Domain mail.hereweconnect.com
The Netherlands
Software information
Apache 2.4.52
tcp/443
-
Symfony developement panel enabled
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
- System configuration
- Request log, including POST request with credentials and/or api keys
IP: 5.59.188.225
Domain: mail.hereweconnect.com
Port: 443
URL: https://mail.hereweconnect.com/_profiler/empty/search/resultsFirst seen 2024-03-12 19:15
Last seen 2024-06-06 16:13
Open for 85 days-
Fingerprint: 407cf4363b0e62fafca67e075855801d5855801d5855801d5855801d5855801d
Symfony profiler enabled: https://mail.hereweconnect.com/_profiler/empty/search/results
Found on 2024-06-06 16:13
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-06-06 16:13
HTTP/1.1 200 OK Date: Thu, 06 Jun 2024 16:14:00 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: faa327 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/faa327 X-Robots-Tag: index, follow Expires: Thu, 06 Jun 2024 16:14:00 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 9 hours ago by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-06-02 20:27
HTTP/1.1 200 OK Date: Sun, 02 Jun 2024 20:27:12 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: f66487 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/f66487 X-Robots-Tag: index, follow Expires: Sun, 02 Jun 2024 20:27:12 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-06-02 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-06-01 14:52
HTTP/1.1 200 OK Date: Sat, 01 Jun 2024 14:52:04 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: d058f4 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/d058f4 X-Robots-Tag: index, follow Expires: Sat, 01 Jun 2024 14:52:04 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-06-01 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-30 17:03
HTTP/1.1 200 OK Date: Thu, 30 May 2024 17:03:46 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 88b7e7 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/88b7e7 X-Robots-Tag: index, follow Expires: Thu, 30 May 2024 17:03:46 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-30 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-29 04:13
HTTP/1.1 200 OK Date: Wed, 29 May 2024 04:13:35 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 682ce4 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/682ce4 X-Robots-Tag: index, follow Expires: Wed, 29 May 2024 04:13:35 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-29 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-28 08:47
HTTP/1.1 200 OK Date: Tue, 28 May 2024 08:47:14 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 2a43e9 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/2a43e9 X-Robots-Tag: index, follow Expires: Tue, 28 May 2024 08:47:14 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-28 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-27 05:35
HTTP/1.1 200 OK Date: Mon, 27 May 2024 05:35:58 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 0fc5f7 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/0fc5f7 X-Robots-Tag: index, follow Expires: Mon, 27 May 2024 05:35:58 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-27 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-26 04:33
HTTP/1.1 200 OK Date: Sun, 26 May 2024 04:33:39 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: e3f0e3 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/e3f0e3 X-Robots-Tag: index, follow Expires: Sun, 26 May 2024 04:33:39 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-26 by HttpPluginCreate report
-
Open service 5.59.188.225:443 · mail.hereweconnect.com
2024-05-25 10:07
HTTP/1.1 200 OK Date: Sat, 25 May 2024 10:07:20 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=63072000;includeSubDomains;preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Upgrade: h2,h2c Connection: Upgrade, close Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 031ed4 X-Debug-Token-Link: https://mail.hereweconnect.com/_profiler/031ed4 X-Robots-Tag: index, follow Expires: Sat, 25 May 2024 10:07:20 GMT Vary: Accept-Encoding Expect-CT: enforce,max-age=30, report-uri="https://staging.www.agegap.nl/report" X-XSS-Protection: 1;mode=block X-Permitted-Cross-Domain_policies: none Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Access-Control-Allow-Headers: X-Requested-With, X-App-Key, X-App-Token, X-App-Version, X-App-Type, Content-Type Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE Access-Control-expose-Headers: Content-Security-Policy, Location Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Found 2024-05-25 by HttpPluginCreate report