LeakIX - Host 35.180.234.72

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 35.180.234.72
Domain: www.sotraoffice.be
Port: 443
URL: https://www.sotraoffice.be

First seen 2022-09-09 01:01
Last seen 2025-09-02 20:24
Open for 1089 days

Severity: low
Fingerprint: 5f32cf5d6962f09c8329733f8329733ff2c540c7a8ad6651e09b69808cf8042e

Found 10 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/assets
/assets/css
/assets/fonts
/assets/images
/assets/js
/assets/libs
/tablet

Found on 2025-09-02 20:24

Severity: low
Fingerprint: 5f32cf5d6962f09c3af247253af247251e0762cddf86fea3467ee7c66b42ef49

Found 9 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/assets
/assets/css
/assets/fonts
/assets/images
/assets/js
/assets/libs

Found on 2023-01-02 17:46

Severity: low
Fingerprint: 5f32cf5d6962f09c3c1fc5e93c1fc5e9a30a57510ada7fa7d4f0198263d5d80b
```
Found 5 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/admin/invoices
/assets
```
Found on 2022-11-08 02:01

Severity: low
Fingerprint: 5f32cf5d6962f09c8329733f8329733ff2c540c7a8ad6651e09b6980875878de

Found 10 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/admin/invoices
/assets
/assets/css
/assets/fonts
/assets/images
/assets/js
/assets/libs

Found on 2022-09-09 01:01

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 35.180.234.72
Domain: strelia.wecodx.com
Port: 443
URL: https://strelia.wecodx.com

First seen 2023-03-16 14:53
Last seen 2025-09-02 12:39
Open for 900 days

Severity: low
Fingerprint: 5f32cf5d6962f09c7cf176427cf176423f3e94def21f8cdbf21f8cdbf21f8cdb
```
Found 2 files trough .DS_Store spidering:

/assets
/assets/images
```
Found on 2025-09-02 12:39
Severity: low
Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d325beceb325beceb325beceb325beceb
```
Found 1 files trough .DS_Store spidering:

/assets
```
Found on 2025-08-14 03:26

Create report

Symfony developement panel enabled

The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration
Request log, including POST request with credentials and/or api keys

IP: 35.180.234.72
Domain: staging.delsap.be
Port: 443
URL: https://staging.delsap.be/_profiler/empty/search/results

First seen 2024-07-25 11:58
Last seen 2025-02-18 04:57
Open for 207 days

Fingerprint: 407cf4363b0e62fafca67e07776646aa776646aa776646aa776646aa776646aa
```
Symfony profiler enabled:
https://staging.delsap.be/_profiler/empty/search/results
```
Found on 2025-02-18 04:57

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 35.180.234.72
Domain: web.visum-company.com
Port: 443
URL: https://web.visum-company.com

First seen 2023-11-16 22:32
Last seen 2023-12-26 14:43
Open for 39 days

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522b6cc1277

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@github.com:Wecodx/server-404.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Found on 2023-12-26 14:43

261 Bytes

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 35.180.234.72
Port: 443
URL: https://35.180.234.72

First seen 2023-01-31 03:39
Last seen 2023-12-23 19:43
Open for 326 days

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a6522b6cc1277

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@github.com:Wecodx/server-404.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Found on 2023-12-23 19:43

261 Bytes

Severity: medium
Fingerprint: 2580fa947e78dd08e645819d1e4633dc866880ac078c493a30e7125cd296eaba

HTTP/1.1 200 OK
Date: Sun, 07 May 2023 09:34:30 GMT
Server: Apache/2.4.29 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 3070
Connection: close
Content-Type: text/html; charset=UTF-8

Page title: Wecodx

<!doctype html>
<html lang="en">

<head>
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wecodx</title>
    <!-- Favicon -->
    <link rel="shortcut icon" href="images/favicon.ico" />
    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="css/bootstrap.min.css">
    <!-- Typography CSS -->
    <link rel="stylesheet" href="css/typography.css">
    <!-- Style CSS -->
    <link rel='stylesheet' href='css/qloud-style.css' />
    <!-- Responsive CSS -->
    <link rel="stylesheet" href="css/responsive.css">
    <link rel="icon" href="logo.ico">

</head>

<body>
    <!-- Blog Start -->
    <section class="iq-blog-section">
        <div class="container">
            <div class="row">
                <div class="col-sm-12 text-center">
                    <div class="fourzero-image mb-5">
                        <img src="404.png" class="img-fluid" alt="404" />
                    </div>

                    <h4> 404 Error</h4>
                    <p class="mb-5">

                        Oops! This Page is Not Found. </p>
-
                    <div class="d-block">
                        <a class="iq-button" href="https://status.wecodx.com/">Monitor my status history</a>
                    </div>
                </div>
            </div>
        </div>
    </section>
    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
    <script src="js/jquery-3.4.1.js"></script>
    <!-- jQuery  for scroll me js -->
    <script src='js/jquery-min.js'></script>
    <!-- popper  -->
    <script src="js/popper.min.js"></script>
    <!--  bootstrap -->
    <script src="js/bootstrap.min.js"></script>
    <!-- Appear JavaScript -->
    <script src="js/appear.js"></script>

    <!-- Jquery-migrate JavaScript -->
    <script src='js/jquery-migrate.min.js'></script>
    <!-- Scripts JavaScript -->
    <script src='js/scripts.js'></script>
    <!-- countdownTimer JavaScript -->
    <script src='js/jQuery.countdownTimer.min.js'></script>
    <!-- Tox-progress JavaScript -->
    <script src='js/tox-progress.min.js'></script>
    <!-- Timeline JavaScript -->
    <script src='js/timeline.js'></script>
    <!-- Timeline min JavaScript -->
    <script src='js/timeline.min.js'></script>
    <!-- Slick JavaScript -->
    <script src='js/slick.min.js'></script>
    <!-- Popper JavaScript -->
    <script src='js/popper.min.js'></script>
    <!-- Owl.carousel JavaScript -->
    <script src='js/owl.carousel.min.js'></script>
    <!-- Countdown JavaScript -->
    <script src='js/countdown.js'></script>
    <!-- Jquery.countTo JavaScript -->
    <script src='js/jquery.countTo.js'></script>
    <!-- Magnific-popup JavaScript -->
    <script src='js/jquery.magnific-popup.min.js'></script>
    <!-- Isotope.pkgd.min JavaScript -->
    <script src='js/isotope.pkgd.min.js'></script>
    <!-- Wow JavaScript -->
    <script src='js/wow.min.js'></script>
    <!--  Custom JavaScript -->
    <script src="js/custom.js"></script>
</body>

</html>[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@github.com:Wecodx/server-404.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Found on 2023-05-07 09:34

261 Bytes

Create report

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 35.180.234.72
Domain: sotraoffice.be
Port: 443
URL: https://sotraoffice.be

First seen 2022-09-09 00:59
Last seen 2023-03-03 20:23
Open for 175 days

Severity: low
Fingerprint: 5f32cf5d6962f09c3af247253af247251e0762cddf86fea3467ee7c66b42ef49

Found 9 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/assets
/assets/css
/assets/fonts
/assets/images
/assets/js
/assets/libs

Found on 2023-03-03 20:23

Severity: low
Fingerprint: 5f32cf5d6962f09c3c1fc5e93c1fc5e9a30a57510ada7fa7d4f0198263d5d80b
```
Found 5 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/admin/invoices
/assets
```
Found on 2022-11-08 02:01

Severity: low
Fingerprint: 5f32cf5d6962f09c8329733f8329733ff2c540c7a8ad6651e09b6980875878de

Found 10 files trough .DS_Store spidering:

/admin
/admin/assets
/admin/assets/images
/admin/invoices
/assets
/assets/css
/assets/fonts
/assets/images
/assets/js
/assets/libs

Found on 2022-09-09 00:59

Create report

Host 35.180.234.72

France

MacOS file listing through .DS_Store file

MacOS file listing through .DS_Store file

Symfony developement panel enabled

Git configuration and history exposed

Git configuration and history exposed

MacOS file listing through .DS_Store file

Domain summary