Editing
430.ch Reconnaissance Report
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= 430.ch Reconnaissance Report = Report date: 2026-07-09 UTC Target: <code>430.ch</code> Requester: site owner Operator: Codex in <code>/root</code> Primary artifact directory: <code>/root/recon-430ch</code> == Scope and Approach == This was a non-intrusive public reconnaissance pass. The work intentionally stayed within: * DNS, WHOIS, RDAP, certificate transparency, and public web/archive lookups. * Normal HTTP(S) requests to publicly reachable pages. * A same-domain recursive <code>wget</code> mirror of linked and explicitly known public paths. * Nmap service discovery and full TCP port scans against resolved target hosts. * Local metadata inspection of files downloaded from the public site. This did not include: * Authentication attempts. * Password guessing. * Exploit scripts or vulnerability exploitation. * Web fuzzing, directory brute force, or high-rate scanning. * Attempts to bypass MediaWiki access controls. * Writes to the site or MediaWiki API. Tools installed for the recon: * <code>dnsutils</code> * <code>whois</code> * <code>nmap</code> * <code>traceroute</code> * <code>jq</code> * <code>netcat-openbsd</code> * <code>libimage-exiftool-perl</code> Tools already present and used: * <code>curl</code> * <code>wget</code> * <code>openssl</code> * <code>host</code> * <code>python3</code> == Executive Summary == <code>430.ch</code> is hosted on Infomaniak infrastructure and uses Infomaniak for registrar/DNS. The apex site is a small Caddy-served static site with a public image directory under <code>/m/</code> and a public contact page. Mail is delegated to Migadu. The currently live externally visible surface consists of: * Apex/static host: <code>430.ch</code>, <code>staging.430.ch</code>, and <code>wiki.430.ch</code> on <code>83.228.241.21</code> / <code>2001:1600:18:102::167</code>. * Separate <code>ov.430.ch</code> host on <code>83.228.241.25</code> / <code>2001:1600:18:102::26f</code>. * HTTPS on all live hostnames, backed by Caddy. * <code>ov.430.ch</code> and <code>wiki.430.ch</code> are MediaWiki installations behind Caddy and Apache. * SSH exposed on both discovered hosts. * <code>ov.430.ch</code> exposes additional ports: <code>5355/tcp</code>, <code>6567/tcp</code>, and <code>8080/tcp</code> on IPv6. Most notable owner-action items: # <code>5355/tcp</code> is open on <code>ov.430.ch</code>. This is unusual on the public Internet because port 5355 is normally associated with LLMNR. Close or restrict it unless there is a deliberate use. # <code>8080/tcp</code> is open on IPv6 for <code>ov.430.ch</code> and exposes Apache/MediaWiki directly. It is filtered on IPv4. If this is meant to be only a backend listener behind Caddy, bind it to loopback or firewall it on IPv6. # <code>6567/tcp</code> is open on <code>ov.430.ch</code>, and <code>6567/udp</code> is <code>open|filtered</code>. This matches the common Mindustry game-server port. Confirm whether it is intentional. # HSTS is not configured on the HTTPS services. # The apex CORS policy is broad: it reflects arbitrary <code>Origin</code> and sets <code>Access-Control-Allow-Credentials: true</code>. The current root site is static, so impact is limited, but the policy is unnecessarily permissive if not intentional. # Mail DNS is mostly reasonable but could be improved with CAA, MTA-STS, and TLS-RPT. # <code>ov.430.ch</code> exposes public MediaWiki site information, users, rights changes, versions, and extension metadata. That may be acceptable for a public wiki, but it is worth reviewing. == Public Registration and Hosting == === Domain === WHOIS/RDAP showed: * Domain: <code>430.ch</code> * Registrar: Infomaniak Network SA * Registrar address in RDAP/WHOIS: Rue Eugene-Marziano 25, CH-1227 Les Acacias, Switzerland * First registration date: <code>2006-08-23</code> * Status: active * DNSSEC: enabled / delegated signed * Nameservers: ** <code>ns11.infomaniak.ch</code> / <code>93.88.255.151</code> ** <code>ns12.infomaniak.ch</code> / <code>93.88.255.152</code> RDAP source used: * <code>https://rdap.nic.ch/domain/430.ch</code> === IP Allocation === WHOIS for <code>83.228.241.21</code> showed: * Range: <code>83.228.240.0 - 83.228.247.255</code> * Netname: <code>INFOMANIAK-CLOUD</code> * Country: CH * Organization role: Infomaniak Network SA * Abuse contact: <code>abuse@infomaniak.ch</code> * Route: <code>83.228.241.0/24</code> * Origin AS: <code>AS29222</code> RIPEstat aligned the queried IPv4 to: * Announced prefix: <code>83.228.192.0/18</code> * ASN: <code>AS29222</code> * Holder: <code>Infomaniak-AS Infomaniak Network SA</code> RIPEstat source used: * <code>https://stat.ripe.net/</code> Reverse DNS: * <code>83.228.241.21</code> -> <code>430.ch.</code> * Nmap/Shodan InternetDB additionally associated: ** <code>83.228.241.21</code> with <code>ov-7fb696.infomaniak.ch</code> ** <code>83.228.241.25</code> with <code>ov-9520b2.infomaniak.ch</code> == DNS Findings == === Apex DNS === Observed DNS records: <pre> 430.ch. A 83.228.241.21 430.ch. AAAA 2001:1600:18:102::167 430.ch. NS ns11.infomaniak.ch. 430.ch. NS ns12.infomaniak.ch. 430.ch. SOA ns11.infomaniak.ch. hostmaster.infomaniak.ch. 2026070901 10800 3600 605800 3600 430.ch. MX 10 aspmx1.migadu.com. 430.ch. MX 20 aspmx2.migadu.com. 430.ch. TXT "v=spf1 include:spf.migadu.com -all" 430.ch. TXT "hosted-email-verify=rr8nx23r" </pre> DNSSEC material observed: <pre> 430.ch. DNSKEY 257 3 13 jEm3bqIc72OUI4WxLeIbjruJjSEsc7+1+owlZ7nNA0TQQXM48U6QmFEC d5NBgwCpbw4CD/NO0Eb8CHYwjULKVg== 430.ch. DNSKEY 256 3 13 ytZkmQTTXPEwaXQAsxneIoPYayM4WAdxJ6rR2N411+PptsaPPyDSYSCw WzLI1lYAXdrPWBQ9yjgiBsskkPbBOQ== 430.ch. DS 7440 13 2 5A7F7CC05DE155C279B8F23093633694415BAABACA92F4B93D7C514C DB9F10B4 </pre> === Mail-Related DNS === Observed: <pre> _dmarc.430.ch TXT "v=DMARC1; p=quarantine;" autoconfig.430.ch CNAME autoconfig.migadu.com. autoconfig.migadu.com A 141.94.97.141 autoconfig.migadu.com AAAA 2001:41d0:403:488d:: </pre> Not found: * <code>_mta-sts.430.ch TXT</code> * <code>_smtp._tls.430.ch TXT</code> * <code>mta-sts.430.ch</code> * <code>mail.430.ch</code> * <code>smtp.430.ch</code> * <code>imap.430.ch</code> * <code>autodiscover.430.ch</code> * <code>CAA</code> at the apex Interpretation: * SPF is strict because of <code>-all</code>. * DMARC is present but not at the strictest enforcement level (<code>quarantine</code>, not <code>reject</code>). * MTA-STS and TLS-RPT are not configured. * No CAA means any publicly trusted CA can issue for the domain, subject to normal CA validation. === Zone Transfer === AXFR was attempted against both authoritative nameservers: <pre> dig AXFR 430.ch @ns11.infomaniak.ch dig AXFR 430.ch @ns12.infomaniak.ch </pre> Result: <pre> Transfer failed. </pre> This is the desired behavior. == Certificate Transparency and Subdomains == Certificate transparency lookup through <code>crt.sh</code> exposed these names: Current or recent: * <code>430.ch</code> * <code>staging.430.ch</code> * <code>ov.430.ch</code> * <code>wiki.430.ch</code> Historical or not currently resolving during testing: * <code>www.430.ch</code> * <code>csgo.430.ch</code> * <code>2ca.430.ch</code> * Historical wildcard certificate entries for <code>*.430.ch</code> Observed CT entries of interest: <pre> staging.430.ch Issuer: Let's Encrypt YE2 not_before: 2026-07-09T15:11:48 not_after: 2026-10-07T15:11:47 ov.430.ch Issuer: Let's Encrypt YE1 not_before: 2026-07-03T20:43:41 not_after: 2026-10-01T20:43:40 wiki.430.ch Issuer: Let's Encrypt YE1 not_before: 2026-07-03T14:41:56 not_after: 2026-10-01T14:41:55 430.ch Issuer: ZeroSSL ECC DV SSL CA 2 not_before: 2026-06-19T00:00:00 not_after: 2026-09-17T23:59:59 </pre> Current DNS resolution during testing: <pre> 430.ch A: 83.228.241.21 AAAA: 2001:1600:18:102::167 staging.430.ch CNAME-style answer via 430.ch A: 83.228.241.21 AAAA: 2001:1600:18:102::167 wiki.430.ch CNAME-style answer via 430.ch A: 83.228.241.21 AAAA: 2001:1600:18:102::167 ov.430.ch A: 83.228.241.25 AAAA: 2001:1600:18:102::26f www.430.ch No resolution during testing csgo.430.ch No resolution during testing 2ca.430.ch No resolution during testing </pre> Source used: * <code>https://crt.sh/?q=%25.430.ch&output=json</code> == HTTP and HTTPS Findings == === Apex HTTP === <code>http://430.ch/</code>: <pre> HTTP/1.1 308 Permanent Redirect Location: https://430.ch/ Server: Caddy Content-Length: 0 </pre> === Apex HTTPS === <code>https://430.ch/</code>: <pre> HTTP/2 200 accept-ranges: bytes access-control-allow-credentials: true access-control-allow-origin: access-control-expose-headers: * alt-svc: h3=":443"; ma=2592000 content-type: text/html; charset=utf-8 etag: "thv7n5xd" last-modified: Wed, 08 Jul 2026 16:40:17 GMT server: Caddy vary: Origin content-length: 1201 </pre> With an explicit origin header: <pre> curl -H 'Origin: https://example.com' https://430.ch/ access-control-allow-credentials: true access-control-allow-origin: https://example.com access-control-expose-headers: * vary: Origin </pre> Interpretation: * The server reflects arbitrary origins and allows credentials. * Current content is static, so the practical risk is limited today. * This is still broader than necessary unless cross-origin credentialed reads are deliberately needed. === Root Page Content === The root HTML: * Has title <code>430.ch</code>. * Uses inline CSS. * Displays an image with id <code>bopis</code>. * The image source is selected by JavaScript from <code>/m/1.webp</code> through <code>/m/6.webp</code>. * Changes the image every 10 seconds. * Links: ** <code>/m/</code> ** <code>/contact-us/</code> ** <code>https://noctron.ch/</code> ** <code>https://aivaras.xyz/</code> Relevant source excerpt: <pre> <a href="/m/"> <img id="bopis"> </a> <p> <s>©</s> 430.ch | <a href="/contact-us/">Contact Us</a> | See also: <a href="https://noctron.ch/">noctron.ch</a>, <a href="https://aivaras.xyz/">aivaras.xyz</a> </p> <script type="text/javascript"> var photos = ["1.webp", "2.webp", "3.webp", "4.webp", "5.webp", "6.webp"]; ... document.getElementById("bopis").src = "/m/" + photos[i]; </script> </pre> === Robots, Sitemap, and Well-Known Files === <code>https://430.ch/robots.txt</code>: <pre> User-agent: * Allow: / </pre> Not present: * <code>https://430.ch/sitemap.xml</code> returned <code>404</code>. * <code>https://430.ch/.well-known/security.txt</code> returned <code>404</code>. * Historical Web Archive entries existed for various <code>.well-known</code> paths, but current live checks returned <code>404</code>. Current live checks returning <code>404</code>: * <code>/.well-known/ai-plugin.json</code> * <code>/.well-known/dnt-policy.txt</code> * <code>/.well-known/gpc.json</code> * <code>/.well-known/nodeinfo</code> * <code>/.well-known/openid-configuration</code> * <code>/ads.txt</code> * <code>/app-ads.txt</code> * <code>/info/</code> * <code>/search/</code> === Missing Stylesheet === Several pages reference: <pre> https://430.ch/style.css </pre> Current result: <pre> HTTP/2 404 server: Caddy content-length: 0 </pre> Impact: * Cosmetic / hygiene issue. * It may produce avoidable browser console noise. === <code>/m/</code> Directory === <code>https://430.ch/m/</code> is a public Caddy directory listing. Files discovered: <pre> 1.webp 218 KiB 2.webp 119 KiB 3.webp 112 KiB 4.webp 349 KiB 5.webp 173 KiB 6.webp 290 KiB </pre> The directory index includes sortable Caddy listing links: <pre> ?sort=namedirfirst&order=desc ?sort=name&order=asc ?sort=size&order=asc ?sort=time&order=asc ?sort=namedirfirst&order=asc ?sort=name&order=desc ?sort=size&order=desc ?sort=time&order=desc </pre> The mirrored copies are stored in: <pre> /root/recon-430ch/wget/430.ch/m/ </pre> === <code>/contact-us/</code> === <code>https://430.ch/contact-us/</code> is a small static page. HTML: <pre> <!DOCTYPE html> <html> <head> <title>Contact Us</title> <link rel="stylesheet" href="https://430.ch/style.css"> </head> <body> <center> <img src="1.png" alt="meighl at four hundred and thirty dot ch"> </center> </body> </html> </pre> The image alt text exposes a likely contact address: <pre> meighl@430.ch </pre> This is already public in machine-readable HTML despite being visually represented by an image. === Linked External Domains === The root page links <code>noctron.ch</code> and <code>aivaras.xyz</code>. Both resolved to the same host as the apex: <pre> noctron.ch A: 83.228.241.21 AAAA: 2001:1600:18:102::167 aivaras.xyz A: 83.228.241.21 AAAA: 2001:1600:18:102::167 </pre> <code>https://noctron.ch/</code>: <pre> <title>noctron.ch</title> <link rel="stylesheet" href="https://430.ch/style.css"> ... <a href="https://noctron.ch/">noctron.ch</a> → <a href="https://430.ch/">430.ch</a> </pre> <code>https://aivaras.xyz/</code>: <pre> <title>aivaras.xyz</title> <link rel="stylesheet" href="https://430.ch/style.css"> ... <a href="https://aivaras.xyz/">aivaras.xyz</a> → <a href="https://430.ch/">430.ch</a> </pre> Both also reference the missing <code>https://430.ch/style.css</code>. == Hostname-Specific Behavior == === <code>staging.430.ch</code> === Resolution: <pre> staging.430.ch -> 430.ch -> 83.228.241.21 / 2001:1600:18:102::167 </pre> HTTP: <pre> HTTP/1.1 308 Permanent Redirect Location: https://staging.430.ch/ Server: Caddy </pre> HTTPS: <pre> HTTP/2 200 server: Caddy content-type: text/html; charset=utf-8 content-length: 61 last-modified: Thu, 09 Jul 2026 16:13:09 GMT </pre> Body: <pre> <meta http-equiv="refresh" content="0; url=https://430.ch/"> </pre> Interpretation: * This is live and public. * It is a simple redirect-by-meta-refresh rather than an HTTP redirect. === <code>wiki.430.ch</code> === Resolution: <pre> wiki.430.ch -> 430.ch -> 83.228.241.21 / 2001:1600:18:102::167 </pre> HTTP: <pre> HTTP/1.1 308 Permanent Redirect Location: https://wiki.430.ch/ Server: Caddy </pre> HTTPS headers: <pre> HTTP/2 200 server: Caddy server: Apache/2.4.67 (Debian) content-type: text/html; charset=UTF-8 cache-control: no-cache, no-store, max-age=0, must-revalidate expires: Thu, 01 Jan 1970 00:00:00 GMT x-content-type-options: nosniff x-frame-options: DENY x-powered-by: PHP/8.3.32 </pre> Page: * Title: <code>Login required - Aivaropedia</code> * Generator meta tag: <code>MediaWiki 1.46.0</code> * Site name: <code>Aivaropedia</code> * Anonymous page body: <code>Please log in to view other pages.</code> * Search UI is visible. * Login link is visible. * Atom feed link for <code>Special:RecentChanges</code> is advertised in HTML. API read attempt: <pre> { "error": { "code": "readapidenied", "info": "You need read permission to use this module.", "*": "See https://wiki.430.ch/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes." } } </pre> Interpretation: * Read access is denied via the API, which is consistent with a private wiki. * Some platform information is still exposed in HTML and headers: ** MediaWiki 1.46.0 ** PHP 8.3.32 ** Apache 2.4.67 (Debian) * <code>X-Frame-Options: DENY</code> and <code>X-Content-Type-Options: nosniff</code> are present. * HSTS is not configured. === <code>ov.430.ch</code> === Resolution: <pre> ov.430.ch A 83.228.241.25 ov.430.ch AAAA 2001:1600:18:102::26f </pre> HTTP: <pre> HTTP/1.1 308 Permanent Redirect Location: https://ov.430.ch/ Server: Caddy </pre> HTTPS: <pre> HTTP/2 301 location: https://ov.430.ch/index.php/Main_Page server: Caddy server: Apache/2.4.67 (Debian) x-content-type-options: nosniff x-powered-by: PHP/8.3.32 </pre> After redirect: * Page title: <code>Marcopedia</code> * Main page: <code>Main Page</code> * Generator meta tag: <code>MediaWiki 1.46.0</code> * Default content: <code>MediaWiki has been installed.</code> * The page is probably editable for anonymous users according to <code>RLCONF</code>: ** <code>wgIsProbablyEditable: true</code> ** <code>wgRelevantPageIsProbablyEditable: true</code> ** <code>wgRestrictionEdit: []</code> ** <code>wgRestrictionMove: []</code> * Personal tools include: ** Create account ** Log in ** Anonymous talk/contributions links Important note: * I did not try to edit, create an account, or write through the API. * The editability observation is based on public MediaWiki page configuration and UI, not a write attempt. == MediaWiki <code>ov.430.ch</code> API Findings == Public siteinfo endpoint: <pre> https://ov.430.ch/api.php?action=query&meta=siteinfo&siprop=general|namespaces|statistics|extensions|skins&format=json </pre> General: <pre> mainpage: Main Page base: https://ov.430.ch/index.php/Main_Page sitename: Marcopedia generator: MediaWiki 1.46.0 phpversion: 8.3.32 phpsapi: apache2handler dbtype: mysql dbversion: 12.3.2-MariaDB-ubu2404 lang: en timezone: UTC articlepath: /index.php/$1 scriptpath: script: /index.php server: https://ov.430.ch servername: ov.430.ch wikiid: my_wiki maxuploadsize: 104857600 </pre> Statistics: <pre> pages: 1 articles: 0 edits: 1 images: 0 users: 2 activeusers: 1 admins: 2 jobs: 0 </pre> Skins: <pre> MinervaNeue MonoBook Timeless 0.9.1 Vector 1.0.0 Vector legacy (2010) default </pre> Extension: <pre> MediaWikiChat version: 2.25.0 author: Adam Carter/UltrasonicNXT vcs-version: f19bf98d07cdeeaefcceab81dcdd407b039d4451 vcs-date: 2026-06-15T08:20:07Z </pre> Public allusers query: <pre> { "userid": 3, "name": "Aivaras", "editcount": 1, "registration": "2026-07-03T22:32:35Z", "groups": ["*", "user", "autoconfirmed", "bot", "bureaucrat", "interface-admin", "suppress", "sysop"] } { "userid": 2, "name": "Marco", "editcount": 0, "registration": "2026-07-03T21:39:57Z", "groups": ["*", "user", "autoconfirmed", "bureaucrat", "interface-admin", "sysop"] } { "userid": 1, "name": "MediaWiki default", "editcount": 0, "registration": "2026-07-03T21:39:57Z", "groups": ["*", "user", "autoconfirmed"] } </pre> Recent changes: <pre> 2026-07-04T10:35:06Z type: new title: Marco user: Aivaras comment: Created blank page 2026-07-03T22:35:07Z type: log title: User:Aivaras user: Marco 2026-07-03T22:34:31Z type: log title: User:Aivaras user: Marco 2026-07-03T22:34:11Z type: log title: User:Aivaras user: Marco 2026-07-03T22:32:35Z type: log title: User:Aivaras user: Aivaras </pre> Log events: <pre> 2026-07-04T10:35:06Z create: Marco user: Aivaras comment: Created blank page 2026-07-03T22:35:07Z rights change for User:Aivaras user: Marco oldgroups: bureaucrat, sysop newgroups: bot, bureaucrat, interface-admin, suppress, sysop 2026-07-03T22:34:31Z rights change for User:Aivaras user: Marco oldgroups: sysop newgroups: bureaucrat, sysop 2026-07-03T22:34:11Z rights change for User:Aivaras user: Marco oldgroups: none newgroups: sysop 2026-07-03T22:32:35Z new user: Aivaras created by: Aivaras 2026-07-03T21:39:57Z create: Main Page user: MediaWiki default </pre> Anonymous CSRF token request: <pre> {"batchcomplete":"","query":{"tokens":{"csrftoken":"+\\"}}} </pre> Interpretation: * This is the normal anonymous no-permission token and does not indicate successful write capability. * No write was attempted. == TLS Findings == === Certificates === <code>430.ch</code>: <pre> subject=CN=430.ch issuer=C=AT, O=ZeroSSL GmbH, CN=ZeroSSL ECC DV SSL CA 2 notBefore=Jun 19 00:00:00 2026 GMT notAfter=Sep 17 23:59:59 2026 GMT SAN: DNS:430.ch </pre> <code>ov.430.ch</code>: <pre> subject=CN=ov.430.ch issuer=C=US, O=Let's Encrypt, CN=YE1 notBefore=Jul 3 20:43:41 2026 GMT notAfter=Oct 1 20:43:40 2026 GMT SAN: DNS:ov.430.ch </pre> <code>wiki.430.ch</code>: <pre> subject=CN=wiki.430.ch issuer=C=US, O=Let's Encrypt, CN=YE1 notBefore=Jul 3 14:41:56 2026 GMT notAfter=Oct 1 14:41:55 2026 GMT SAN: DNS:wiki.430.ch </pre> <code>staging.430.ch</code>: <pre> subject=CN=staging.430.ch issuer=C=US, O=Let's Encrypt, CN=YE2 notBefore=Jul 9 15:11:48 2026 GMT notAfter=Oct 7 15:11:47 2026 GMT SAN: DNS:staging.430.ch </pre> === Protocols and Ciphers === Nmap <code>ssl-enum-ciphers</code> found TLS 1.2 and TLS 1.3 across <code>430.ch</code>, <code>ov.430.ch</code>, <code>wiki.430.ch</code>, and <code>staging.430.ch</code>. TLS 1.2 ciphers: <pre> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - A TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - A TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - A </pre> TLS 1.3 ciphers: <pre> TLS_AKE_WITH_AES_128_GCM_SHA256 - A TLS_AKE_WITH_AES_256_GCM_SHA384 - A TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 - A </pre> Nmap reported: <pre> least strength: A </pre> Manual <code>openssl s_client</code> checks verified successful TLS 1.2 and TLS 1.3 negotiation. TLS 1.0/1.1 forced checks did not negotiate TLS 1.0/1.1. === HSTS === Nmap <code>http-security-headers</code> reported HSTS missing for: * <code>430.ch</code> * <code>ov.430.ch</code> * <code>wiki.430.ch</code> * <code>staging.430.ch</code> Example: <pre> Strict_Transport_Security: HSTS not configured in HTTPS Server </pre> Recommendation: Add HSTS after confirming all subdomains intended to use HTTPS are ready: <pre> Strict-Transport-Security: max-age=31536000; includeSubDomains; preload </pre> Use <code>includeSubDomains</code> and <code>preload</code> only if you are comfortable committing all subdomains to HTTPS. == Network Service Findings == === Full TCP Scan Summary === IPv4 full TCP scan command: <pre> nmap -Pn -sS -T3 -p- --max-retries 2 83.228.241.21 83.228.241.25 -oN /root/recon-430ch/nmap-ipv4-full.txt </pre> IPv6 full TCP scan command: <pre> nmap -Pn -6 -sT -T3 -p- --max-retries 2 2001:1600:18:102::167 2001:1600:18:102::26f -oN /root/recon-430ch/nmap-ipv6-full.txt </pre> <code>83.228.241.21</code> / <code>2001:1600:18:102::167</code>: <pre> 22/tcp open ssh 80/tcp open http 443/tcp open https </pre> IPv4 notes: <pre> Not shown: 65532 filtered tcp ports (no-response) </pre> IPv6 notes: <pre> Not shown: 65532 filtered tcp ports (no-response) </pre> <code>83.228.241.25</code> / <code>2001:1600:18:102::26f</code>: IPv4: <pre> 22/tcp open ssh 80/tcp open http 443/tcp open https 5355/tcp open llmnr 6567/tcp open esp 8080/tcp filtered http-proxy </pre> IPv6: <pre> 22/tcp open ssh 80/tcp open http 443/tcp open https 5355/tcp open llmnr 6567/tcp open esp 8080/tcp open http-proxy </pre> Nmap labels for <code>5355</code>, <code>6567</code>, and <code>8080</code> should be interpreted carefully: * <code>5355</code> is conventionally LLMNR, but version probes did not complete with a more certain identification before being stopped. * <code>6567</code> was labeled <code>esp?</code> by nmap because the response fingerprint was not recognized. The port number and behavior align with a likely game service, especially Mindustry. * <code>8080</code> on IPv6 was confirmed by service detection as Apache HTTPD <code>2.4.67 (Debian)</code>. === Top-Port Version Scan === Top-port version scan found: <code>430.ch</code> host: <pre> 22/tcp open ssh OpenSSH 10.0p2 Debian 7+deb13u4 (protocol 2.0) 80/tcp open http Caddy httpd 443/tcp open ssl/https? </pre> <code>ov.430.ch</code> host: <pre> 22/tcp open ssh OpenSSH 10.0p2 Debian 7+deb13u4 (protocol 2.0) 80/tcp open http Caddy httpd 443/tcp open ssl/https? 6567/tcp open esp? 8080/tcp filtered http-proxy (IPv4) 8080/tcp open http Apache httpd 2.4.67 ((Debian)) (IPv6) </pre> === Port 8080 on <code>ov.430.ch</code> === IPv6 direct request: <pre> curl -g -D - -o /dev/null 'http://[2001:1600:18:102::26f]:8080/' </pre> Result: <pre> HTTP/1.1 301 Moved Permanently Server: Apache/2.4.67 (Debian) X-Powered-By: PHP/8.3.32 X-Content-Type-Options: nosniff Vary: Accept-Encoding,Cookie Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: private, must-revalidate, max-age=0 Location: https://ov.430.ch/index.php/Main_Page Content-Type: text/html; charset=UTF-8 </pre> Same result with <code>Host: ov.430.ch</code>. Interpretation: * Apache/PHP/MediaWiki is directly reachable over IPv6 on port 8080. * On IPv4, nmap saw <code>8080/tcp</code> as <code>filtered</code>. * If Caddy is supposed to be the only public HTTP entry point, this is a firewall/bind-address mismatch. === Port 6567 on <code>ov.430.ch</code> === TCP version probes returned an unrecognized 8-byte binary response pattern on many payloads: <pre> \0\x06\xfe\x04... </pre> Nmap labeled it: <pre> 6567/tcp open esp? </pre> Targeted UDP checks: <pre> 6567/udp open|filtered esp 27015/udp closed halflife (on ov) 27016/udp closed unknown (on ov) </pre> On the main host, UDP checks for the small selected set were inconclusive: <pre> 6567/udp open|filtered 27015/udp open|filtered 27016/udp open|filtered </pre> Interpretation: * <code>6567</code> is the common/default Mindustry server port. * Public Mindustry server docs say to allow port <code>6567</code> TCP and UDP for server hosting. * This does not prove Mindustry, but it is a strong hypothesis. Reference used: * <code>https://mindustrygame.github.io/wiki/servers/</code> === Port 5355 on <code>ov.430.ch</code> === Full TCP scan found: <pre> 5355/tcp open llmnr </pre> This appeared on both IPv4 and IPv6 for the <code>ov.430.ch</code> host. Targeted UDP checks returned: <pre> 5355/udp open|filtered llmnr </pre> The version probes against TCP 5355 ran longer than useful and were stopped. No additional service fingerprint was collected. Interpretation: * Port 5355 is normally Link-Local Multicast Name Resolution (LLMNR). * LLMNR is not normally useful on the public Internet. * If this is truly LLMNR, it should not be exposed externally. * If it is another custom service on port 5355, it should be documented and access-controlled. === SSH === Both hosts expose SSH: <pre> OpenSSH 10.0p2 Debian 7+deb13u4 (protocol 2.0) </pre> Recommendation: * Keep password authentication disabled if possible. * Restrict SSH by source IP or VPN if feasible. * Ensure root login is disabled. * Monitor auth logs. No authentication attempts were made. == Shodan InternetDB == <code>https://internetdb.shodan.io/83.228.241.21</code>: <pre> { "cpes": ["cpe:/a:golang:go", "cpe:/a:caddyserver:caddy"], "hostnames": ["ov-7fb696.infomaniak.ch"], "ip": "83.228.241.21", "ports": [80, 443], "tags": [], "vulns": [] } </pre> <code>https://internetdb.shodan.io/83.228.241.25</code>: <pre> { "cpes": [ "cpe:/o:canonical:ubuntu_linux", "cpe:/a:golang:go", "cpe:/a:caddyserver:caddy", "cpe:/a:openbsd:openssh:9.6p1" ], "hostnames": ["ov-9520b2.infomaniak.ch"], "ip": "83.228.241.25", "ports": [22, 80, 443], "tags": [], "vulns": [] } </pre> Note: * Shodan InternetDB did not list the extra <code>5355</code>, <code>6567</code>, or IPv6 <code>8080</code> findings found by direct nmap scanning. * InternetDB can be stale or incomplete. == Recursive Mirror == Command used for the apex: <pre> wget -r -l inf -np -E -k -p --restrict-file-names=windows -D 430.ch --no-verbose --directory-prefix=/root/recon-430ch/wget https://430.ch/ </pre> Result: <pre> Downloaded: 19 files, 1.5M </pre> Mirrored files: <pre> /root/recon-430ch/wget/430.ch/contact-us/1.png /root/recon-430ch/wget/430.ch/contact-us/index.html /root/recon-430ch/wget/430.ch/index.html /root/recon-430ch/wget/430.ch/m/1.webp /root/recon-430ch/wget/430.ch/m/2.webp /root/recon-430ch/wget/430.ch/m/3.webp /root/recon-430ch/wget/430.ch/m/4.webp /root/recon-430ch/wget/430.ch/m/5.webp /root/recon-430ch/wget/430.ch/m/6.webp /root/recon-430ch/wget/430.ch/m/index.html /root/recon-430ch/wget/430.ch/m/index.html@sort=name&order=asc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=name&order=desc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=namedirfirst&order=asc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=namedirfirst&order=desc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=size&order=asc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=size&order=desc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=time&order=asc.html /root/recon-430ch/wget/430.ch/m/index.html@sort=time&order=desc.html /root/recon-430ch/wget/430.ch/robots.txt </pre> Explicit checks for paths seen in search results: <pre> https://430.ch/f/ -> 404 https://430.ch/yagpab/ -> 404 </pre> The Google cache endpoint did not return usable cached copies of those paths during testing. == Image and File Metadata == File type summary: <pre> 1.webp: WebP, 3060x4080 2.webp: WebP, 1932x2576 3.webp: WebP, 1932x2576 4.webp: WebP, 3060x4080 5.webp: WebP, 3060x4080 6.webp: WebP, 4080x3060 contact-us/1.png: PNG, 1600x300 </pre> ExifTool findings: The six WebP files contained basic file/image structure only: * File type: WEBP * Dimensions * No EXIF camera metadata observed. * No GPS metadata observed. The contact PNG retained metadata: <pre> FileType: PNG ImageSize: 1600x300 Software: GIMP 2.10.36 HistorySoftwareAgent: Gimp 2.10 (Linux) ModifyDate: 2026:05:09 13:07:27 MetadataDate: 2026:05:09T13:07:27+03:00 CreatorTool: GIMP 2.10 ProfileDescription: GIMP built-in sRGB ProfileCopyright: Public Domain Platform: Linux </pre> No GPS metadata was observed in the contact PNG. SHA-256 hashes of mirrored image assets: <pre> fec1e3af9cc3ffd579f3f67d37933241f36bed186e4ac32efac7f1fdeae3dca8 /root/recon-430ch/wget/430.ch/m/1.webp f86238f5266c54361c9ef9741b66153442d94b77e6f6550d567bba4e5b6d5668 /root/recon-430ch/wget/430.ch/m/2.webp 47f96eac0bb93acc04e4fb2303c64a61a3f1b15a9995b325ff7146a12333e67f /root/recon-430ch/wget/430.ch/m/3.webp 369846fc54104174c392f27f80dfe08bd626a18cca5dbf31ef72cb24364389e5 /root/recon-430ch/wget/430.ch/m/4.webp 084b3cb17df8c773e2317668715d14f3211f4fca24ba292f026194c8a01d6a12 /root/recon-430ch/wget/430.ch/m/5.webp e140aadd64a2e73707536524356d44691aaf6a0713de0f22a1c91543e25e947e /root/recon-430ch/wget/430.ch/m/6.webp 93d431b374d4882a569931def5ba5937aedc1686f49f281253ad9297eb8f209d /root/recon-430ch/wget/430.ch/contact-us/1.png </pre> == Web Archive and Public Indexing == Wayback CDX lookup: <pre> https://web.archive.org/cdx?url=430.ch/*&output=json&fl=timestamp,original,statuscode,mimetype,digest&collapse=urlkey&filter=statuscode:200 </pre> Returned historical entries including: <pre> 20191223004332 http://430.ch/ 200 text/html 20160729094455 http://430.ch/robots.txt 200 text/plain 20231028224700 https://430.ch/.well-known/ai-plugin.json 200 text/html 20231028195934 https://430.ch/.well-known/dnt-policy.txt 200 text/html 20231028201009 https://430.ch/.well-known/gpc.json 200 text/html 20231029001948 https://430.ch/.well-known/nodeinfo 200 text/html 20231028193612 https://430.ch/.well-known/openid-configuration 200 text/html 20231028203348 https://430.ch/.well-known/security.txt 200 text/html 20231028223110 https://430.ch/.well-known/trust.txt 200 text/html 20231028194249 https://430.ch/ads.txt 200 text/html 20231028205649 https://430.ch/app-ads.txt 200 text/html 20231029024555 https://430.ch/info/ 200 text/html 20231028200842 https://430.ch/parking.php4 200 text/html 20231028231335 https://430.ch/search/ 200 text/html 20231028204408 https://430.ch/sitemap.xml 200 text/html </pre> Interpretation: * Many 2023 entries look like parked/placeholder behavior rather than current content. * Current live checks for those paths returned <code>404</code>. URLScan: * Querying <code>domain:430.ch</code> returned results for <code>noctron.ch</code>, not direct <code>430.ch</code> scans. * Querying <code>page.domain:"430.ch"</code> returned no results. == Security Observations and Recommendations == === High Priority === ==== Close or restrict <code>5355/tcp</code> on <code>ov.430.ch</code> ==== Finding: * <code>5355/tcp</code> is open on <code>83.228.241.25</code> and <code>2001:1600:18:102::26f</code>. * Nmap labels it <code>llmnr</code>. Why it matters: * LLMNR is generally local-network-only functionality and should not be Internet-facing. * If this is not LLMNR, an undocumented public service is still exposed. Recommended action: * Identify the listening process. * If unintended, stop it and firewall <code>5355/tcp</code> and likely <code>5355/udp</code>. * If intended, restrict source IPs and document it. Example local triage commands on the server: <pre> ss -ltnup | grep ':5355' systemctl status systemd-resolved </pre> ==== Restrict IPv6 <code>8080/tcp</code> on <code>ov.430.ch</code> ==== Finding: * <code>8080/tcp</code> is open on IPv6 but filtered on IPv4. * It exposes Apache/PHP/MediaWiki directly. Why it matters: * If Caddy is intended as the public reverse proxy, direct backend access can bypass proxy-layer controls, logging assumptions, rate limits, or header normalization. * IPv6 firewall parity often gets missed. Recommended action: * Bind Apache backend only to loopback if it is only used by Caddy. * Otherwise firewall <code>8080/tcp</code> consistently on IPv4 and IPv6. Example local triage: <pre> ss -ltnp | grep ':8080' </pre> ==== Confirm <code>6567/tcp</code> and <code>6567/udp</code> ==== Finding: * <code>6567/tcp</code> is open on <code>ov.430.ch</code>. * <code>6567/udp</code> is <code>open|filtered</code>. * Port 6567 is commonly used by Mindustry. Recommended action: * Confirm whether this is intentional. * If it is a game server, consider whether it should be public and whether it needs rate limits or firewall restrictions. * If unused, close it. === Medium Priority === ==== Add HSTS ==== Finding: * HTTPS works well, but HSTS is not configured. Recommended Caddy-style header: <pre> Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </pre> Use a shorter <code>max-age</code> first if you want a low-risk rollout: <pre> Strict-Transport-Security "max-age=86400" </pre> ==== Tighten apex CORS ==== Finding: * <code>430.ch</code> reflects arbitrary origins and allows credentials. Recommended action: * If static files do not need credentialed cross-origin access, remove credentialed CORS headers. * If cross-origin reads are required, allowlist specific origins and avoid <code>Access-Control-Allow-Credentials: true</code> unless needed. ==== Review MediaWiki public exposure on <code>ov.430.ch</code> ==== Finding: * Public API exposes version, PHP version, DB version, extension version, skins, users, groups, rights changes, and logs. * UI appears to advertise account creation and probable editability. Recommended action: * Decide whether <code>ov.430.ch</code> is intentionally public. * If public, keep MediaWiki and extensions patched. * If private, restrict anonymous read, API, account creation, and editing. * Consider hiding detailed version headers where practical, recognizing that version hiding is defense-in-depth and not a substitute for patching. Potential MediaWiki settings to review: <pre> $wgGroupPermissions['*']['read'] $wgGroupPermissions['*']['edit'] $wgGroupPermissions['*']['createaccount'] $wgGroupPermissions['*']['writeapi'] $wgShowExceptionDetails </pre> ==== Add CAA records ==== Finding: * No apex CAA record observed. Recommended action: If only Let's Encrypt and ZeroSSL should issue: <pre> 430.ch. CAA 0 issue "letsencrypt.org" 430.ch. CAA 0 issue "sectigo.com" 430.ch. CAA 0 issuewild ";" </pre> Tune this based on actual CA usage. ZeroSSL chains to Sectigo in the observed certificate. ==== Add MTA-STS and TLS-RPT ==== Finding: * No MTA-STS or TLS-RPT records observed. Recommended action: Publish: <pre> _mta-sts.430.ch TXT "v=STSv1; id=YYYYMMDD01" _smtp._tls.430.ch TXT "v=TLSRPTv1; rua=mailto:tlsrpt@430.ch" </pre> Serve an HTTPS policy at: <pre> https://mta-sts.430.ch/.well-known/mta-sts.txt </pre> Example policy: <pre> version: STSv1 mode: testing mx: aspmx1.migadu.com mx: aspmx2.migadu.com max_age: 86400 </pre> Move from <code>testing</code> to <code>enforce</code> after confirming reports are clean. === Low Priority / Hygiene === ==== Fix missing <code>style.css</code> ==== Finding: * Several pages reference <code>https://430.ch/style.css</code>, but it returns <code>404</code>. Recommended action: * Add the stylesheet or remove the references. ==== Add <code>security.txt</code> ==== Finding: * <code>/.well-known/security.txt</code> returns <code>404</code>. Recommended action: Add a minimal file if you want a clear channel for reports: <pre> Contact: mailto:meighl@430.ch Preferred-Languages: en Canonical: https://430.ch/.well-known/security.txt </pre> ==== Consider whether <code>/m/</code> should be a directory listing ==== Finding: * <code>/m/</code> exposes a Caddy directory listing. Recommended action: * If intentional, no change needed. * If not, disable browse/listing and link only specific images. ==== Remove unnecessary metadata from contact PNG ==== Finding: * Contact PNG retains GIMP/XMP metadata. Risk: * Low. No GPS or sensitive camera metadata was found. Recommended action: * Strip metadata from public images as a standard publishing step. Example: <pre> exiftool -all= image.png </pre> == Artifact Inventory == Top-level files in <code>/root/recon-430ch</code>: <pre> nmap-http-scripts.txt 3378 bytes nmap-ipv4-full.txt 796 bytes nmap-ipv4-top.txt 1653 bytes nmap-ipv6-full.txt 774 bytes nmap-ipv6-top.txt 1670 bytes nmap-ov-5355-ipv6.txt 0 bytes nmap-ov-5355.txt 0 bytes nmap-ov-ipv6-specific.txt 1040 bytes nmap-ov-specific.txt 2900 bytes nmap-ssl-enum.txt 3547 bytes nmap-udp-5355-ipv6.txt 709 bytes nmap-udp-5355.txt 669 bytes nmap-udp-game-ipv6.txt 873 bytes nmap-udp-game.txt 833 bytes robots.txt 23 bytes root-http.html 0 bytes root-https.html 1201 bytes security.txt 0 bytes sitemap.xml 0 bytes wget/ mirrored site </pre> Directory size: <pre> /root/recon-430ch: 1.6M </pre> == Commands Used == Representative command list: <pre> apt-get update apt-get install -y dnsutils whois nmap traceroute jq netcat-openbsd ca-certificates apt-get install -y libimage-exiftool-perl dig 430.ch ANY dig 430.ch A 430.ch AAAA 430.ch NS 430.ch SOA 430.ch MX 430.ch TXT 430.ch CAA +noall +answer dig +short -x 83.228.241.21 whois 430.ch whois 83.228.241.21 dig AXFR 430.ch @ns11.infomaniak.ch dig AXFR 430.ch @ns12.infomaniak.ch dig 430.ch DNSKEY 430.ch DS +noall +answer curl -sS -D - -o /root/recon-430ch/root-http.html http://430.ch/ curl -sS -D - -o /root/recon-430ch/root-https.html https://430.ch/ curl -sS -D - -o /root/recon-430ch/robots.txt https://430.ch/robots.txt curl -sS -D - -o /root/recon-430ch/sitemap.xml https://430.ch/sitemap.xml curl -sS -D - -o /root/recon-430ch/security.txt https://430.ch/.well-known/security.txt openssl s_client -connect 430.ch:443 -servername 430.ch -showcerts </dev/null wget -r -l inf -np -E -k -p --restrict-file-names=windows -D 430.ch --no-verbose --directory-prefix=/root/recon-430ch/wget https://430.ch/ wget -r -l inf -np -E -k -p --restrict-file-names=windows -D 430.ch --no-verbose --directory-prefix=/root/recon-430ch/wget https://430.ch/f/ wget -r -l inf -np -E -k -p --restrict-file-names=windows -D 430.ch --no-verbose --directory-prefix=/root/recon-430ch/wget https://430.ch/yagpab/ curl -sS 'https://crt.sh/?q=%25.430.ch&output=json' curl -sS 'https://rdap.nic.ch/domain/430.ch' curl -sS 'https://urlscan.io/api/v1/search/?q=domain:430.ch' curl -sS -L 'https://web.archive.org/cdx?url=430.ch/*&output=json&fl=timestamp,original,statuscode,mimetype,digest&collapse=urlkey&filter=statuscode:200' nmap -Pn -sS -sV --version-light -T3 --top-ports 1000 83.228.241.21 83.228.241.25 -oN /root/recon-430ch/nmap-ipv4-top.txt nmap -Pn -6 -sT -sV --version-light -T3 --top-ports 1000 2001:1600:18:102::167 2001:1600:18:102::26f -oN /root/recon-430ch/nmap-ipv6-top.txt nmap -Pn -sS -T3 -p- --max-retries 2 83.228.241.21 83.228.241.25 -oN /root/recon-430ch/nmap-ipv4-full.txt nmap -Pn -6 -sT -T3 -p- --max-retries 2 2001:1600:18:102::167 2001:1600:18:102::26f -oN /root/recon-430ch/nmap-ipv6-full.txt nmap -Pn -p443 --script ssl-enum-ciphers 430.ch ov.430.ch wiki.430.ch staging.430.ch -oN /root/recon-430ch/nmap-ssl-enum.txt nmap -Pn -p80,443 --script http-title,http-server-header,http-security-headers 430.ch ov.430.ch wiki.430.ch staging.430.ch -oN /root/recon-430ch/nmap-http-scripts.txt nmap -Pn -sU -sV --version-light -p6567,27015,27016 83.228.241.25 83.228.241.21 -oN /root/recon-430ch/nmap-udp-game.txt nmap -Pn -6 -sU -sV --version-light -p6567,27015,27016 2001:1600:18:102::26f 2001:1600:18:102::167 -oN /root/recon-430ch/nmap-udp-game-ipv6.txt nmap -Pn -sU -sV --version-light -p5355 83.228.241.25 83.228.241.21 -oN /root/recon-430ch/nmap-udp-5355.txt nmap -Pn -6 -sU -sV --version-light -p5355 2001:1600:18:102::26f 2001:1600:18:102::167 -oN /root/recon-430ch/nmap-udp-5355-ipv6.txt curl -sS 'https://ov.430.ch/api.php?action=query&meta=siteinfo&siprop=general%7Cnamespaces%7Cstatistics%7Cextensions%7Cskins&format=json' curl -sS 'https://ov.430.ch/api.php?action=query&list=allusers&auprop=groups%7Ceditcount%7Cregistration&format=json' curl -sS 'https://ov.430.ch/api.php?action=query&list=recentchanges&rcprop=title%7Cids%7Ctimestamp%7Cuser%7Ccomment%7Cflags&rclimit=20&format=json' curl -sS 'https://ov.430.ch/api.php?action=query&list=logevents&leprop=title%7Ctimestamp%7Cuser%7Ccomment%7Ctype%7Cdetails&lelimit=20&format=json' curl -sS 'https://wiki.430.ch/api.php?action=query&meta=siteinfo&siprop=general%7Cnamespaces%7Cstatistics%7Cextensions%7Cskins&format=json' exiftool -a -G1 -s /root/recon-430ch/wget/430.ch/m/*.webp /root/recon-430ch/wget/430.ch/contact-us/1.png sha256sum /root/recon-430ch/wget/430.ch/m/*.webp /root/recon-430ch/wget/430.ch/contact-us/1.png </pre> == Appendix: Raw Nmap Full TCP Output == === IPv4 === <pre> # Nmap 7.95 scan initiated Thu Jul 9 17:42:08 2026 as: nmap -Pn -sS -T3 -p- --max-retries 2 -oN /root/recon-430ch/nmap-ipv4-full.txt 83.228.241.21 83.228.241.25 Nmap scan report for 430.ch (83.228.241.21) Host is up (0.064s latency). Not shown: 65532 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https MAC Address: FA:16:3E:46:4B:58 (Unknown) Nmap scan report for ov.430.ch (83.228.241.25) Host is up (0.0000090s latency). Not shown: 65529 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 5355/tcp open llmnr 6567/tcp open esp 8080/tcp filtered http-proxy # Nmap done at Thu Jul 9 17:49:20 2026 -- 2 IP addresses (2 hosts up) scanned in 431.22 seconds </pre> === IPv6 === <pre> # Nmap 7.95 scan initiated Thu Jul 9 17:42:08 2026 as: nmap -Pn -6 -sT -T3 -p- --max-retries 2 -oN /root/recon-430ch/nmap-ipv6-full.txt 2001:1600:18:102::167 2001:1600:18:102::26f Nmap scan report for 430.ch (2001:1600:18:102::167) Host is up (0.019s latency). Not shown: 65532 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap scan report for ov.430.ch (2001:1600:18:102::26f) Host is up (0.00014s latency). Not shown: 65529 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 5355/tcp open llmnr 6567/tcp open esp 8080/tcp open http-proxy # Nmap done at Thu Jul 9 17:49:57 2026 -- 2 IP addresses (2 hosts up) scanned in 468.20 seconds </pre>
Summary:
Please note that all contributions to Marcopedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Marcopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
associated-pages
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Tools
What links here
Related changes
Page information
Online users in chat