Apache 2.4.52
tcp/443
nginx
tcp/443
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652265b627a8
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://den4ik-@bitbucket.org/wishdesk/nordic-eshop.git fetch = +refs/heads/*:refs/remotes/origin/* [remote "maksim"] url = https://bitbucket.org/wishdesk/nordic-eshop/src/main/ fetch = +refs/heads/*:refs/remotes/maksim/*
The following URL (usually /.git/config
) is publicly accessible and is leaking source code and repository configuration.
Severity: high
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a652265b627a8
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://den4ik-@bitbucket.org/wishdesk/nordic-eshop.git fetch = +refs/heads/*:refs/remotes/origin/* [remote "maksim"] url = https://bitbucket.org/wishdesk/nordic-eshop/src/main/ fetch = +refs/heads/*:refs/remotes/maksim/*
Open service 91.107.225.171:443 · nordic.webgoeson.com
2024-09-08 02:43
HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Sep 2024 02:43:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: PHPSESSID=1c9ec1b0275b6a009e13f2beca5fd81f; path=/; secure; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15768000; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin Page title: mailcow UI <!DOCTYPE html> <html lang="en-gb"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <meta name="theme-color" content="#F5D76E"/> <meta http-equiv="Referrer-Policy" content="same-origin"> <title>mailcow UI</title> <link rel="stylesheet" href="/cache/e9d7abaa5bdece3e1bd297a0acd7d21041e36c05.css"> <script> // check if darkmode is preferred by OS or set by localStorage if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("theme") !== "light" || localStorage.getItem("theme") === "dark") { var head = document.getElementsByTagName('head')[0]; var link = document.createElement('link'); link.id = 'dark-mode-theme'; link.rel = 'stylesheet'; link.type = 'text/css'; link.href = '/css/themes/mailcow-darkmode.css'; head.appendChild(link); } </script> <link rel="shortcut icon" href="/favicon.png" type="image/png"> <link rel="icon" href="/favicon.png" type="image/png"> </head> <body> <div class="overlay"></div> <form action="/" method="post" id="logout"><input type="hidden" name="logout"></form> <div class="container my-4"> <div class="row mb-4" style="margin-top: 60px"> <div class="col-12 col-md-7 col-lg-6 col-xl-5 ms-auto me-auto"> <div class="card"> <div class="card-header d-flex align-items-center"> <i class="bi bi-person-fill me-2"></i> Login <div class="ms-auto form-check form-switch my-auto d-flex align-items-center"> <label class="form-check-label"><i class="bi bi-moon-fill"></i></label> <input class="form-check-input ms-2" type="checkbox" id="dark-mode-toggle"> </div> </div> <div class="card-body"> <div class="text-center mailcow-logo mb-4"> <img class="main-logo" src="/img/cow_mailcow.svg" alt="mailcow"> <img class="main-logo-dark" src="/img/cow_mailcow.svg" alt="mailcow-logo-dark"> </div> <legend>mailcow UI</legend><hr /> <form method="post" autofill="off"> <div class="d-flex mt-3"> <label class="visually-hidden" for="login_user">Username</label> <div class="input-group"> <div class="input-group-text"><i class="bi bi-person-fill"></i></div> <input name="login_user" autocorrect="off" autocapitalize="none" type="text" id="login_user" class="form-control" placeholder="Username" required="" autofocus="" autocomplete="username"> </div> </div> <div class="d-flex mt-3"> <label class="visually-hidden" for="pass_user">Password</label> <div class="input-group"> <div class="input-group-text"><i class="bi bi-lock-fill"></i></div> <input name="pass_user" type="password" id="pass_user" class="form-control" placeholder="Password" required="" autocomplete="current-password"> </div> </div> <div class="d-flex justify-content-between mt-4" style="position: relative"> <div class="d-grid gap-2 d-sm-block"> <button type="submit" class="btn btn-xs-lg btn-success" value="Login">Login</button> <button type="button" class="btn btn-xs-lg btn-success" id="fido2-login"><i class="bi bi-shield-fill-check"></i> FIDO2/WebAuthn Login</button> </div> <div class="d-grid d-sm-block"> <button type="button" class="btn btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <span class="flag-icon flag-icon-gb"></span> </button> <ul class="dropdown-menu ms-auto login"> <li> <a class="dropdown-item " href="?lang=cs-cz"> <span class="flag-icon flag-icon-cz"></span>Čeština (Czech) </a> </li>
Open service 91.107.225.171:443 · www.nordic.webgoeson.com
2024-08-18 09:00
HTTP/1.1 301 Moved Permanently Date: Sun, 18 Aug 2024 09:00:08 GMT Server: Apache/2.4.52 (Ubuntu) Cache-Control: no-cache X-Redirect-By: WordPress Location: https://nordic.webgoeson.com/ Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
Open service 91.107.225.171:443 · nordic.webgoeson.com
2024-08-16 19:51
HTTP/1.1 200 OK Date: Fri, 16 Aug 2024 19:51:07 GMT Server: Apache/2.4.52 (Ubuntu) Cache-Control: no-cache WPO-Cache-Status: cached Last-Modified: Thu, 15 Aug 2024 21:25:08 GMT Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8