Apache
tcp/443 tcp/80
The application has Symfony profiling enabled.
It enables an attacker to access the following sensitive content :
Fingerprint: 407cf4363b0e62fafca67e078857400288574002885740028857400288574002
Symfony profiler enabled: https://13.70.201.230/_profiler/empty/search/results
Open service 13.70.201.230:443
2024-06-19 22:03
HTTP/1.1 200 OK Date: Wed, 19 Jun 2024 22:03:49 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 059142 X-Debug-Token-Link: https://13.70.201.230/_profiler/059142 X-Robots-Tag: noindex Expires: Wed, 19 Jun 2024 22:03:49 GMT Set-Cookie: uid=ceabd7d4-2e87-11ef-b342-c50a4b8c5e95; expires=Thu, 19 Jun 2025 22:03:49 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=en2501fkb8i66d4ti88qg381gl; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-17 22:17
HTTP/1.1 200 OK Date: Mon, 17 Jun 2024 22:17:59 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: bdab72 X-Debug-Token-Link: https://13.70.201.230/_profiler/bdab72 X-Robots-Tag: noindex Expires: Mon, 17 Jun 2024 22:17:59 GMT Set-Cookie: uid=748ec054-2cf7-11ef-8b63-57bd10e61d12; expires=Tue, 17 Jun 2025 22:17:59 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=nd16evfahvm605mf0b00jhice8; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:80
2024-06-16 00:26
HTTP/1.1 301 Moved Permanently Date: Sun, 16 Jun 2024 00:26:20 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Location: https://13.70.201.230/ Cache-Control: max-age=3600 Expires: Sun, 16 Jun 2024 01:26:20 GMT Content-Length: 230 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 301 Moved Permanently <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://13.70.201.230/">here</a>.</p> </body></html>
Open service 13.70.201.230:443
2024-06-15 22:48
HTTP/1.1 200 OK Date: Sat, 15 Jun 2024 22:48:12 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: e3fa16 X-Debug-Token-Link: https://13.70.201.230/_profiler/e3fa16 X-Robots-Tag: noindex Expires: Sat, 15 Jun 2024 22:48:13 GMT Set-Cookie: uid=588a043e-2b69-11ef-8e44-fb2cece37791; expires=Sun, 15 Jun 2025 22:48:12 GMT; Max-Age=31535999; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=q27fnhe7sm2d5tlgegv2kkrh83; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-14 20:19
HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 20:19:10 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: ca2c2a X-Debug-Token-Link: https://13.70.201.230/_profiler/ca2c2a X-Robots-Tag: noindex Expires: Fri, 14 Jun 2024 20:19:10 GMT Set-Cookie: uid=5c05d608-2a8b-11ef-9ae1-67338f3193b1; expires=Sat, 14 Jun 2025 20:19:10 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=ij5bppddrv3mfi01m93n68bu39; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-12 22:49
HTTP/1.1 200 OK Date: Wed, 12 Jun 2024 22:49:07 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 4c9a37 X-Debug-Token-Link: https://13.70.201.230/_profiler/4c9a37 X-Robots-Tag: noindex Expires: Wed, 12 Jun 2024 22:49:07 GMT Set-Cookie: uid=f9af4008-290d-11ef-9046-7b3610f0ff7c; expires=Thu, 12 Jun 2025 22:49:07 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=lis6mh2n6nuiabln259bh44vv0; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-11 21:50
HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 21:50:49 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 141060 X-Debug-Token-Link: https://13.70.201.230/_profiler/141060 X-Robots-Tag: noindex Expires: Tue, 11 Jun 2024 21:50:49 GMT Set-Cookie: uid=aa3a55e8-283c-11ef-a1f4-e1017ea357f7; expires=Wed, 11 Jun 2025 21:50:49 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=dlnapl7bg5ks0ogom62m2lic7i; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-09 21:32
HTTP/1.1 200 OK Date: Sun, 09 Jun 2024 21:32:29 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 93dfb8 X-Debug-Token-Link: https://13.70.201.230/_profiler/93dfb8 X-Robots-Tag: noindex Expires: Sun, 09 Jun 2024 21:32:29 GMT Set-Cookie: uid=c5eb709c-26a7-11ef-8d82-3b89e20e0818; expires=Mon, 09 Jun 2025 21:32:29 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=et2h9pui1bm24e6a3ftohk1c64; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-07 21:56
HTTP/1.1 200 OK Date: Fri, 07 Jun 2024 21:56:35 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 5bc493 X-Debug-Token-Link: https://13.70.201.230/_profiler/5bc493 X-Robots-Tag: noindex Expires: Fri, 07 Jun 2024 21:56:35 GMT Set-Cookie: uid=cf157a54-2518-11ef-8df4-93a953f19b1c; expires=Sat, 07 Jun 2025 21:56:35 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=2sa61q3msr6sgrjkar53cic114; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-05 21:43
HTTP/1.1 200 OK Date: Wed, 05 Jun 2024 21:43:53 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 696ad5 X-Debug-Token-Link: https://13.70.201.230/_profiler/696ad5 X-Robots-Tag: noindex Expires: Wed, 05 Jun 2024 21:43:53 GMT Set-Cookie: uid=b40c48e0-2384-11ef-b85a-77d9182da183; expires=Thu, 05 Jun 2025 21:43:53 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=ecbr9hqp0pi8u3lf2f84lb2jdk; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Open service 13.70.201.230:443
2024-06-03 20:28
HTTP/1.1 200 OK Date: Mon, 03 Jun 2024 20:29:02 GMT Server: Apache X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=7776000 Content-Security-Policy-Report-Only: default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.adnxs.com *.hotjar.com *.adroll.com *.bing.com *.bidswitch.net *.yahoo.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.facebook.nen *.doubleclick.net *.openx.net *.rlcdn.com *.rfihub.com *.rfihub.net *.adncs.com; report-uri /static/csp-report.php Referer: default-src 'self' Referrer-Policy: same-origin Access-Control-Allow-Origin: * Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Allow-Headers: Content-Type Cache-Control: max-age=0, must-revalidate, private X-Debug-Token: 3ddebf X-Debug-Token-Link: https://13.70.201.230/_profiler/3ddebf X-Robots-Tag: noindex Expires: Mon, 03 Jun 2024 20:29:02 GMT Set-Cookie: uid=ea3955c8-21e7-11ef-b9f4-f9abdf8f973d; expires=Tue, 03 Jun 2025 20:29:02 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax Set-Cookie: PHPSESSID=rs3tnbpjdn6vvusoa8c3kisnaq; path=/; secure; httponly; samesite=lax Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8