LeakIX - Host app.mynoji.com

Domain app.mynoji.com

France

OVH SAS

Debian

Software information

Apache Apache 2.4.59

tcp/443

Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 217.182.205.207
Domain: app.mynoji.com
Port: 443
URL: https://app.mynoji.com/_profiler/empty/search/results

First seen 2023-08-31 06:33
Last seen 2024-05-13 01:56
Open for 255 days
- Fingerprint: 407cf4363b0e62fafca67e073ac50f4b3ac50f4b3ac50f4b3ac50f4b3ac50f4b
```
Symfony profiler enabled:
https://app.mynoji.com/_profiler/empty/search/results
```
  Found on 2024-05-13 01:56
Create report
MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 217.182.205.207
Domain: app.mynoji.com
Port: 443
URL: https://app.mynoji.com

First seen 2023-07-01 11:17
Last seen 2024-05-12 22:06
Open for 316 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c1a5d9b0f1a5d9b0f253daf9ad803b95595387d9d95387d9d
```
Found 3 files trough .DS_Store spidering:

/build
/uploads
/uploads/courses
```
  Found on 2024-05-12 22:06
Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-05-13 01:56

HTTP/1.1 302 Found
Date: Mon, 13 May 2024 01:56:24 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 377915
X-Debug-Token-Link: https://app.mynoji.com/_profiler/377915
X-Robots-Tag: noindex
Expires: Mon, 13 May 2024 01:56:24 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22377915%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=h13rnjf07r7h50n8bee59rp58f; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-05-13 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-05-12 22:06

HTTP/1.1 302 Found
Date: Sun, 12 May 2024 22:06:43 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 6f37e6
X-Debug-Token-Link: https://app.mynoji.com/_profiler/6f37e6
X-Robots-Tag: noindex
Expires: Sun, 12 May 2024 22:06:43 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%226f37e6%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=m0js9v5s4lreodtsvrr4opl6cs; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-05-12 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-05-08 19:02

HTTP/1.1 302 Found
Date: Wed, 08 May 2024 19:02:30 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: bf98e3
X-Debug-Token-Link: https://app.mynoji.com/_profiler/bf98e3
X-Robots-Tag: noindex
Expires: Wed, 08 May 2024 19:02:30 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22bf98e3%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=i0gkrbla2jd8lu4e4vng5um5dg; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-05-08 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-05-08 18:08

HTTP/1.1 302 Found
Date: Wed, 08 May 2024 18:08:41 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 380916
X-Debug-Token-Link: https://app.mynoji.com/_profiler/380916
X-Robots-Tag: noindex
Expires: Wed, 08 May 2024 18:08:41 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22380916%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=61epfh79ld3u933aqb1utkl3en; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-05-08 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-30 23:42

HTTP/1.1 302 Found
Date: Tue, 30 Apr 2024 23:43:07 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: e02df7
X-Debug-Token-Link: https://app.mynoji.com/_profiler/e02df7
X-Robots-Tag: noindex
Expires: Tue, 30 Apr 2024 23:43:07 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22e02df7%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=c1io2jpvjr01jpchjh9o45emr5; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-30 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-30 22:47

HTTP/1.1 302 Found
Date: Tue, 30 Apr 2024 22:47:51 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: f7684c
X-Debug-Token-Link: https://app.mynoji.com/_profiler/f7684c
X-Robots-Tag: noindex
Expires: Tue, 30 Apr 2024 22:47:51 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22f7684c%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=0bmba24cim3kou5fijmf9frqkh; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-30 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-28 20:53

HTTP/1.1 302 Found
Date: Sun, 28 Apr 2024 20:53:13 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 723967
X-Debug-Token-Link: https://app.mynoji.com/_profiler/723967
X-Robots-Tag: noindex
Expires: Sun, 28 Apr 2024 20:53:13 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22723967%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=b4uhgemhgmctes15l6s37j25ll; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-28 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-28 20:20

HTTP/1.1 302 Found
Date: Sun, 28 Apr 2024 20:20:40 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 978832
X-Debug-Token-Link: https://app.mynoji.com/_profiler/978832
X-Robots-Tag: noindex
Expires: Sun, 28 Apr 2024 20:20:40 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22978832%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=9jnht2sq0b8tqvsk3jbg0kfqqr; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-28 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-19 00:39

HTTP/1.1 302 Found
Date: Fri, 19 Apr 2024 00:39:42 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: 2bb6ba
X-Debug-Token-Link: https://app.mynoji.com/_profiler/2bb6ba
X-Robots-Tag: noindex
Expires: Fri, 19 Apr 2024 00:39:42 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%222bb6ba%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=okb2kdmbinhoqgt76q99t5qeki; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-19 by HttpPlugin

Create report

Open service 217.182.205.207:443 · app.mynoji.com

2024-04-18 22:17

HTTP/1.1 302 Found
Date: Thu, 18 Apr 2024 22:17:55 GMT
Server: Apache/2.4.59 (Debian)
Cache-Control: max-age=0, must-revalidate, private
X-Debug-Token: ff80f6
X-Debug-Token-Link: https://app.mynoji.com/_profiler/ff80f6
X-Robots-Tag: noindex
Expires: Thu, 18 Apr 2024 22:17:55 GMT
Set-Cookie: sf_redirect=%7B%22token%22%3A%22ff80f6%22%2C%22route%22%3A%22app_dashboard%22%2C%22method%22%3A%22GET%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CApp%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fnoji%5C%2Fsrc%5C%2FController%5C%2FApp%5C%2FDashboardController.php%22%2C%22line%22%3A18%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D; path=/; secure; httponly; samesite=lax
Set-Cookie: PHPSESSID=bd1rvg65rvsvc8jaje409n40c0; path=/; secure; httponly; samesite=lax
Upgrade: h2,h2c
Connection: Upgrade, close
Location: /signin
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Page title: Redirecting to /signin

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/signin'" />

        <title>Redirecting to /signin</title>
    </head>
    <body>
        Redirecting to <a href="/signin">/signin</a>.
    </body>
</html>

Found 2024-04-18 by HttpPlugin

Create report

app.mynoji.commynoji.comorder.mynoji.com

Fingerprint:

1c5efd7ebcc2b2f777b38c98992a20507931c21360da78d51cd7980d932c0e4d

CN:

mynoji.com

Key:

RSA-2048

Issuer:

Not before:

2024-04-04 09:47

Not after:

2024-07-03 09:47

Domain summary

app.mynoji.com 11

1 recorded

IP summary

217.182.205.207 2

1 recorded

Domain app.mynoji.com

France

Software information

Symfony developement panel enabled

MacOS file listing through .DS_Store file

app.mynoji.commynoji.comorder.mynoji.com

Domain summary

IP summary