Editing
Marcotrix.xyz Reconnaissance Report
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Hostname Resolution and HTTP Behavior == Resolution during testing: <pre> marcotrix.xyz A 57.131.38.220 mail.marcotrix.xyz A 57.131.38.220 jellyfin.marcotrix.xyz A 57.131.38.220 money.marcotrix.xyz A 57.131.38.220 drive.marcotrix.xyz A 57.131.38.220 </pre> No resolution during testing: <pre> www.marcotrix.xyz chat.marcotrix.xyz llc.marcotrix.xyz budget.marcotrix.xyz matrix.marcotrix.xyz </pre> All tested resolving names used HTTP-to-HTTPS redirects via Caddy: <pre> HTTP/1.1 308 Permanent Redirect Location: https://<host>/ Server: Caddy </pre> === Apex Site === <code>https://marcotrix.xyz/</code>: <pre> HTTP/2 200 alt-svc: h3=":443"; ma=2592000 content-type: text/html; charset=utf-8 via: 1.1 Caddy </pre> Root HTML: <pre> <meta name="description" content="Marcotrix homepage" /> <title>Marcotrix</title> <link rel="stylesheet" href="/style.css" /> ... <h1>Marcotrix</h1> <div class="photo-frame" aria-label="A rotating Zoe photo"> <img class="placeholder-image" id="zoe-photo" src="/zoe1.jpg" alt="Zoe" decoding="async" /> </div> <a class="ink-link" href="/contact/index.html">contact us</a> </pre> JavaScript rotates these public image paths: <pre> /zoe1.jpg /zoe2.jpg /zoe3.jpg /zoe4.jpg /zoe5.jpg /zoe6.jpg </pre> HEAD checks confirmed all six image paths returned <code>HTTP/2 200</code>, <code>content-type: image/jpeg</code>, and <code>cache-control: public, max-age=86400</code>. === Contact Page === <code>https://marcotrix.xyz/contact/index.html</code> returned <code>HTTP/2 200</code>. HTML: <pre> <title>Contact</title> ... <img class="cutecatracing" src="../mail.png" alt="mail at marcotrix dot xyz" /> </pre> Likely contact address exposed in machine-readable alt text: <pre> mail@marcotrix.xyz </pre> === Robots, Sitemap, Security.txt, and Favicon === These returned <code>404</code> with body <code>Not found</code>: * <code>https://marcotrix.xyz/robots.txt</code> * <code>https://marcotrix.xyz/sitemap.xml</code> * <code>https://marcotrix.xyz/.well-known/security.txt</code> * <code>https://marcotrix.xyz/favicon.ico</code> === <code>mail.marcotrix.xyz</code> === HTTP redirects to HTTPS. HTTPS: <pre> HTTP/2 502 server: Caddy content-length: 0 </pre> Interpretation: * Caddy has a configured HTTPS site for <code>mail.marcotrix.xyz</code>. * The upstream behind it is unavailable, misconfigured, or refusing connections. === <code>jellyfin.marcotrix.xyz</code> === HTTPS root: <pre> HTTP/2 302 location: web/ server: Kestrel via: 1.1 Caddy </pre> <code>https://jellyfin.marcotrix.xyz/web/</code> returns the Jellyfin web application: <pre> <meta name="application-name" content="Jellyfin"> <meta name="robots" content="noindex, nofollow, noarchive"> <title>Jellyfin</title> </pre> Public Jellyfin metadata endpoint: <pre> https://jellyfin.marcotrix.xyz/System/Info/Public </pre> Returned: <pre> { "LocalAddress": "http://172.20.0.3:8096", "ServerName": "marcoserver", "Version": "10.11.6", "ProductName": "Jellyfin Server", "OperatingSystem": "", "Id": "5b94a56e8601405d8a399c3960d5c546", "StartupWizardCompleted": true } </pre> Interpretation: * Jellyfin is exposed through Caddy. * The public endpoint reveals version, server name, private backend address, instance ID, and that setup is complete. * This is normal for Jellyfin's public info endpoint, but still useful inventory for an attacker. === <code>drive.marcotrix.xyz</code> === HTTPS root: <pre> HTTP/2 200 cache-control: no-store, max-age=0 content-type: text/plain; charset=utf-8 vary: Origin, PW, Cookie via: 1.1 Caddy content-length: 38 </pre> Body: <pre> howdy stranger (you're not logged in) </pre> Nmap HTTP title: <pre> copyparty @ vps-b2134b59-vps-ovh-net </pre> With an explicit <code>Origin</code> header: <pre> access-control-allow-headers: Range access-control-allow-methods: GET, HEAD access-control-allow-origin: * cache-control: no-store, max-age=0 vary: Origin, PW, Cookie </pre> Interpretation: * <code>drive.marcotrix.xyz</code> appears to be a copyparty instance. * Anonymous users receive a not-logged-in message. * CORS allows all origins for GET/HEAD/range-style access. === <code>money.marcotrix.xyz</code> === DNS resolves and HTTP redirects to HTTPS: <pre> HTTP/1.1 308 Permanent Redirect Location: https://money.marcotrix.xyz/ Server: Caddy </pre> HTTPS failed from this vantage point: <pre> TLS connect error: tlsv1 alert internal error </pre> Interpretation: * The hostname likely has an incomplete or broken Caddy/TLS/backend configuration.
Summary:
Please note that all contributions to Marcopedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Marcopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
associated-pages
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Tools
What links here
Related changes
Page information
Online users in chat