LeakIX - Host mail.safariconstructions.com

Domain mail.safariconstructions.com

France

Groupe LWS SARL

Debian

Found php information file

PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP.

This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

Environment variables may contain credentials.

https://www.acunetix.com/vulnerabilities/web/phpinfo-page/

IP: 192.162.68.143
Domain: mail.safariconstructions.com
Port: 443
URL: https://mail.safariconstructions.com/info.php

First seen 2022-03-05 03:11

Fingerprint: 2c44e2a6278fb0134173d6fabcd1a58c04e0f1820d744e3ec16f85d0490bf9e3

Found PHP info page:
$_SERVER['USER'] = www-data
$_SERVER['HOME'] = /var/www
$_SERVER['ORIG_SCRIPT_NAME'] = /php72-fcgi
$_SERVER['ORIG_PATH_TRANSLATED'] = /var/www/info.php
$_SERVER['ORIG_PATH_INFO'] = /info.php
$_SERVER['ORIG_SCRIPT_FILENAME'] = /usr/lib/cgi-bin/php72-fcgi
$_SERVER['SCRIPT_NAME'] = /info.php
$_SERVER['REQUEST_URI'] = /info.php
$_SERVER['QUERY_STRING'] = no value
$_SERVER['REQUEST_METHOD'] = GET
$_SERVER['SERVER_PROTOCOL'] = HTTP/1.1
$_SERVER['GATEWAY_INTERFACE'] = CGI/1.1
$_SERVER['REDIRECT_URL'] = /info.php
$_SERVER['REMOTE_PORT'] = 36830
$_SERVER['SCRIPT_FILENAME'] = /var/www/info.php
$_SERVER['SERVER_ADMIN'] = webmaster@localhost
$_SERVER['CONTEXT_DOCUMENT_ROOT'] = /usr/lib/cgi-bin/php72-fcgi
$_SERVER['CONTEXT_PREFIX'] = /php72-fcgi
$_SERVER['REQUEST_SCHEME'] = http
$_SERVER['DOCUMENT_ROOT'] = /var/www/
$_SERVER['REMOTE_ADDR'] = 127.0.0.1
$_SERVER['SERVER_PORT'] = 80
$_SERVER['SERVER_ADDR'] = 127.0.0.1
$_SERVER['SERVER_NAME'] = mail.safariconstructions.com
$_SERVER['SERVER_SOFTWARE'] = Apache/2.4.10 (Debian)
$_SERVER['SERVER_SIGNATURE'] = <address>Apache/2.4.10 (Debian) Server at mail.safariconstructions.com Port 80</address>
$_SERVER['PATH'] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$_SERVER['HTTP_X_FORWARDED_FOR'] = 159.65.200.34
$_SERVER['HTTP_X_FORWARDED_PROTO'] = https
$_SERVER['HTTP_CONNECTION'] = close
$_SERVER['HTTP_ACCEPT_ENCODING'] = gzip
$_SERVER['HTTP_USER_AGENT'] = l9explore/1.3.0
$_SERVER['HTTP_HOST'] = mail.safariconstructions.com
$_SERVER['SCRIPT_URI'] = http://mail.safariconstructions.com/info.php
$_SERVER['SCRIPT_URL'] = /info.php
$_SERVER['REDIRECT_STATUS'] = 200
$_SERVER['REDIRECT_HANDLER'] = application/x-httpd-fastphp72
$_SERVER['REDIRECT_SCRIPT_URI'] = http://mail.safariconstructions.com/info.php
$_SERVER['REDIRECT_SCRIPT_URL'] = /info.php
$_SERVER['FCGI_ROLE'] = RESPONDER
$_SERVER['PHP_SELF'] = /info.php
$_SERVER['REQUEST_TIME_FLOAT'] = 1646449896.5113
$_SERVER['REQUEST_TIME'] = 1646449896

Found on 2022-03-05 03:11

Create report

Leak detected by ApacheStatusHttpPlugin

No description available

IP: 192.162.68.143
Domain: mail.safariconstructions.com
Port: 443
URL: https://mail.safariconstructions.com/server-status

First seen 2022-03-05 03:11

Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f1243109b9243109b9dffbdd06

Apache Status

Apache Server Status for mail.safariconstructions.com (via 127.0.0.1)

Server Version: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 OpenSSL/1.0.2l mod_wsgi/4.3.0 Python/3.4.2
Server MPM: worker
Server Built: Sep 30 2019 19:32:08

Current Time: Saturday, 05-Mar-2022 04:11:35 CET
Restart Time: Saturday, 05-Mar-2022 02:18:58 CET
Parent Server Config. Generation: 1
Parent Server MPM Generation: 0
Server uptime:  1 hour 52 minutes 37 seconds
Server load: 1.02 0.80 0.75
Total accesses: 1982 - Total Traffic: 15.3 MB
CPU Usage: u1.33 s.84 cu0 cs0 - .0321% CPU load
.293 requests/sec - 2378 B/second - 7.9 kB/request
2 requests currently being processed, 48 idle workers
____________________________________W__K__________..............
................................................................
................................................................
..........................................................
Scoreboard Key:
"_" Waiting for Connection, 
"S" Starting up, 
"R" Reading Request,
"W" Sending Reply, 
"K" Keepalive (read), 
"D" DNS Lookup,
"C" Closing connection, 
"L" Logging, 
"G" Gracefully finishing, 
"I" Idle cleanup of worker, 
"." Open slot with no current process



SrvPIDAccMCPU
SSReqConnChildSlotClientVHostRequest

0-04317370/41/41_
1.0541300.00.090.09
127.0.0.1ipseule:20080NULL

0-04317370/43/43_
1.05800.01.491.49
127.0.0.1ipseule:20080GET / HTTP/1.1

0-04317370/41/41_
1.048500.00.160.16
127.0.0.1ipseule:80NULL

0-04317370/39/39_
1.06100.00.160.16
176.113.115.238ipseule:80GET /.env HTTP/1.1

0-04317370/40/40_
1.049770.00.140.14
127.0.0.1ipseule:20080GET /roundcube14/skins/elastic/ui.min.js?s=1612812581 HTTP/1.1

0-04317370/39/39_
1.039900.00.190.19
127.0.0.1ipseule:20080GET /roundcube14/program/js/common.min.js?s=1612812581 HTTP/1.1

0-04317370/35/35_
1.06100.00.110.11
127.0.0.1ipseule:20080GET /.DS_Store HTTP/1.1

0-04317370/33/33_
1.06100.00.110.11
127.0.0.1ipseule:20080GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e

0-04317370/40/40_
1.05200.00.090.09
127.0.0.1ipseule:20080GET / HTTP/1.1

0-04317370/38/38_
1.052160.00.120.12
127.0.0.1ipseule:20080NULL

0-04317370/39/39_
1.0530200.00.140.14
127.0.0.1ipseule:20080GET /webmail/ HTTP/1.1

0-04317370/38/38_
1.0514260.00.130.13
127.0.0.1ipseule:20080NULL

0-04317370/39/39_
1.0563100.00.180.18
127.0.0.1ipseule:20080NULL

0-04317370/32/32_
1.0519330.00.060.06
127.0.0.1ipseule:20080NULL

0-04317370/36/36_
1.0570280.00.090.09
127.0.0.1ipseule:20080GET /webmail/ HTTP/1.1

0-04317370/38/38_
1.048800.00.100.10
65.49.20.67ipseule:80GET / HTTP/1.1

0-04317370/43/43_
1.0473160.00.120.12
127.0.0.1ipseule:20080NULL

0-04317370/42/42_
1.049000.01.841.84
65.49.20.67ipseule:80GET / HTTP/1.1

0-04317370/38/38_
1.05800.00.120.12
127.0.0.1ipseule:20080GET / HTTP/1.1

0-04317370/40/40_
1.048700.00.110.11
208.109.36.200ipseule:80NULL

0-04317370/40/40_
0.939300.00.090.09
127.0.0.1ipseule:80quit\n

0-04317370/40/40_
1.06200.00.370.37
127.0.0.1ipseule:20080GET / HTTP/1.1

0-04317370/36/36_
1.05400.00.080.08
127.0.0.1ipseule:20080PUT /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.

0-04317370/32/32_
1.039890.00.070.07
127.0.0.1ipseule:20080GET /roundcube14/skins/elastic/deps/bootstrap.bundle.min.js?s=1

0-04317370/33/33_
1.06100.00.080.08
127.0.0.1ipseule:20080PUT /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.

1-04317380/40/40_
1.11100.01.811.81
127.0.0.1ipseule:20080GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e

1-04317380/44/44_
1.106800.01.551.55
184.105.247.194ipseule:80GET / HTTP/1.1

1-04317380/37/37_
1.10800.00.090.09
127.0.0.1ipseule:20080GET / HTTP/1.1

1-04317380/43/43_
1.103100.00.070.07
80.14.24.5ipseule:80GET / HTTP/1.1

1-04317380/50/50_
1.1013190.00.090.09
127.0.0.1ipseule:20080NULL

1-04317380/47/47_
1.10200.00.220.22
127.0.0.1ipseule:20080GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e

1-04317380/41/41_
1.10400.00.120.12
127.0.0.1ipseule:20080GET / HTTP/1.1

1-04317380/35/35_
1.11000.00.070.07
127.0.0.1ipseule:20080GET /.DS_Store HTTP/1.1

1-04317380/37/37_
1.11200.00.170.17
127.0.0.1ipseule:20080PUT /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.

1-04317380/41/41_
1.08102260.00.130.13
127.0.0.1ipseule:20080NULL

1-04317380/34/34_
1.1079380.00.080.08
127.0.0.1ipseule:20080NULL

1-04317380/39/39W
1.09000.00.110.11
127.0.0.1ipseule:20080GET /server-status HTTP/1.1

1-04317380/51/51_
1.1031130.00.310.31
127.0.0.1ipseule:20080GET /roundcube14/ HTTP/1.1

1-04317380/42/42_
1.104100.01.241.24
127.0.0.1ipseule:20080NULL

1-04317381/40/40K
1.111202.50.120.12
127.0.0.1ipseule:20080POST /webmail/?_task=mail&_action=refresh HTTP/1.1

1-04317380/43/43_
1.10800.00.110.11
127.0.0.1ipseule:20080GET / HTTP/1.1

1-04317380/42/42_
1.1064100.01.841.84
127.0.0.1ipseule:20080NULL

1-04317380/42/42_
1.1056250.00.130.13
127.0.0.1ipseule:20080NULL

1-04317380/38/38_
1.1012110.00.120.12
127.0.0.1ipseule:20080NULL

1-04317380/39/39_
1.091870.00.120.12
176.113.115.238ipseule:80\x16\x03\x01

1-04317380/44/44_
1.1010010.00.150.15
127.0.0.1ipseule:20080GET /roundcube14/program/js/jstz.min.js?s=1612812585 HTTP/1.1

1-04317380/43/43_
1.108000.00.140.14
54.212.245.52ipseule:80GET / HTTP/1.1

1-04317380/34/34_
1.1073100.00.090.09
127.0.0.1ipseule:20080NULL

1-04317380/40/40_
1.103100.00.090.09
80.14.24.5ipseule:80GET //mailqlws.php HTTP/1.1

1-04317380/41/41_
1.102500.00.130.13
127.0.0.1ipseule:80NULL


  
 SrvChild Server number - generation
 PIDOS process ID
 AccNumber of accesses this connection / this child / this slot
 MMode of operation
CPUCPU usage, number of seconds
SSSeconds since beginning of most recent request
 ReqMilliseconds required to process most recent request
 ConnKilobytes transferred this connection
 ChildMegabytes transferred this child
 SlotTotal megabytes transferred this slot
 



SSL/TLS Session Cache Status:


cache type: SHMCB, shared memory: 512000 bytes, current entries: 0subcaches: 32, indexes per subcache: 88index usage: 0%, cache usage: 0%total entries stored since starting: 0total entries replaced since starting: 0total entries expired since starting: 0total (pre-expiry) entries scrolled out of the cache: 0total retrieves since starting: 0 hit, 0 misstotal removes since starting: 0 hit, 0 miss


Apache/2.4.10 (Debian) Server at mail.safariconstructions.com Port 80

Found on 2022-03-05 03:11

Create report

Open service 185.98.131.47:80 · mail.safariconstructions.com

2024-05-15 01:57

HTTP/1.1 301 Moved Permanently
Date: Wed, 15 May 2024 01:57:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://mail12.lwspanel.com/

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2024-05-15 by HttpPlugin

Create report

Open service 185.98.131.47:443 · mail.safariconstructions.com

2024-05-15 01:57

HTTP/1.1 302 Found
Date: Wed, 15 May 2024 01:57:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
location: /roundcube/
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Robots-Tag: noindex, nofollow

Found 2024-05-15 by HttpPlugin

Create report

imap.safariconstructions.commail.safariconstructions.compop.safariconstructions.comsmtp.safariconstructions.com

Fingerprint:

48b27682b5974f83180f3033e1931a48923332d6f6bb64f251d4a3faae7be9eb

CN:

mail.safariconstructions.com

Key:

ECDSA-384

Issuer:

Not before:

2024-05-15 00:55

Not after:

2024-08-13 00:55

Domain summary

mail.safariconstructions.com 3

1 recorded

IP summary

185.98.131.47 2 192.162.68.143 1

2 recorded