LeakIX - Host dev.plusano.de

Domain dev.plusano.de

Germany

23M GmbH

Software information

openresty

tcp/443

Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 2a00:f48:2000:affe::50
Domain: dev.plusano.de
Port: 443
URL: https://dev.plusano.de/_profiler/empty/search/results

First seen 2025-11-29 18:32
Last seen 2026-01-08 19:36
Open for 40 days
- Fingerprint: 407cf4363b0e62fafca67e070f9040110f9040110f9040110f9040110f904011
```
Symfony profiler enabled:
https://dev.plusano.de/_profiler/empty/search/results
```
  Found on 2026-01-08 19:36
Create report

Open service 2a00:f48:2000:affe::50:443 · dev.plusano.de

2026-01-08 19:36

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Jan 2026 19:36:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Lima-Id: gaDkO3ENmodXiYipzP
Set-Cookie: _lcp=a; Path=/; expires=Mon Mar 20 2034 13:02:58; SameSite=Lax; HttpOnly
cache-control: no-cache, no-store, private
x-powered-by: PHP/8.4.11
x-cache-debug: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade, strict-origin-when-cross-origin
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
pragma: no-cache
expires: -1
x-cache-tags: contao.db.tl_page.2,contao.db.tl_page.10,contao.db.tl_page.11,contao.db.tl_page.12,contao.db.tl_page.13,contao.db.tl_page.14,contao.db.tl_page.15,contao.db.tl_page.3,contao.db.tl_page.16,contao.db.tl_page.4,contao.db.tl_page.17,contao.db.tl_page.5,contao.db.tl_page.18,contao.db.tl_page.19,contao.db.tl_page.6,contao.db.tl_page.20,contao.db.tl_page.27,contao.db.tl_page.21,contao.db.tl_page.37,contao.db.tl_page.23,contao.db.tl_page.34,contao.db.tl_page.7,contao.db.tl_module.1,contao.db.tl_article.1,contao.db.tl_content.1,contao.db.tl_content.7,contao.db.tl_content.2,contao.db.tl_content.3,contao.db.tl_content.4,contao.db.tl_content.6,contao.db.tl_content.8,contao.db.tl_article.12,contao.db.tl_content.9,contao.db.tl_article.14,contao.db.tl_content.10,contao.db.tl_content.11,contao.db.tl_content.12,contao.db.tl_content.13,contao.db.tl_content.14,contao.db.tl_article.15,contao.db.tl_content.15,contao.db.tl_content.30,contao.db.tl_article.27,contao.db.tl_content.29,contao.db.tl_module.6,contao.db.tl_article.134,contao.db.tl_content.362,contao.db.tl_content.363,contao.db.tl_article.85,contao.db.tl_content.194,contao.db.tl_content.192,contao.db.tl_news_archive.1,contao.db.tl_news.18,contao.db.tl_news.16,contao.db.tl_news.17,contao.db.tl_module.13,contao.db.tl_content.221,contao.db.tl_module.3,contao.db.tl_article.26,contao.db.tl_content.17,contao.db.tl_content.18,contao.db.tl_content.19,contao.db.tl_content.195,contao.db.tl_content.196,contao.db.tl_content.20,contao.db.tl_module.5,contao.db.tl_content.197,contao.db.tl_content.201,contao.db.tl_content.202,contao.db.tl_content.203,contao.db.tl_module.14,contao.db.tl_content.204,contao.db.tl_content.205,contao.db.tl_content.206,contao.db.tl_content.207,contao.db.tl_module.15,contao.db.tl_content.208,contao.db.tl_content.198,contao.db.tl_content.199,contao.db.tl_content.25,contao.db.tl_module.2,contao.db.tl_content.200,contao.db.tl_content.21,contao.db.tl_content.24,contao.db.tl_content.26,contao.db.tl_content.27,contao.db.tl_page.1
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-debug-token: 281c94
x-debug-token-link: https://dev.plusano.de/_profiler/281c94
x-robots-tag: noindex
vary: Accept-Encoding
Content-Security-Policy: upgrade-insecure-requests

Found 2026-01-08 by HttpPlugin

Create report

Open service 2a00:f48:2000:affe::50:443 · dev.plusano.de

2025-12-30 12:32

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 30 Dec 2025 12:32:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Lima-Id: gavv6AoX7peoNU12bV
Set-Cookie: _lcp=a; Path=/; expires=Mon Mar 20 2034 13:02:58; SameSite=Lax; HttpOnly
cache-control: no-cache, no-store, private
x-powered-by: PHP/8.4.11
x-cache-debug: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade, strict-origin-when-cross-origin
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
pragma: no-cache
expires: -1
x-cache-tags: contao.db.tl_page.2,contao.db.tl_page.10,contao.db.tl_page.11,contao.db.tl_page.12,contao.db.tl_page.13,contao.db.tl_page.14,contao.db.tl_page.15,contao.db.tl_page.3,contao.db.tl_page.16,contao.db.tl_page.4,contao.db.tl_page.17,contao.db.tl_page.5,contao.db.tl_page.18,contao.db.tl_page.19,contao.db.tl_page.6,contao.db.tl_page.20,contao.db.tl_page.27,contao.db.tl_page.21,contao.db.tl_page.37,contao.db.tl_page.23,contao.db.tl_page.34,contao.db.tl_page.7,contao.db.tl_module.1,contao.db.tl_article.1,contao.db.tl_content.1,contao.db.tl_content.7,contao.db.tl_content.2,contao.db.tl_content.3,contao.db.tl_content.4,contao.db.tl_content.6,contao.db.tl_content.8,contao.db.tl_article.12,contao.db.tl_content.9,contao.db.tl_article.14,contao.db.tl_content.10,contao.db.tl_content.11,contao.db.tl_content.12,contao.db.tl_content.13,contao.db.tl_content.14,contao.db.tl_article.15,contao.db.tl_content.15,contao.db.tl_content.30,contao.db.tl_article.27,contao.db.tl_content.29,contao.db.tl_module.6,contao.db.tl_article.134,contao.db.tl_content.362,contao.db.tl_content.363,contao.db.tl_article.85,contao.db.tl_content.194,contao.db.tl_content.192,contao.db.tl_news_archive.1,contao.db.tl_news.18,contao.db.tl_news.16,contao.db.tl_news.17,contao.db.tl_module.13,contao.db.tl_content.221,contao.db.tl_module.3,contao.db.tl_article.26,contao.db.tl_content.17,contao.db.tl_content.18,contao.db.tl_content.19,contao.db.tl_content.195,contao.db.tl_content.196,contao.db.tl_content.20,contao.db.tl_module.5,contao.db.tl_content.197,contao.db.tl_content.201,contao.db.tl_content.202,contao.db.tl_content.203,contao.db.tl_module.14,contao.db.tl_content.204,contao.db.tl_content.205,contao.db.tl_content.206,contao.db.tl_content.207,contao.db.tl_module.15,contao.db.tl_content.208,contao.db.tl_content.198,contao.db.tl_content.199,contao.db.tl_content.25,contao.db.tl_module.2,contao.db.tl_content.200,contao.db.tl_content.21,contao.db.tl_content.24,contao.db.tl_content.26,contao.db.tl_content.27,contao.db.tl_page.1
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-debug-token: 193761
x-debug-token-link: https://dev.plusano.de/_profiler/193761
x-robots-tag: noindex
vary: Accept-Encoding
Content-Security-Policy: upgrade-insecure-requests

Found 2025-12-30 by HttpPlugin

Create report

Open service 2a00:f48:2000:affe::50:443 · dev.plusano.de

2025-12-22 15:48

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 22 Dec 2025 15:48:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Lima-Id: ga77kwx9zkMvD7WJIA
Set-Cookie: _lcp=a; Path=/; expires=Mon Mar 20 2034 13:02:58; SameSite=Lax; HttpOnly
cache-control: no-cache, no-store, private
x-powered-by: PHP/8.4.11
x-cache-debug: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade, strict-origin-when-cross-origin
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
pragma: no-cache
expires: -1
x-cache-tags: contao.db.tl_page.2,contao.db.tl_page.10,contao.db.tl_page.11,contao.db.tl_page.12,contao.db.tl_page.13,contao.db.tl_page.14,contao.db.tl_page.15,contao.db.tl_page.3,contao.db.tl_page.16,contao.db.tl_page.4,contao.db.tl_page.17,contao.db.tl_page.5,contao.db.tl_page.18,contao.db.tl_page.19,contao.db.tl_page.6,contao.db.tl_page.20,contao.db.tl_page.27,contao.db.tl_page.21,contao.db.tl_page.37,contao.db.tl_page.23,contao.db.tl_page.34,contao.db.tl_page.7,contao.db.tl_module.1,contao.db.tl_article.1,contao.db.tl_content.1,contao.db.tl_content.7,contao.db.tl_content.2,contao.db.tl_content.3,contao.db.tl_content.4,contao.db.tl_content.6,contao.db.tl_content.8,contao.db.tl_article.12,contao.db.tl_content.9,contao.db.tl_article.14,contao.db.tl_content.10,contao.db.tl_content.11,contao.db.tl_content.12,contao.db.tl_content.13,contao.db.tl_content.14,contao.db.tl_article.15,contao.db.tl_content.15,contao.db.tl_content.30,contao.db.tl_article.27,contao.db.tl_content.29,contao.db.tl_module.6,contao.db.tl_article.134,contao.db.tl_content.362,contao.db.tl_content.363,contao.db.tl_article.85,contao.db.tl_content.194,contao.db.tl_content.192,contao.db.tl_news_archive.1,contao.db.tl_news.18,contao.db.tl_news.16,contao.db.tl_news.17,contao.db.tl_module.13,contao.db.tl_content.221,contao.db.tl_module.3,contao.db.tl_article.26,contao.db.tl_content.17,contao.db.tl_content.18,contao.db.tl_content.19,contao.db.tl_content.195,contao.db.tl_content.196,contao.db.tl_content.20,contao.db.tl_module.5,contao.db.tl_content.197,contao.db.tl_content.201,contao.db.tl_content.202,contao.db.tl_content.203,contao.db.tl_module.14,contao.db.tl_content.204,contao.db.tl_content.205,contao.db.tl_content.206,contao.db.tl_content.207,contao.db.tl_module.15,contao.db.tl_content.208,contao.db.tl_content.198,contao.db.tl_content.199,contao.db.tl_content.25,contao.db.tl_module.2,contao.db.tl_content.200,contao.db.tl_content.21,contao.db.tl_content.24,contao.db.tl_content.26,contao.db.tl_content.27,contao.db.tl_page.1
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-debug-token: 2f05a5
x-debug-token-link: https://dev.plusano.de/_profiler/2f05a5
x-robots-tag: noindex
vary: Accept-Encoding
Content-Security-Policy: upgrade-insecure-requests

Found 2025-12-22 by HttpPlugin

Create report

Open service 2a00:f48:2000:affe::50:443 · dev.plusano.de

2025-12-20 15:40

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 20 Dec 2025 15:40:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Lima-Id: gad3uP019xjaRx5at2
Set-Cookie: _lcp=a; Path=/; expires=Mon Mar 20 2034 13:02:58; SameSite=Lax; HttpOnly
cache-control: no-cache, no-store, private
x-powered-by: PHP/8.4.11
x-cache-debug: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade, strict-origin-when-cross-origin
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
pragma: no-cache
expires: -1
x-cache-tags: contao.db.tl_page.2,contao.db.tl_page.10,contao.db.tl_page.11,contao.db.tl_page.12,contao.db.tl_page.13,contao.db.tl_page.14,contao.db.tl_page.15,contao.db.tl_page.3,contao.db.tl_page.16,contao.db.tl_page.4,contao.db.tl_page.17,contao.db.tl_page.5,contao.db.tl_page.18,contao.db.tl_page.19,contao.db.tl_page.6,contao.db.tl_page.20,contao.db.tl_page.27,contao.db.tl_page.21,contao.db.tl_page.37,contao.db.tl_page.23,contao.db.tl_page.34,contao.db.tl_page.7,contao.db.tl_module.1,contao.db.tl_article.1,contao.db.tl_content.1,contao.db.tl_content.7,contao.db.tl_content.2,contao.db.tl_content.3,contao.db.tl_content.4,contao.db.tl_content.6,contao.db.tl_content.8,contao.db.tl_article.12,contao.db.tl_content.9,contao.db.tl_article.14,contao.db.tl_content.10,contao.db.tl_content.11,contao.db.tl_content.12,contao.db.tl_content.13,contao.db.tl_content.14,contao.db.tl_article.15,contao.db.tl_content.15,contao.db.tl_content.30,contao.db.tl_article.27,contao.db.tl_content.29,contao.db.tl_module.6,contao.db.tl_article.134,contao.db.tl_content.362,contao.db.tl_content.363,contao.db.tl_article.85,contao.db.tl_content.194,contao.db.tl_content.192,contao.db.tl_news_archive.1,contao.db.tl_news.18,contao.db.tl_news.16,contao.db.tl_news.17,contao.db.tl_module.13,contao.db.tl_content.221,contao.db.tl_module.3,contao.db.tl_article.26,contao.db.tl_content.17,contao.db.tl_content.18,contao.db.tl_content.19,contao.db.tl_content.195,contao.db.tl_content.196,contao.db.tl_content.20,contao.db.tl_module.5,contao.db.tl_content.197,contao.db.tl_content.201,contao.db.tl_content.202,contao.db.tl_content.203,contao.db.tl_module.14,contao.db.tl_content.204,contao.db.tl_content.205,contao.db.tl_content.206,contao.db.tl_content.207,contao.db.tl_module.15,contao.db.tl_content.208,contao.db.tl_content.198,contao.db.tl_content.199,contao.db.tl_content.25,contao.db.tl_module.2,contao.db.tl_content.200,contao.db.tl_content.21,contao.db.tl_content.24,contao.db.tl_content.26,contao.db.tl_content.27,contao.db.tl_page.1
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-debug-token: 4304d9
x-debug-token-link: https://dev.plusano.de/_profiler/4304d9
x-robots-tag: noindex
vary: Accept-Encoding
Content-Security-Policy: upgrade-insecure-requests

Found 2025-12-20 by HttpPlugin

Create report

dev.plusano.de

Fingerprint:

8de00d671fc5515e4a739bb5ad70affff7483dc3d7bda8e214c7d523719cd934

CN:

dev.plusano.de

Key:

ECDSA-256

Issuer:

Not before:

2025-11-28 07:11

Not after:

2026-02-26 07:11

Domain summary

dev.plusano.de 4

1 recorded

IP summary

2a00:f48:2000:affe::50 2

1 recorded

Domain dev.plusano.de

Germany

Software information

Symfony developement panel enabled

Create report

Create report

Create report

Create report

dev.plusano.de

Domain summary

IP summary