LeakIX - Host 90.73.215.217

Host 90.73.215.217

France

Orange

Software information

nginx nginx

tcp/443 tcp/5000 tcp/80

Open SMB file sharing detected

Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.

This may also include IPC services and lead to remote code execution.

IP: 90.73.215.217
Port: 445

First seen 2024-07-17 00:07
Last seen 2024-09-19 23:41
Open for 64 days
- Severity: high
  Fingerprint: 22420ce026fa767de22ea8c34a86589d1ad94b5f0ba5ea3ee85af36308a1c37d
```
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON
chat
homes
MailPlus
music
IPC$
```
  Found on 2024-09-19 23:41
Create report

Open service 90.73.215.217:445

2024-09-15 23:48
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-15 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-09-13 23:21
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-13 by SmbPlugin
Create report

Open service 90.73.215.217:80

2024-09-11 23:23

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Sep 2024 23:23:24 GMT
Content-Type: text/html
Content-Length: 543
Last-Modified: Tue, 30 Jul 2024 05:16:20 GMT
Connection: close
Accept-Ranges: bytes


<!DOCTYPE html>
<html>
    <body>
        <input type="hidden" id="http" name="http" value="5000">
        <input type="hidden" id="https" name="https" value="5001">
        <input type="hidden" id="prefer_https" name="prefer_https" value="false">
    </body>
    <script type="text/javascript">
        var protocol=location.protocol;
        var port=location.protocol === "https:" ? 5001 : 5000;
        var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search;
        location.replace(URL);
    </script>
</html>

Found 2024-09-11 by HttpPlugin

Create report

Open service 90.73.215.217:445

2024-09-11 23:18
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-11 by SmbPlugin
Create report

Open service 90.73.215.217:5000

2024-09-11 21:33

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Sep 2024 21:33:10 GMT
Content-Type: text/html; charset="UTF-8"
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Cache-control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Security-Policy: base-uri 'self';  connect-src data: ws: wss: http: https:; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://help.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' data: blob: https://*.synology.com https://*.synology.cn http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://global.download.synology.com https://*.gstatic.com https://*.googleapis.com https://*.google.com http://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; media-src 'self' data: about: https://*.synology.com https://help.synology.cn;  script-src 'self' 'unsafe-eval' data: blob: https://maps.google.com https://ajax.googleapis.com https://help.synology.com https://help.synology.cn https://*.google.com https://*.googleapis.com https://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com https://api.map.baidu.com;

Page title: DSM mobile - DS220plus

<!DOCTYPE HTML>
<html manifest="">
<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
	<title>DSM mobile - DS220plus</title>
	<link href="/scripts/sencha-touch-2.4.1/resources/css/cupertino.css?v=42962" rel="stylesheet" type="text/css">
	<link href="mobile/ui/style.css?v=42962" rel="stylesheet" type="text/css">
	<link rel="shortcut icon" href="webman/favicon.ico?v=42962">
	<script type="text/javascript" src="webapi/entry.cgi?api=SYNO.Core.Desktop.SessionData&amp;version=1&amp;method=getjs_mobile&amp;SynoToken="></script>
	<script type="text/javascript" src="/scripts/sencha-touch-2.4.1/touch.js?v=42962"></script>
	<script src="webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&amp;version=1&amp;method=getjs&amp;lang=enu&amp;v=42962"></script>
	<script src="webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&amp;version=1&amp;method=getjs&amp;lang=enu&amp;v=42962"></script>
	<script src="webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&amp;version=1&amp;method=getjs&amp;v=42962&amp;SynoToken="></script>
	<script type="text/javascript" src="mobile/ui/mobile.js?v=42962"></script>
	<script type="text/javascript" src="/synoSDSjslib/webapierrorcode.js?v=42962"></script>
	
</head>
<body class="syno-mobile-body">
	<div class="x-mask x-loading-mask syno-mask" id="syno-mobile-preinit-mask" style="width:100%; height: 100%;">
		<div class="syno-mask-ct" id="syno-mask-ct">
			<div class="syno-mask-inner" id="syno-mask-loading">
				<div class="syno-loading-icon"></div>
				<div class="syno-message x-mask-message syno-mask-message">Loading...</div>
			</div>
			<div id="syno-non-admin-redirect" style="visibility: hidden;">
				<div class="syno-upper-part"><span id="syno-non-admin-redirect-desc"></span></div>
				<div class="syno-lower-part"><a id="syno-non-admin-redirect-button" class="x-syno-button" href="/?forceDesktop=2"></a></div>
			</div>
		</div>
	</div>
</body>
</html>

Found 2024-09-11 by HttpPlugin

Create report

Open service 90.73.215.217:445

2024-09-10 09:43
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-10 by SmbPlugin
Create report

Open service 90.73.215.217:443

2024-09-10 06:34

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 10 Sep 2024 06:34:02 GMT
Content-Type: text/html
Content-Length: 543
Last-Modified: Tue, 30 Jul 2024 05:16:20 GMT
Connection: close
Accept-Ranges: bytes


<!DOCTYPE html>
<html>
    <body>
        <input type="hidden" id="http" name="http" value="5000">
        <input type="hidden" id="https" name="https" value="5001">
        <input type="hidden" id="prefer_https" name="prefer_https" value="false">
    </body>
    <script type="text/javascript">
        var protocol=location.protocol;
        var port=location.protocol === "https:" ? 5001 : 5000;
        var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search;
        location.replace(URL);
    </script>
</html>

Found 2024-09-10 by HttpPlugin

Create report

Open service 90.73.215.217:445

2024-09-09 22:59
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-09 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-09-07 22:31
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-09-07 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-08-15 21:12
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-08-15 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-08-13 21:31
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-08-13 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-08-11 20:40
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-08-11 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-08-09 20:13
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-08-09 by SmbPlugin
Create report
Open service 90.73.215.217:445

2024-08-07 20:10
```
SMB NTLMSSP handshake results:
Found non-Windows 6.1 build 0
```
Found 2024-08-07 by SmbPlugin
Create report

synology

Fingerprint:

3339cf875a5ed3f1ad1cd5f1317a1b77678092e1b0987d328e30ec036298079c

CN:

synology

Key:

RSA-2048

Issuer:

Synology Inc. CA

Not before:

2024-09-03 15:24

Not after:

2025-09-04 15:24

Domain summary

No record

Host 90.73.215.217

France

Software information

Open SMB file sharing detected

synology

Domain summary