Apache
tcp/5005 tcp/5006
openresty
tcp/80
MongoDB is currently open without authentication.
This results in all the database data made available publicly.
Severity: medium
Fingerprint: 436d217a47ab42589d9ee9a36a9b1d876a9b1d876a9b1d876a9b1d876a9b1d87
Collections: 1, document count: 0, size: 0 B Found collection READ__ME_TO_RECOVER_YOUR_DATA.README
Fingerprint: 436d217a47ab4258eb11546a94a6afa094a6afa094a6afa094a6afa094a6afa0
Collections: 1, document count: 1, size: 738 B Found collection READ__ME_TO_RECOVER_YOUR_DATA.README with 1 documents (738 B)
Fingerprint: 436d217a47ab4258bd23cc5a32513ff2acd604baacd604baacd604baacd604ba
Collections: 2, document count: 3, size: 887 B Found collection READ__ME_TO_RECOVER_YOUR_DATA.README with 1 documents (783 B) Found collection admin.system.version with 2 documents (104 B)
Open service 116.121.91.249:5005
2024-04-26 00:34
HTTP/1.1 404 Not Found Date: Fri, 26 Apr 2024 00:34:53 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>
Open service 116.121.91.249:5001
2024-04-25 08:58
HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 08:59:04 GMT Content-Type: text/html; charset="UTF-8" Transfer-Encoding: chunked Connection: close Cache-control: no-store X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Security-Policy: base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://i.ytimg.com https://*.ggpht.com; media-src 'self' data: about:; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; Page title: DSM mobile - NAS <!DOCTYPE HTML> <html manifest=""> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>DSM mobile - NAS</title> <link href="/scripts/sencha-touch-2.4.1/resources/css/cupertino.css?v=25423" rel="stylesheet" type="text/css"> <link href="mobile/ui/style.css?v=25423" rel="stylesheet" type="text/css"> <link rel="shortcut icon" href="webman/favicon.ico?v=25423"> <script type="text/javascript" src="webapi/entry.cgi?api=SYNO.Core.Desktop.SessionData&version=1&method=getjs_mobile&SynoToken="></script> <script type="text/javascript" src="/scripts/sencha-touch-2.4.1/touch.js?v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=enu&v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=enu&v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&version=1&method=getjs&v=25423&SynoToken="></script> <script type="text/javascript" src="mobile/ui/mobile.js?v=25423"></script> <script type="text/javascript" src="/synoSDSjslib/webapierrorcode.js?v=25423"></script> </head> <body class="syno-mobile-body"> <div class="x-mask x-loading-mask syno-mask" id="syno-mobile-preinit-mask" style="width:100%; height: 100%;"> <div class="syno-mask-ct" id="syno-mask-ct"> <div class="syno-mask-inner" id="syno-mask-loading"> <div class="syno-loading-icon"></div> <div class="syno-message x-mask-message syno-mask-message">Loading...</div> </div> <div id="syno-non-admin-redirect" style="visibility: hidden;"> <div class="syno-upper-part"><span id="syno-non-admin-redirect-desc"></span></div> <div class="syno-lower-part"><a id="syno-non-admin-redirect-button" class="x-syno-button" href="/?forceDesktop=2"></a></div> </div> </div> </div> </body> </html>
Open service 116.121.91.249:5000
2024-04-25 00:28
HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 00:28:10 GMT Content-Type: text/html; charset="UTF-8" Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-control: no-store X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Security-Policy: base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://i.ytimg.com https://*.ggpht.com; media-src 'self' data: about:; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; Page title: DSM mobile - NAS <!DOCTYPE HTML> <html manifest=""> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>DSM mobile - NAS</title> <link href="/scripts/sencha-touch-2.4.1/resources/css/cupertino.css?v=25423" rel="stylesheet" type="text/css"> <link href="mobile/ui/style.css?v=25423" rel="stylesheet" type="text/css"> <link rel="shortcut icon" href="webman/favicon.ico?v=25423"> <script type="text/javascript" src="webapi/entry.cgi?api=SYNO.Core.Desktop.SessionData&version=1&method=getjs_mobile&SynoToken="></script> <script type="text/javascript" src="/scripts/sencha-touch-2.4.1/touch.js?v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=enu&v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=enu&v=25423"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&version=1&method=getjs&v=25423&SynoToken="></script> <script type="text/javascript" src="mobile/ui/mobile.js?v=25423"></script> <script type="text/javascript" src="/synoSDSjslib/webapierrorcode.js?v=25423"></script> </head> <body class="syno-mobile-body"> <div class="x-mask x-loading-mask syno-mask" id="syno-mobile-preinit-mask" style="width:100%; height: 100%;"> <div class="syno-mask-ct" id="syno-mask-ct"> <div class="syno-mask-inner" id="syno-mask-loading"> <div class="syno-loading-icon"></div> <div class="syno-message x-mask-message syno-mask-message">Loading...</div> </div> <div id="syno-non-admin-redirect" style="visibility: hidden;"> <div class="syno-upper-part"><span id="syno-non-admin-redirect-desc"></span></div> <div class="syno-lower-part"><a id="syno-non-admin-redirect-button" class="x-syno-button" href="/?forceDesktop=2"></a></div> </div> </div> </div> </body> </html>
Open service 116.121.91.249:5006
2024-04-23 19:29
HTTP/1.1 404 Not Found Date: Tue, 23 Apr 2024 19:29:20 GMT Server: Apache Content-Length: 196 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>
Open service 116.121.91.249:80
2024-04-23 13:46
HTTP/1.1 200 OK Server: openresty Date: Tue, 23 Apr 2024 13:46:40 GMT Content-Type: text/html Content-Length: 1841 Last-Modified: Tue, 20 Jun 2023 14:05:42 GMT Connection: close ETag: "6491b236-731" Accept-Ranges: bytes Page title: 404: Not Found <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width" /> <title>404: Not Found</title> </head> <body> <div> <div> <div class="wrap"> <div> <h1 class="error-code">404</h1> <div class="sub-wrap"> <h2 class="error-detail">This page could not be found.</h2> </div> </div> </div> </div> </div> <style> body { margin: 0; color: #000; background: #fff; } .wrap { font-family: -apple-system, BlinkMacSystemFont, Roboto, "Segoe UI", "Fira Sans", Avenir, "Helvetica Neue", "Lucida Grande", sans-serif; height: 100vh; text-align: center; display: flex; flex-direction: column; align-items: center; justify-content: center; } .error-code { display: inline-block; margin: 0; margin-right: 20px; padding: 0 23px 0 0; font-size: 24px; font-weight: 500; vertical-align: top; line-height: 49px; border-right: 1px solid rgba(0, 0, 0, 0.3); } .sub-wrap { display: inline-block; text-align: left; line-height: 49px; height: 49px; vertical-align: middle; } .error-detail { font-size: 14px; font-weight: normal; line-height: 49px; margin: 0; padding: 0; } @media (prefers-color-scheme: dark) { body { color: #fff; background: #000; } .error-code { border-right: 1px solid rgba(255, 255, 255, 0.3); } } </style> </body> </html>