Domain carfit.tora.idp.lu
Germany
Software information
Apache
tcp/443
-
MacOS file listing through .DS_Store file
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
First seen 2022-11-09 10:47
Last seen 2026-01-02 18:14
Open for 1150 days-
Severity: low
Fingerprint: 5f32cf5d6962f09c026392ab026392abce2ca2e7dc0235c284a12c0298238456Found 7 files trough .DS_Store spidering: /bo /build /css /img /index.php /js /uploads
Found on 2026-01-02 18:14 -
Severity: low
Fingerprint: 5f32cf5d6962f09c87f05b7087f05b706e7a276020ed8c225c8d0fc5d62f76ebFound 26 files trough .DS_Store spidering: /assets /bin /composer.json /composer.lock /config /Makefile /migrations /node_modules /package.json /public /public/bo /public/build /public/css /public/img /public/index.php /public/js /public/uploads /README.md /src /symfony.lock /templates /translations /var /vendor /webpack.config.js /yarn.lock
Found on 2022-11-09 10:47
-
-
Git configuration and history exposed
The following URL (usually
/.git/config) is publicly accessible and is leaking source code and repository configuration.First seen 2022-11-09 10:47-
Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652263d75324[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = http://git.idp.lu:3000/jumo/Carfit.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = origin merge = refs/heads/master [branch "tora"] remote = origin merge = refs/heads/tora
Found on 2022-11-09 10:47321 Bytes
-
-
Symfony developement panel enabled
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
- System configuration
- Request log, including POST request with credentials and/or api keys
IP: 157.90.88.250
Domain: carfit.tora.idp.lu
Port: 443
URL: https://carfit.tora.idp.lu/_profiler/empty/search/resultsFirst seen 2023-07-19 19:51
Last seen 2026-01-10 01:17
Open for 905 days-
Fingerprint: 407cf4363b0e62fafca67e077708310277083102770831027708310277083102
Symfony profiler enabled: https://carfit.tora.idp.lu/_profiler/empty/search/results
Found on 2026-01-10 01:17
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2026-01-10 01:17
HTTP/1.1 200 OK Date: Sat, 10 Jan 2026 01:17:24 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-MqzhtHAgTVQjCTRKBrfHJZLjJTU=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-24534a089876d7de1e4a03b0213c9ace'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: d44efe X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/d44efe X-Robots-Tag: noindex Expires: Sat, 10 Jan 2026 01:17:24 GMT Set-Cookie: PHPSESSID=1efcvjl0tajlh0e697el9420n9; expires=Mon, 12-Jan-2026 01:17:24 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2 days ago by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2026-01-10 01:17
HTTP/1.1 200 OK Date: Sat, 10 Jan 2026 01:17:23 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-mf8D6KiwANCP/voMZ9ReuirzW6A=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-ff315f7d832ba1b8ac0d04ffe22e2b08'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: d7f11f X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/d7f11f X-Robots-Tag: noindex Expires: Sat, 10 Jan 2026 01:17:23 GMT Set-Cookie: PHPSESSID=s5bi7oppaea71ga497ilb650oq; expires=Mon, 12-Jan-2026 01:17:23 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2 days ago by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2026-01-02 18:14
HTTP/1.1 200 OK Date: Fri, 02 Jan 2026 18:14:37 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-rn0bprcD2Mj4ifxBBiYDIxY4kM8=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-11d555b734615676fe225370df1dc991'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: 025c57 X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/025c57 X-Robots-Tag: noindex Expires: Fri, 02 Jan 2026 18:14:37 GMT Set-Cookie: PHPSESSID=0v09b4d8nevol9kdmdsdrhau8m; expires=Sun, 04-Jan-2026 18:14:37 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2026-01-02 by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2026-01-02 18:14
HTTP/1.1 200 OK Date: Fri, 02 Jan 2026 18:14:35 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-SljSSTKrHMOd2enyGEK7Z4YjPR0=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-ff06df23bcc5c331e5661660a616cda4'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: 788110 X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/788110 X-Robots-Tag: noindex Expires: Fri, 02 Jan 2026 18:14:36 GMT Set-Cookie: PHPSESSID=rcf5epv9kkleaflhvba5aumpn6; expires=Sun, 04-Jan-2026 18:14:36 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2026-01-02 by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2025-12-23 08:26
HTTP/1.1 200 OK Date: Tue, 23 Dec 2025 08:26:07 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-/zxS1ftTDOfKW0GzGCi+BMWFHss=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-a2ef10c734726c73e84215085212b35f'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: d208b5 X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/d208b5 X-Robots-Tag: noindex Expires: Tue, 23 Dec 2025 08:26:08 GMT Set-Cookie: PHPSESSID=kk9t3gkg82vgnrqch5lljbqtvf; expires=Thu, 25-Dec-2025 08:26:08 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2025-12-23 by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2025-12-23 08:26
HTTP/1.1 200 OK Date: Tue, 23 Dec 2025 08:26:07 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-i0tu57JYGaDOkD38atrtrBTuHbg=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-1aed0c0cd1b62f688ba7bc4bc09e0a60'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: 1b35da X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/1b35da X-Robots-Tag: noindex Expires: Tue, 23 Dec 2025 08:26:07 GMT Set-Cookie: PHPSESSID=lat8c4n431hh09dphrvlv2uu29; expires=Thu, 25-Dec-2025 08:26:07 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2025-12-23 by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2025-12-21 10:30
HTTP/1.1 200 OK Date: Sun, 21 Dec 2025 10:30:56 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-cDaWs8anyqyb7QN684RPeVUZCAU=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-62507839a8b540f8b65a30f93d5d8655'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: 9e69bc X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/9e69bc X-Robots-Tag: noindex Expires: Sun, 21 Dec 2025 10:30:56 GMT Set-Cookie: PHPSESSID=rvrdmmnadu40dk4537al5qo2at; expires=Tue, 23-Dec-2025 10:30:56 GMT; Max-Age=172800; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2025-12-21 by HttpPluginCreate report
-
Open service 157.90.88.250:443 · carfit.tora.idp.lu
2025-12-21 10:30
HTTP/1.1 200 OK Date: Sun, 21 Dec 2025 10:30:56 GMT Server: Apache Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy: script-src 'nonce-5Dfdtpp9BU35bYdEWMjys57ZOr8=' 'unsafe-eval' 'strict-dynamic' https: http: 'unsafe-inline' 'nonce-4f590a9219b120f47263014d3d0bb876'; X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Debug-Token: 71b309 X-Debug-Token-Link: https://carfit.tora.idp.lu/_profiler/71b309 X-Robots-Tag: noindex Expires: Sun, 21 Dec 2025 10:30:56 GMT Set-Cookie: PHPSESSID=uutfdb63rllju9a5cgd4ivssle; expires=Tue, 23-Dec-2025 10:30:56 GMT; Max-Age=172799; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2025-12-21 by HttpPluginCreate report