Domain philips-testing.ycalabs.com
India
Software information
Apache 2.4.61
tcp/443
Apache 2.4.41
tcp/80
mini_httpd 1.24
tcp/8443
-
Symfony developement panel enabled
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
- System configuration
- Request log, including POST request with credentials and/or api keys
IP: 2a06:98c1:3121::3
Domain: philips-testing.ycalabs.com
Port: 443
URL: https://philips-testing.ycalabs.com/_profiler/empty/search/resultsFirst seen 2024-04-23 09:54
Last seen 2024-05-23 07:19
Open for 29 days-
Fingerprint: 407cf4363b0e62fafca67e071fecf14d1fecf14d1fecf14d1fecf14d1fecf14d
Symfony profiler enabled: https://philips-testing.ycalabs.com/_profiler/empty/search/results
Found on 2024-05-23 07:19
-
Open service 202.88.237.137:443 · philips-testing.ycalabs.com
2024-10-20 17:23
HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 17:23:47 GMT Server: Apache/2.4.61 (Debian) X-Powered-By: PHP/8.2.22 Cache-Control: max-age=0, must-revalidate, private X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com 'unsafe-inline' 'nonce-jCOqMC71gNkphsDDb7AO+g=='; report-uri /nelmio/csp/report X-Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com 'unsafe-inline' 'nonce-jCOqMC71gNkphsDDb7AO+g=='; report-uri /nelmio/csp/report Content-Security-Policy: default-src 'self' data:; block-all-mixed-content; connect-src 'self' localhost:1337 blob: blob: https://myawsbucketlts.s3.ap-south-1.amazonaws.com; font-src 'self' fonts.gstatic.com icons.getbootstrap.com cdnjs.cloudflare.com data:; img-src 'self' data: blob: cdn.jsdelivr.net; media-src 'self'; script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-jCOqMC71gNkphsDDb7AO+g=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com icons.getbootstrap.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net; report-uri /nelmio/csp/report X-Content-Security-Policy: default-src 'self' data:; block-all-mixed-content; connect-src 'self' localhost:1337 blob: blob: https://myawsbucketlts.s3.ap-south-1.amazonaws.com; font-src 'self' fonts.gstatic.com icons.getbootstrap.com cdnjs.cloudflare.com data:; img-src 'self' data: blob: cdn.jsdelivr.net; media-src 'self'; script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-jCOqMC71gNkphsDDb7AO+g=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com icons.getbootstrap.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net; report-uri /nelmio/csp/report Expires: Sun, 20 Oct 2024 17:23:47 GMT Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Set-Cookie: PHPSESSID=7aee9a712c3c898beb63d1a18ff8eb58; expires=Tue, 22 Oct 2024 17:23:47 GMT; Max-Age=172800; path=/; httponly; samesite=lax Connection: close Transfer-Encoding: chunked Page title: Sign in - LTS Datapoint <!DOCTYPE html> <html lang="en"> <!--begin::Head--> <head> <title>Sign in - LTS Datapoint</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/assets/media/logos/Favicon.png?ver=0.169" /> <!--begin::Fonts(mandatory for all pages)--> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inter:300,400,500,600,700" /> <!--end::Fonts--> <!-- custom links --> <link href="/assets/css/style.css?ver=0.169" rel="stylesheet" type="text/css" /> <!--begin::Global Stylesheets Bundle(mandatory for all pages)--> <link href="/assets/plugins/global/plugins.bundle.css?ver=0.169" rel="stylesheet" type="text/css" /> <link href="/assets/css/style.bundle.css?ver=0.169" rel="stylesheet" type="text/css" /> <!--end::Global Stylesheets Bundle--> </head> <!--end::Head--> <!--begin::Body--> <body id="kt_body" class="app-blank bgi-size-cover bgi-position-center bgi-no-repeat"> <!--begin::Theme mode setup on page load--> <script type="text/javascript" nonce="jCOqMC71gNkphsDDb7AO+g=="> var defaultThemeMode = "light"; var themeMode; if (document.documentElement) { if (document.documentElement.hasAttribute("data-theme-mode")) { themeMode = document.documentElement.getAttribute("data-theme-mode"); } else { if (localStorage.getItem("data-theme") !== null) { themeMode = localStorage.getItem("data-theme"); } else { themeMode = defaultThemeMode; } } if (themeMode === "system") { themeMode = window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light"; } document.documentElement.setAttribute("data-theme", themeMode); } </script> <div class="d-flex flex-column flex-root"> <!--begin::Page bg image--> <!--end::Page bg image--> <!--begin::Authentication - Sign-in --> <div class="d-flex flex-column flex-lg-row flex-column-fluid ls-signin-bg"> <!--begin::Aside--> <div class="d-flex flex-lg-row-fluid"> <!--begin::Content--> <div class="d-flex flex-column flex-center pb-0 pb-lg-10 p-10 w-100"> <!-- begin::sign in logos --> <div class="ls-signin-img mb-8"> <img src="/assets/media/illustrations/signin-img.png?ver=0.169" class="img-fluid"> </div> <!-- end::sign in logos --> <h1 class="text-gray-800 fs-2qx fw-bold text-center mb-7">Datapoint - Achieve your goals with precision!</h1> <!--end::Title--> <!--begin::Text--> <div class="text-gray-600 fs-base text-center fw-semibold">Datapoint is a strategic performance management tool used by the organizations to monitor and measure various aspects of their performance.<br /> This application is to streamline the process of tracking key performance indicators (KPIs) and aligning organizational activities with strategic goals.</div> <!--end::Text--> </div> <!--end::Content--> </div> <!--begin::Aside--> <!--begin::Body--> <div class="d-flex flex-column-fluid flex-lg-row-auto justify-content-center justify-content-lg-end p-12"> <!--begin::Wrapper--> <div class="bg-body d-flex flex-center rounded-4 w-md-600px p-10 ls-signin-formbox-shadow"> <!--begin::Content--> <div class="w-md-400px"> <!--begin::Form--> <form method="post" action="/login" id="kt_sign_in_form" class="login-form"> <!--begin::Heading--> <div class="text-center mb-11"> <div class="ls-signin-form-logo ls-br-10px d-inline-block mb-8"> <img src="/assets/media/logos/lts.png?ver=0.169" alt="" class="img-fluid w-200px" /> </div> <!--begin::Title--> <h1 class="text-dark fw-bolder mb-3">Sign In</h1> <!--end::Title--> <!--begin::Subtitle--> <!--end::Subtitle=--> </div> <!--begin::Heading--> <!--begin::Login options--> <div class="row g-3 mb-9 d-none"> <!--begin::Col--> <div class="col-md-12"> <!--begin::Google link=-->Found 2024-10-20 by HttpPluginCreate report
-
Open service 202.88.237.137:80 · philips-testing.ycalabs.com
2024-10-20 17:23
HTTP/1.1 301 Moved Permanently Date: Sun, 20 Oct 2024 17:23:41 GMT Server: Apache/2.4.41 (Ubuntu) Location: https://philips-testing.ycalabs.com/ Content-Length: 337 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 301 Moved Permanently <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://philips-testing.ycalabs.com/">here</a>.</p> <hr> <address>Apache/2.4.41 (Ubuntu) Server at philips-testing.ycalabs.com Port 80</address> </body></html>
Found 2024-10-20 by HttpPluginCreate report
-
Open service 202.88.237.137:8443 · philips-testing.ycalabs.com
2024-10-20 17:23
HTTP/1.0 403 Forbidden Server: mini_httpd/1.24 10May2016 Date: Sun, 20 Oct 2024 17:23:46 GMT Cache-Control: no-cache,no-store Content-Type: text/html; charset=%s P3P: 8443 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Connection: close Page title: 403 Forbidden <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>403 Forbidden</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>403 Forbidden</h4> URL is illegal. </BODY> </HTML>Found 2024-10-20 by HttpPluginCreate report