LeakIX - Host api.jabu-app.com

Domain api.jabu-app.com

France

OVH SAS

Software information

OVHcloud

tcp/443

Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: preprod.api.jabu-app.com
Port: 443
URL: https://preprod.api.jabu-app.com/_profiler/empty/search/results

First seen 2025-09-03 09:04
Last seen 2026-02-02 03:02
Open for 151 days
- Fingerprint: 407cf4363b0e62fafca67e07c9284ba2c9284ba2c9284ba2c9284ba2c9284ba2
```
Symfony profiler enabled:
https://preprod.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-02 03:02
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 46.105.204.30
Domain: www.api.jabu-app.com
Port: 80
URL: http://www.api.jabu-app.com

First seen 2023-07-27 11:25
- Severity: low
  Fingerprint: 5f32cf5d6962f09c87f05b7087f05b7078e208f8425d6f9bd7b60fe9566a355d
```
Found 26 files trough .DS_Store spidering:

/.env
/.env.local
/.env.test
/.git
/.gitignore
/.php-cs-fixer.dist.php
/bin
/composer.json
/composer.lock
/config
/docker
/docker-compose.yml
/Dockerfile
/docs
/Makefile
/migrations
/phpunit.xml.dist
/public
/README.md
/src
/symfony.lock
/templates
/tests
/translations
/var
/vendor
```
  Found on 2023-07-27 11:25
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 46.105.204.30
Domain: api.jabu-app.com
Port: 443
URL: https://api.jabu-app.com

First seen 2023-07-27 11:25
- Severity: low
  Fingerprint: 5f32cf5d6962f09c87f05b7087f05b7078e208f8425d6f9bd7b60fe9566a355d
```
Found 26 files trough .DS_Store spidering:

/.env
/.env.local
/.env.test
/.git
/.gitignore
/.php-cs-fixer.dist.php
/bin
/composer.json
/composer.lock
/config
/docker
/docker-compose.yml
/Dockerfile
/docs
/Makefile
/migrations
/phpunit.xml.dist
/public
/README.md
/src
/symfony.lock
/templates
/tests
/translations
/var
/vendor
```
  Found on 2023-07-27 11:25
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: preprod.api.jabu-app.com
Port: 80
URL: http://preprod.api.jabu-app.com/_profiler/empty/search/results

First seen 2026-01-15 03:52
Last seen 2026-02-09 14:59
Open for 25 days
- Fingerprint: 407cf4363b0e62fafca67e07e60cbcc3e60cbcc3e60cbcc3e60cbcc3e60cbcc3
```
Symfony profiler enabled:
http://preprod.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-09 14:59
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: www.preprod.api.jabu-app.com
Port: 443
URL: https://www.preprod.api.jabu-app.com/_profiler/empty/search/results

First seen 2025-09-03 09:04
Last seen 2026-01-16 17:28
Open for 135 days
- Fingerprint: 407cf4363b0e62fafca67e077e0cc2b17e0cc2b17e0cc2b17e0cc2b17e0cc2b1
```
Symfony profiler enabled:
https://www.preprod.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-01-16 17:28
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: www.api.jabu-app.com
Port: 443
URL: https://www.api.jabu-app.com/_profiler/empty/search/results

First seen 2023-10-15 16:37
Last seen 2026-01-16 17:28
Open for 824 days
- Fingerprint: 407cf4363b0e62fafca67e078d088acb8d088acb8d088acb8d088acb8d088acb
```
Symfony profiler enabled:
https://www.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-01-16 17:28
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 46.105.204.30
Domain: www.api.jabu-app.com
Port: 443
URL: https://www.api.jabu-app.com

First seen 2023-07-27 11:25
- Severity: low
  Fingerprint: 5f32cf5d6962f09c87f05b7087f05b7078e208f8425d6f9bd7b60fe9566a355d
```
Found 26 files trough .DS_Store spidering:

/.env
/.env.local
/.env.test
/.git
/.gitignore
/.php-cs-fixer.dist.php
/bin
/composer.json
/composer.lock
/config
/docker
/docker-compose.yml
/Dockerfile
/docs
/Makefile
/migrations
/phpunit.xml.dist
/public
/README.md
/src
/symfony.lock
/templates
/tests
/translations
/var
/vendor
```
  Found on 2023-07-27 11:25
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: api.jabu-app.com
Port: 80
URL: http://api.jabu-app.com/_profiler/empty/search/results

First seen 2023-10-15 16:37
Last seen 2026-02-09 04:03
Open for 847 days
- Fingerprint: 407cf4363b0e62fafca67e0763a2b40563a2b40563a2b40563a2b40563a2b405
```
Symfony profiler enabled:
http://api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-09 04:03
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: staging.api.jabu-app.com
Port: 443
URL: https://staging.api.jabu-app.com/_profiler/empty/search/results

First seen 2026-01-15 03:52
Last seen 2026-02-02 12:57
Open for 18 days
- Fingerprint: 407cf4363b0e62fafca67e07e3dd32e9e3dd32e9e3dd32e9e3dd32e9e3dd32e9
```
Symfony profiler enabled:
https://staging.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-02 12:57
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 46.105.204.30
Domain: api.jabu-app.com
Port: 80
URL: http://api.jabu-app.com

First seen 2023-07-27 11:25
- Severity: low
  Fingerprint: 5f32cf5d6962f09c87f05b7087f05b7078e208f8425d6f9bd7b60fe9566a355d
```
Found 26 files trough .DS_Store spidering:

/.env
/.env.local
/.env.test
/.git
/.gitignore
/.php-cs-fixer.dist.php
/bin
/composer.json
/composer.lock
/config
/docker
/docker-compose.yml
/Dockerfile
/docs
/Makefile
/migrations
/phpunit.xml.dist
/public
/README.md
/src
/symfony.lock
/templates
/tests
/translations
/var
/vendor
```
  Found on 2023-07-27 11:25
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: staging.api.jabu-app.com
Port: 80
URL: http://staging.api.jabu-app.com/_profiler/empty/search/results

First seen 2026-01-15 03:52
Last seen 2026-02-09 09:49
Open for 25 days
- Fingerprint: 407cf4363b0e62fafca67e078c92e4488c92e4488c92e4488c92e4488c92e448
```
Symfony profiler enabled:
http://staging.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-09 09:49
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2001:41d0:301::30
Domain: www.staging.api.jabu-app.com
Port: 443
URL: https://www.staging.api.jabu-app.com/_profiler/empty/search/results

First seen 2025-11-04 04:04
Last seen 2026-02-01 23:52
Open for 89 days
- Fingerprint: 407cf4363b0e62fafca67e077fc05caa7fc05caa7fc05caa7fc05caa7fc05caa
```
Symfony profiler enabled:
https://www.staging.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-02-01 23:52
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 145.239.37.162
Domain: api.jabu-app.com
Port: 443
URL: https://api.jabu-app.com/_profiler/empty/search/results

First seen 2023-10-15 16:37
Last seen 2026-01-15 03:53
Open for 822 days
- Fingerprint: 407cf4363b0e62fafca67e07ebadbf94ebadbf94ebadbf94ebadbf94ebadbf94
```
Symfony profiler enabled:
https://api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-01-15 03:53
Create report
Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 145.239.37.162
Domain: www.api.jabu-app.com
Port: 80
URL: http://www.api.jabu-app.com/_profiler/empty/search/results

First seen 2023-10-15 16:37
Last seen 2026-01-08 19:12
Open for 816 days
- Fingerprint: 407cf4363b0e62fafca67e07fc6185c6fc6185c6fc6185c6fc6185c6fc6185c6
```
Symfony profiler enabled:
http://www.api.jabu-app.com/_profiler/empty/search/results
```
  Found on 2026-01-08 19:12
Create report

Open service 2001:41d0:301::30:443 · www.staging.api.jabu-app.com

2026-01-22 22:00

HTTP/1.1 404 Not Found
Date: Thu, 22 Jan 2026 22:00:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Server: OVHcloud
X-Powered-By: PHP/8.2
Cache-Control: no-cache, private
X-API-Version: 2.1.0
X-Debug-Token: 8f4179
X-Debug-Token-Link: https://www.staging.api.jabu-app.com/_profiler/8f4179
X-Robots-Tag: noindex

Found 2026-01-22 by HttpPlugin

Create report

Open service 2001:41d0:301::30:443 · staging.api.jabu-app.com

2026-01-22 19:29

HTTP/1.1 404 Not Found
Date: Thu, 22 Jan 2026 19:29:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Server: OVHcloud
X-Powered-By: PHP/8.2
Cache-Control: no-cache, private
X-API-Version: 2.1.0
X-Debug-Token: e59538
X-Debug-Token-Link: https://staging.api.jabu-app.com/_profiler/e59538
X-Robots-Tag: noindex

Found 2026-01-22 by HttpPlugin

Create report

Open service 2001:41d0:301::30:443 · preprod.api.jabu-app.com

2026-01-22 11:51

HTTP/1.1 404 Not Found
Date: Thu, 22 Jan 2026 11:51:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Server: OVHcloud
X-Powered-By: PHP/8.2
Cache-Control: no-cache, private
X-API-Version: 2.1.0
X-Debug-Token: f35052
X-Debug-Token-Link: https://preprod.api.jabu-app.com/_profiler/f35052
X-Robots-Tag: noindex

Found 2026-01-22 by HttpPlugin

Create report

www.staging.api.jabu-app.com

Fingerprint:

3fb015ce7e791f2548c823a6226bfd24643de799110d9b9992d20010785c9b3d

CN:

www.staging.api.jabu-app.com

Key:

ECDSA-256

Issuer:

Not before:

2026-01-15 02:52

Not after:

2026-04-15 02:52

staging.api.jabu-app.com

Fingerprint:

4a712aa89a656b2ede48d8161e45f93ccb4a015f628a47a2e500bd76b986100d

CN:

staging.api.jabu-app.com

Key:

ECDSA-256

Issuer:

Not before:

2026-01-15 02:52

Not after:

2026-04-15 02:52

preprod.api.jabu-app.com

Fingerprint:

429d15aa9a50d20459b6a6f6a7d2a65d611acf3350c84dfd41a59dee016718dd

CN:

preprod.api.jabu-app.com

Key:

ECDSA-256

Issuer:

Not before:

2026-01-15 02:53

Not after:

2026-04-15 02:53

Domain summary

www.api.jabu-app.com 4 api.jabu-app.com 4 staging.api.jabu-app.com 2 preprod.api.jabu-app.com 2 www.staging.api.jabu-app.com 1 www.preprod.api.jabu-app.com 1

6 recorded

IP summary

2001:41d0:301::30 7 46.105.204.30 2 145.239.37.162 1

3 recorded

Domain api.jabu-app.com

France

Software information

Symfony developement panel enabled

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Symfony developement panel enabled

Symfony developement panel enabled

Symfony developement panel enabled

MacOS file listing through .DS_Store file

Symfony developement panel enabled

Symfony developement panel enabled

MacOS file listing through .DS_Store file

Symfony developement panel enabled

Symfony developement panel enabled

Symfony developement panel enabled

Symfony developement panel enabled

Create report

Create report

Create report

www.staging.api.jabu-app.com

staging.api.jabu-app.com

preprod.api.jabu-app.com

Domain summary

IP summary