /node_modules/call-bind /node_modules/content-disposition /node_modules/content-type /node_modules/cookie /node_modules/cookie-signature /node_modules/debug /node_modules/define-data-property /node_modules/depd /node_modules/destroy /node_modules/ee-first /node_modules/encodeurl /node_modules/es-define-property /node_modules/es-errors /node_modules/escape-html /node_modules/etag /node_modules/express /node_modules/finalhandler /node_modules/forwarded /node_modules/fresh /node_modules/function-bind /node_modules/get-intrinsic /node_modules/gopd /node_modules/has-property-descriptors /node_modules/has-proto /node_modules/has-proto/.github /node_modules/has-proto/test /node_modules/has-symbols /node_modules/hasown /node_modules/http-errors /node_modules/iconv-lite /node_modules/inherits /node_modules/ipaddr.js /node_modules/media-typer /node_modules/merge-descriptors /node_modules/methods /node_modules/mime /node_modules/mime-db /node_modules/mime-types /node_modules/ms /node_modules/negotiator /node_modules/object-inspect /node_modules/on-finished /node_modules/parseurl /node_modules/path-to-regexp /node_modules/proxy-addr /node_modules/qs /node_modules/range-parser /node_modules/raw-body /node_modules/safe-buffer /node_modules/safer-buffer /node_modules/send /node_modules/serve-static /node_modules/set-function-length /node_modules/setprototypeof /node_modules/side-channel /node_modules/statuses /node_modules/toidentifier /node_modules/type-is /node_modules/unpipe /node_modules/utils-merge /node_modules/vary
Found on 2025-08-07 13:57 -
Severity: low
Fingerprint: 5f32cf5d6962f09c8329733f8329733fdb29423894480eab2e376c70cebce921Found 10 files trough .DS_Store spidering: /.git /blog /blog/en /blog/images /blog/zh /images /legal /legal/en /legal/zh /node_modules
Found on 2025-07-01 00:06
-
-
Open service 47.76.85.245:443 · huabei.mmmm.tech
2026-01-02 15:27
HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Content-Length: 6424 Content-Type: text/html; charset=utf-8 Date: Fri, 02 Jan 2026 15:27:22 GMT Server: Caddy Server: Werkzeug/3.0.3 Python/3.9.2 Connection: close Page title: 图片获取器 <!DOCTYPE html> <html lang="zh-CN"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>图片获取器</title> <style> body { font-family: Arial, sans-serif; max-width: 800px; margin: 0 auto; padding: 20px; background-color: #f5f5f5; } .container { background-color: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } .input-group { margin-bottom: 20px; } input[type="text"] { width: 100%; padding: 10px; border: 1px solid #ddd; border-radius: 4px; box-sizing: border-box; margin-bottom: 10px; } button { background-color: #4CAF50; color: white; padding: 10px 20px; border: none; border-radius: 4px; cursor: pointer; width: 100%; } button:hover { background-color: #45a049; } .image-container { margin-top: 20px; } .image-item { margin-bottom: 20px; padding: 10px; border: 1px solid #ddd; border-radius: 4px; } .image-item img { max-width: 100%; height: auto; } .download-btn { background-color: #008CBA; margin-top: 10px; } .error { color: red; margin-top: 10px; } @media (max-width: 600px) { body { padding: 10px; } } .button-group { display: flex; flex-direction: column; gap: 10px; margin-bottom: 10px; } .main-button { width: 100%; background-color: #4CAF50; color: white; padding: 12px; border: none; border-radius: 4px; cursor: pointer; font-size: 16px; font-weight: bold; } .main-button:hover { background-color: #45a049; } .utility-buttons { display: flex; gap: 10px; } .clear-btn { flex: 1; background-color: #ff4444; color: white; padding: 8px; border: none; border-radius: 4px; cursor: pointer; } .clear-btn:hover { background-color: #cc0000; } .paste-btn { flex: 1; background-color: #0099cc; color: white; padding: 8px; border: none; border-radius: 4px; cursor: pointer; } .paste-btn:hover { background-color: #006699; } </style> </head> <body> <div class="container"> <h1>图片获取器</h1> <div class="input-group"> <input type="text" id="urlInput" placeholder="请输入完整URL或UUID"> <div class="button-group"> <button class="main-button" onclick="getImages()">获取图片</button> <div class="utility-buttons"> <button class="clear-btn" onclick="clearInput()">清空输入</button> <button class="paste-btn" onclick="pasteFromClipboard()">从剪贴板粘贴</button> </div> </div> </div> <div id="error" class="error"></div> <div id="imageContainer" class="image-container"></div> </div> <script> function getImages() { const urlInput = document.getElementById('urlInput').value; const errorDiv = document.getElementById('error'); const imageContainer = document.getElementById('imageContainer'); errorDiv.textContent = '';Found 2026-01-02 by HttpPluginCreate report
-
Open service 47.76.85.245:443 · secret.roccoshi.top
2025-12-31 13:28
HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: public, max-age=600 Content-Length: 1347 Content-Security-Policy: default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ; Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: same-origin Date: Wed, 31 Dec 2025 13:28:26 GMT Expires: Wed, 31 Dec 2025 13:38:27 GMT Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=() Referrer-Policy: same-origin Server: Caddy Server: Rocket X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Robots-Tag: noindex, nofollow X-Xss-Protection: 0 Connection: close Page title: Vaultwarden Web <!doctype html><html class="theme_light"><head><meta charset="utf-8"/><meta name="viewport" content="width=1010"/><meta name="theme-color" content="#175DDC"/><title page-title>Vaultwarden Web</title><link rel="apple-touch-icon" sizes="180x180" href="images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="images/favicon-16x16.png"/><link rel="mask-icon" href="images/safari-pinned-tab.svg" color="#175DDC"/><link rel="manifest" href="cca56971e438d22818d6.json"/><script defer="defer" src="theme_head.4cb181fc19f2a308ba73.js"></script><link href="styles.21d804f738b1b7df84a2.css" rel="stylesheet"></head><body class="layout_frontend"><link rel="stylesheet" href="css/vaultwarden.css"/><app-root><div class="tw-p-8 tw-flex"><img class="new-logo-themed" alt="Vaultwarden"/><div class="spinner-container tw-justify-center"><i class="bwi bwi-spinner bwi-spin bwi-3x tw-text-muted" title="Loading" aria-hidden="true"></i></div></div></app-root><script defer="defer" src="app/polyfills.46638eb63c4af620055f.js"></script><script defer="defer" src="app/vendor.ae5e09e48144faa504d3.js"></script><script defer="defer" src="app/main.e6cdea516f91ca208db2.js"></script><script defer="defer" src="styles.31d6cfe0d16ae931b73c.js"></script></body></html>
Found 2025-12-31 by HttpPluginCreate report
-
Open service 47.76.85.245:80 · secret.roccoshi.top
2025-12-31 13:28
HTTP/1.1 308 Permanent Redirect Connection: close Location: https://secret.roccoshi.top/ Server: Caddy Date: Wed, 31 Dec 2025 13:28:27 GMT Content-Length: 0
Found 2025-12-31 by HttpPluginCreate report