Editing
Marcotrix.xyz Reconnaissance Report
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
__TOC__ <!-- Generated from /root/MARCOTRIX.XYZ_REPORT.md by Codex on 2026-07-09 UTC. --> = Marcotrix.xyz Reconnaissance Report = Report date: 2026-07-09 UTC Target: <code>marcotrix.xyz</code> Verification status: not verified Primary artifact directory: <code>/root/recon-marcotrix-xyz</code> == Scope and Authorization Boundary == This report was produced without domain-owner verification for <code>marcotrix.xyz</code>. Because of that, the work was intentionally narrower than the owner-authorized <code>430.ch</code> report. Allowed and performed: * Public DNS, WHOIS, RDAP, certificate transparency, public search, Shodan InternetDB, RIPEstat, and Wayback lookups. * Ordinary HTTP(S) requests to publicly reachable pages. * A shallow same-site <code>wget</code> mirror of linked public web assets. * Targeted nmap checks only for ports already identified by passive sources or explicit DNS/service evidence. * Local metadata inspection of files downloaded from the public site. Not performed: * Account creation. * Login attempts. * Writes to any Marcotrix service. * Directory brute forcing or web fuzzing. * Vulnerability exploitation. * Broad UDP scanning. * Full TCP port sweep. * Publication of this report to a public wiki page. == Executive Summary == <code>marcotrix.xyz</code> is a Namecheap-registered <code>.xyz</code> domain created on <code>2025-11-21</code>. It uses Namecheap/registrar-servers DNS and points its apex to a single OVH Italy VPS address, <code>57.131.38.220</code>. The same address is also used for <code>mail.marcotrix.xyz</code>, <code>jellyfin.marcotrix.xyz</code>, <code>drive.marcotrix.xyz</code>, and <code>money.marcotrix.xyz</code>. The public surface visible from limited checks includes: * A static Caddy-served apex website. * A Caddy reverse-proxied Jellyfin instance on <code>jellyfin.marcotrix.xyz</code>. * A Caddy reverse-proxied copyparty instance on <code>drive.marcotrix.xyz</code>. * A broken or misconfigured HTTPS service on <code>money.marcotrix.xyz</code>. * An HTTPS endpoint for <code>mail.marcotrix.xyz</code> returning <code>502</code>, while mail DNS points MX to the same host. * <code>5201/tcp</code> open as <code>iperf3</code>. * <code>123/udp</code> open as NTP v4. * Strong TLS 1.2/1.3 ciphers on the tested HTTPS names. * No HSTS on tested HTTPS names. Most notable observations: # <code>mail.marcotrix.xyz</code> is the MX target, but SMTP/IMAP/submission ports were filtered or closed in the limited targeted checks. This suggests inbound mail may not work from this vantage point. # <code>drive.marcotrix.xyz</code> exposes a copyparty service title and unauthenticated landing text. # <code>jellyfin.marcotrix.xyz</code> exposes public Jellyfin metadata, including version <code>10.11.6</code>, server name <code>marcoserver</code>, a private backend address, and an instance ID. # <code>5201/tcp</code> is open as <code>iperf3</code>; that is normally a benchmarking service and should be closed or restricted unless intentionally public. # <code>123/udp</code> is open as NTP v4. If public NTP service is not intentional, restrict it. # DNSSEC is unsigned, CAA is absent, SPF is softfail, DMARC is monitor-only, and MTA-STS/TLS-RPT were not observed. == Domain Registration and DNS == WHOIS/RDAP showed: <pre> Domain Name: MARCOTRIX.XYZ Registry Domain ID: D621206912-CNIC Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Creation Date: 2025-11-21T17:05:51.0Z Updated Date: 2026-01-04T19:34:06.0Z Registry Expiry Date: 2026-11-21T23:59:59.0Z Domain Status: clientTransferProhibited DNSSEC: unsigned Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545 </pre> RDAP source: <pre> https://rdap.centralnic.com/xyz/domain/marcotrix.xyz </pre> RDAP confirmed: * Registrar: NameCheap, Inc. * DNSSEC delegation signed: <code>false</code> * Nameservers: ** <code>dns1.registrar-servers.com</code> ** <code>dns2.registrar-servers.com</code> * Status: <code>client transfer prohibited</code> == IP Allocation and Hosting == The apex A record resolves to: <pre> marcotrix.xyz. A 57.131.38.220 </pre> No apex AAAA record was observed. Reverse DNS: <pre> 57.131.38.220 -> mail.marcotrix.xyz. </pre> WHOIS for <code>57.131.38.220</code> referred from ARIN to RIPE and showed: <pre> inetnum: 57.131.38.0 - 57.131.38.255 netname: VPS-EU-SOUTH-MIL-VPS-1 country: IT org: ORG-OS43-RIPE geoloc: 45.4666 9.1666 abuse-mailbox: abuse@ovh.net route: 57.131.0.0/17 origin: AS16276 </pre> RIPEstat aligned the address to: <pre> resource: 57.131.0.0/17 ASN: 16276 holder: OVH OVH SAS </pre> Interpretation: * The host appears to be an OVH VPS in the Italy/Milan region. * Abuse contact for the allocation is <code>abuse@ovh.net</code>. == DNS Records == Observed apex records: <pre> marcotrix.xyz. A 57.131.38.220 marcotrix.xyz. NS dns1.registrar-servers.com. marcotrix.xyz. NS dns2.registrar-servers.com. marcotrix.xyz. SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1782905010 43200 3600 604800 3601 marcotrix.xyz. MX 10 mail.marcotrix.xyz. marcotrix.xyz. TXT "v=spf1 mx ~all" </pre> Not observed: * Apex AAAA * Apex CAA * <code>_mta-sts.marcotrix.xyz TXT</code> * <code>_smtp._tls.marcotrix.xyz TXT</code> * <code>mta-sts.marcotrix.xyz</code> * <code>autoconfig.marcotrix.xyz</code> * <code>autodiscover.marcotrix.xyz</code> DMARC: <pre> _dmarc.marcotrix.xyz TXT "v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz" </pre> Interpretation: * SPF is <code>~all</code>, a softfail policy. * DMARC is monitoring-only (<code>p=none</code>). * DMARC reports are directed to <code>mail@marcotrix.xyz</code>. * No MTA-STS or TLS-RPT records were observed. * No CAA record was observed. * DNSSEC is unsigned. == Atproto / Bluesky Identity == The domain publishes an Atproto handle verification record: <pre> _atproto.marcotrix.xyz TXT "did=did:plc:rs545j57yaqct4qmp7c4aymc" </pre> Bluesky handle resolution: <pre> {"did":"did:plc:rs545j57yaqct4qmp7c4aymc"} </pre> PLC directory record: <pre> { "id": "did:plc:rs545j57yaqct4qmp7c4aymc", "alsoKnownAs": ["at://marcotrix.xyz"], "service": [ { "id": "#atproto_pds", "type": "AtprotoPersonalDataServer", "serviceEndpoint": "https://gomphus.us-west.host.bsky.network" } ] } </pre> Interpretation: * <code>marcotrix.xyz</code> is configured as a Bluesky/Atproto handle. * The PDS endpoint is hosted by Bluesky infrastructure, not on <code>marcotrix.xyz</code>. == Certificate Transparency and Subdomains == Certificate transparency records from <code>crt.sh</code> exposed these names: Currently resolving during testing: * <code>marcotrix.xyz</code> * <code>mail.marcotrix.xyz</code> * <code>jellyfin.marcotrix.xyz</code> * <code>money.marcotrix.xyz</code> * <code>drive.marcotrix.xyz</code> Seen in certificate transparency but not resolving during testing: * <code>www.marcotrix.xyz</code> * <code>chat.marcotrix.xyz</code> * <code>llc.marcotrix.xyz</code> * <code>budget.marcotrix.xyz</code> * <code>matrix.marcotrix.xyz</code> Recent/current certificate observations: <pre> marcotrix.xyz issuer: Let's Encrypt E7 notBefore: May 15 22:57:19 2026 GMT notAfter: Aug 13 22:57:18 2026 GMT SAN: DNS:marcotrix.xyz mail.marcotrix.xyz issuer: Let's Encrypt E8 notBefore: May 24 03:47:06 2026 GMT notAfter: Aug 22 03:47:05 2026 GMT SAN: DNS:mail.marcotrix.xyz jellyfin.marcotrix.xyz issuer: Let's Encrypt YE2 notBefore: Jun 26 06:10:01 2026 GMT notAfter: Sep 24 06:10:00 2026 GMT SAN: DNS:jellyfin.marcotrix.xyz drive.marcotrix.xyz issuer: Let's Encrypt E8 notBefore: May 16 13:29:26 2026 GMT notAfter: Aug 14 13:29:25 2026 GMT SAN: DNS:drive.marcotrix.xyz </pre> <code>money.marcotrix.xyz</code> had certificate transparency entries, but live TLS connection attempts failed with an internal TLS alert from this vantage point: <pre> curl: (35) TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error </pre> == Hostname Resolution and HTTP Behavior == Resolution during testing: <pre> marcotrix.xyz A 57.131.38.220 mail.marcotrix.xyz A 57.131.38.220 jellyfin.marcotrix.xyz A 57.131.38.220 money.marcotrix.xyz A 57.131.38.220 drive.marcotrix.xyz A 57.131.38.220 </pre> No resolution during testing: <pre> www.marcotrix.xyz chat.marcotrix.xyz llc.marcotrix.xyz budget.marcotrix.xyz matrix.marcotrix.xyz </pre> All tested resolving names used HTTP-to-HTTPS redirects via Caddy: <pre> HTTP/1.1 308 Permanent Redirect Location: https://<host>/ Server: Caddy </pre> === Apex Site === <code>https://marcotrix.xyz/</code>: <pre> HTTP/2 200 alt-svc: h3=":443"; ma=2592000 content-type: text/html; charset=utf-8 via: 1.1 Caddy </pre> Root HTML: <pre> <meta name="description" content="Marcotrix homepage" /> <title>Marcotrix</title> <link rel="stylesheet" href="/style.css" /> ... <h1>Marcotrix</h1> <div class="photo-frame" aria-label="A rotating Zoe photo"> <img class="placeholder-image" id="zoe-photo" src="/zoe1.jpg" alt="Zoe" decoding="async" /> </div> <a class="ink-link" href="/contact/index.html">contact us</a> </pre> JavaScript rotates these public image paths: <pre> /zoe1.jpg /zoe2.jpg /zoe3.jpg /zoe4.jpg /zoe5.jpg /zoe6.jpg </pre> HEAD checks confirmed all six image paths returned <code>HTTP/2 200</code>, <code>content-type: image/jpeg</code>, and <code>cache-control: public, max-age=86400</code>. === Contact Page === <code>https://marcotrix.xyz/contact/index.html</code> returned <code>HTTP/2 200</code>. HTML: <pre> <title>Contact</title> ... <img class="cutecatracing" src="../mail.png" alt="mail at marcotrix dot xyz" /> </pre> Likely contact address exposed in machine-readable alt text: <pre> mail@marcotrix.xyz </pre> === Robots, Sitemap, Security.txt, and Favicon === These returned <code>404</code> with body <code>Not found</code>: * <code>https://marcotrix.xyz/robots.txt</code> * <code>https://marcotrix.xyz/sitemap.xml</code> * <code>https://marcotrix.xyz/.well-known/security.txt</code> * <code>https://marcotrix.xyz/favicon.ico</code> === <code>mail.marcotrix.xyz</code> === HTTP redirects to HTTPS. HTTPS: <pre> HTTP/2 502 server: Caddy content-length: 0 </pre> Interpretation: * Caddy has a configured HTTPS site for <code>mail.marcotrix.xyz</code>. * The upstream behind it is unavailable, misconfigured, or refusing connections. === <code>jellyfin.marcotrix.xyz</code> === HTTPS root: <pre> HTTP/2 302 location: web/ server: Kestrel via: 1.1 Caddy </pre> <code>https://jellyfin.marcotrix.xyz/web/</code> returns the Jellyfin web application: <pre> <meta name="application-name" content="Jellyfin"> <meta name="robots" content="noindex, nofollow, noarchive"> <title>Jellyfin</title> </pre> Public Jellyfin metadata endpoint: <pre> https://jellyfin.marcotrix.xyz/System/Info/Public </pre> Returned: <pre> { "LocalAddress": "http://172.20.0.3:8096", "ServerName": "marcoserver", "Version": "10.11.6", "ProductName": "Jellyfin Server", "OperatingSystem": "", "Id": "5b94a56e8601405d8a399c3960d5c546", "StartupWizardCompleted": true } </pre> Interpretation: * Jellyfin is exposed through Caddy. * The public endpoint reveals version, server name, private backend address, instance ID, and that setup is complete. * This is normal for Jellyfin's public info endpoint, but still useful inventory for an attacker. === <code>drive.marcotrix.xyz</code> === HTTPS root: <pre> HTTP/2 200 cache-control: no-store, max-age=0 content-type: text/plain; charset=utf-8 vary: Origin, PW, Cookie via: 1.1 Caddy content-length: 38 </pre> Body: <pre> howdy stranger (you're not logged in) </pre> Nmap HTTP title: <pre> copyparty @ vps-b2134b59-vps-ovh-net </pre> With an explicit <code>Origin</code> header: <pre> access-control-allow-headers: Range access-control-allow-methods: GET, HEAD access-control-allow-origin: * cache-control: no-store, max-age=0 vary: Origin, PW, Cookie </pre> Interpretation: * <code>drive.marcotrix.xyz</code> appears to be a copyparty instance. * Anonymous users receive a not-logged-in message. * CORS allows all origins for GET/HEAD/range-style access. === <code>money.marcotrix.xyz</code> === DNS resolves and HTTP redirects to HTTPS: <pre> HTTP/1.1 308 Permanent Redirect Location: https://money.marcotrix.xyz/ Server: Caddy </pre> HTTPS failed from this vantage point: <pre> TLS connect error: tlsv1 alert internal error </pre> Interpretation: * The hostname likely has an incomplete or broken Caddy/TLS/backend configuration. == TLS Findings == Nmap <code>ssl-enum-ciphers</code> was run only for live HTTPS hostnames: * <code>marcotrix.xyz</code> * <code>mail.marcotrix.xyz</code> * <code>jellyfin.marcotrix.xyz</code> * <code>drive.marcotrix.xyz</code> All four showed TLS 1.2 and TLS 1.3 with A-rated cipher suites. TLS 1.2: <pre> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A </pre> TLS 1.3: <pre> TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A </pre> Nmap reported: <pre> least strength: A </pre> Manual <code>openssl</code> checks against the apex verified TLS 1.2 and TLS 1.3 negotiation. HSTS was not configured on tested HTTPS names: <pre> Strict_Transport_Security: HSTS not configured in HTTPS Server </pre> == Targeted Service Checks == Important scope note: * A full TCP port sweep was not performed because the domain was not verified. * The checks below targeted ports already identified by Shodan InternetDB or by DNS/mail service evidence. Shodan InternetDB for <code>57.131.38.220</code>: <pre> { "cpes": [ "cpe:/a:caddyserver:caddy", "cpe:/a:golang:go", "cpe:/a:ntp:ntp:4" ], "hostnames": ["mail.marcotrix.xyz"], "ip": "57.131.38.220", "ports": [80, 123, 143, 443, 465, 587, 993, 5201], "tags": ["starttls"], "vulns": [] } </pre> Targeted nmap TCP check: <pre> PORT STATE SERVICE VERSION 80/tcp open http Caddy httpd 123/tcp closed ntp 143/tcp closed imap 443/tcp open ssl/https? 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 5201/tcp open iperf3 </pre> Targeted mail-port check: <pre> 25/tcp filtered smtp 110/tcp closed pop3 143/tcp closed imap 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 995/tcp closed pop3s </pre> Targeted UDP check: <pre> 123/udp open ntp NTP v4 (secondary server) </pre> Interpretation: * Inbound mail to the advertised MX may not be reachable from this vantage point (<code>25/tcp filtered</code>; submission/IMAP closed). * <code>5201/tcp</code> is open as iperf3, which is typically a network performance testing service. * <code>123/udp</code> is open as NTP v4. == File Mirror and Asset Metadata == Shallow mirror command: <pre> wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/ </pre> Result: <pre> Downloaded: 5 files, 2.7M </pre> Mirrored files: <pre> /root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png </pre> The shallow mirror only downloaded <code>zoe1.jpg</code>; the other image URLs are JavaScript-discovered and were checked with HEAD requests instead of bulk downloading. File type summary: <pre> index.html: HTML document, ASCII text style.css: ASCII text zoe1.jpg: JPEG image data, EXIF standard, 4032x2268 mail.png: PNG image data, 1833x207 contact/index.html: HTML document, ASCII text </pre> ExifTool for <code>zoe1.jpg</code>: <pre> FileType: JPEG ImageWidth: 4032 ImageHeight: 2268 Orientation: Horizontal (normal) ICC Profile DeviceManufacturer: Google ICC ProfileDescription: sRGB IEC61966-2.1 ICC ProfileCopyright: Copyright (c) 2016 Google Inc. </pre> No GPS metadata was observed in <code>zoe1.jpg</code>. ExifTool for <code>mail.png</code>: <pre> FileType: PNG ImageWidth: 1833 ImageHeight: 207 ModifyDate: 2026:06:10 13:44:06 </pre> No GPS metadata was observed in <code>mail.png</code>. SHA-256 hashes: <pre> 0ece9b584872c867e884a57082e297107cd78a2c397e3bbf0acce2ecbf82cf13 zoe1.jpg 37087ef2608573bce4b42250a9f6ff19d5563d75d2017b305884d57d2278828b mail.png cae0e7336bfce9829c4ba5a5acdab00028ea228bdc250b51c5e898e7ff4da064 style.css bc1dc4dcc2b71c08cebb2ee9f5706e12b349465afd4648aba944a36d104fab6e index.html ff46b46ea05c84ccc812919ae47d3a9d41efe71c282a28b12f95e3f24e9506cd contact/index.html </pre> == Web Archive and Public Indexing == Wayback CDX returned current/historical captures from <code>2026-06-10</code>: <pre> 20260610131934 https://marcotrix.xyz/ 200 text/html 20260610131945 https://marcotrix.xyz/contact.html 200 text/html 20260610131934 https://marcotrix.xyz/home-placeholder.svg 200 image/svg+xml 20260610131945 https://marcotrix.xyz/mail.png 200 image/png 20260610131934 https://marcotrix.xyz/style.css 200 text/css </pre> URLScan query for <code>domain:marcotrix.xyz</code> returned no results. Public web search results were sparse. The notable indexed/public association was the Atproto/Bluesky handle use of <code>marcotrix.xyz</code>. == Security Observations and Remediation Ideas == These are defensive observations based on public data only. === High Priority === ==== Review <code>5201/tcp</code> iperf3 exposure ==== Finding: <pre> 5201/tcp open iperf3 </pre> Why it matters: * <code>iperf3</code> is normally for bandwidth testing, not a public application surface. * If left public, it can be abused for unwanted traffic generation or resource consumption. Recommendation: * Close it if not in active use. * Restrict it to trusted source IPs if needed. ==== Confirm inbound mail behavior ==== Finding: * MX points to <code>mail.marcotrix.xyz</code>. * <code>mail.marcotrix.xyz</code> resolves to <code>57.131.38.220</code>. * <code>25/tcp</code> was filtered from this vantage point. * IMAP/submission ports were closed. * <code>https://mail.marcotrix.xyz/</code> returned <code>502</code>. Why it matters: * The domain advertises mail service but may not accept inbound mail. * DMARC report address is <code>mail@marcotrix.xyz</code>; if mail is broken, aggregate reports may not be received. Recommendation: * Confirm intended mail architecture. * If self-hosting, ensure SMTP and mailbox services are intentionally reachable and hardened. * If not self-hosting, update MX/SPF/DMARC to match the actual provider. ==== Review Jellyfin public exposure ==== Finding: <pre> { "ServerName": "marcoserver", "Version": "10.11.6", "LocalAddress": "http://172.20.0.3:8096", "Id": "5b94a56e8601405d8a399c3960d5c546" } </pre> Why it matters: * Jellyfin version and instance metadata are publicly visible. * Media servers are common targets for credential attacks and known-version vulnerability checks. Recommendation: * Keep Jellyfin current. * Require strong authentication. * Disable public signups if enabled. * Consider restricting access through VPN, SSO, or source allowlists. * Monitor authentication logs. === Medium Priority === ==== Add HSTS ==== Finding: * HSTS was not configured on tested HTTPS names. Recommendation: Start conservatively: <pre> Strict-Transport-Security: max-age=86400 </pre> Move to a long-lived policy after confirming all subdomains are HTTPS-ready: <pre> Strict-Transport-Security: max-age=31536000; includeSubDomains </pre> Only use <code>preload</code> if all subdomains are intended to be permanently HTTPS-only. ==== Fix <code>money.marcotrix.xyz</code> TLS/backend configuration ==== Finding: * HTTP redirects to HTTPS. * HTTPS fails with a TLS internal error. Recommendation: * Check Caddy site block and certificate state for <code>money.marcotrix.xyz</code>. * Confirm backend availability. * Remove DNS/cert automation for the hostname if unused. ==== Harden email DNS ==== Current: <pre> SPF: v=spf1 mx ~all DMARC: v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz </pre> Recommendations: * Move SPF from softfail to hardfail once valid senders are known: <pre> v=spf1 mx -all </pre> * Move DMARC from monitoring to enforcement after reports are clean: <pre> v=DMARC1; p=quarantine; rua=mailto:... v=DMARC1; p=reject; rua=mailto:... </pre> * Add MTA-STS and TLS-RPT if receiving mail: <pre> _mta-sts.marcotrix.xyz TXT "v=STSv1; id=YYYYMMDD01" _smtp._tls.marcotrix.xyz TXT "v=TLSRPTv1; rua=mailto:tlsrpt@marcotrix.xyz" </pre> ==== Add CAA ==== Finding: * No CAA record was observed. Recommendation: If Let's Encrypt is the only intended CA: <pre> marcotrix.xyz. CAA 0 issue "letsencrypt.org" marcotrix.xyz. CAA 0 issuewild ";" </pre> Adjust this if other CAs are intentionally used. ==== Consider DNSSEC ==== Finding: * RDAP reports DNSSEC unsigned. Recommendation: * Enable DNSSEC at the DNS provider if operationally comfortable. === Low Priority / Hygiene === ==== Add <code>security.txt</code> ==== Finding: * <code>/.well-known/security.txt</code> returned <code>404</code>. Recommendation: Add a basic security contact if the owner wants coordinated reports: <pre> Contact: mailto:mail@marcotrix.xyz Preferred-Languages: en Canonical: https://marcotrix.xyz/.well-known/security.txt </pre> ==== Add or intentionally omit <code>robots.txt</code> and <code>sitemap.xml</code> ==== Finding: * Both returned <code>404</code>. This is not inherently a vulnerability. Add them only if useful for indexing control. ==== Strip unnecessary image metadata ==== No GPS metadata was observed, but stripping metadata from public images is still a reasonable default publishing step. == Artifact Inventory == Top-level files: <pre> /root/recon-marcotrix-xyz/favicon.ico 9 bytes /root/recon-marcotrix-xyz/nmap-http-scripts.txt 2397 bytes /root/recon-marcotrix-xyz/nmap-mail-targeted.txt collected targeted mail scan /root/recon-marcotrix-xyz/nmap-ssl-enum.txt 3297 bytes /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 709 bytes /root/recon-marcotrix-xyz/nmap-udp-123.txt 508 bytes /root/recon-marcotrix-xyz/robots.txt 9 bytes /root/recon-marcotrix-xyz/root-http.html 0 bytes /root/recon-marcotrix-xyz/root-https.html 1155 bytes /root/recon-marcotrix-xyz/security.txt 9 bytes /root/recon-marcotrix-xyz/sitemap.xml 9 bytes /root/recon-marcotrix-xyz/wget/ shallow mirror </pre> Directory size: <pre> /root/recon-marcotrix-xyz: 2.8M </pre> == Representative Commands Used == <pre> dig marcotrix.xyz A marcotrix.xyz AAAA marcotrix.xyz NS marcotrix.xyz SOA marcotrix.xyz MX marcotrix.xyz TXT marcotrix.xyz CAA +noall +answer whois marcotrix.xyz whois 57.131.38.220 dig +short -x 57.131.38.220 curl -sS -D - -o /root/recon-marcotrix-xyz/root-http.html http://marcotrix.xyz/ curl -sS -D - -o /root/recon-marcotrix-xyz/root-https.html https://marcotrix.xyz/ curl -sS -D - -o /root/recon-marcotrix-xyz/robots.txt https://marcotrix.xyz/robots.txt curl -sS -D - -o /root/recon-marcotrix-xyz/sitemap.xml https://marcotrix.xyz/sitemap.xml curl -sS -D - -o /root/recon-marcotrix-xyz/security.txt https://marcotrix.xyz/.well-known/security.txt curl -sS 'https://crt.sh/?q=%25.marcotrix.xyz&output=json' curl -sS 'https://internetdb.shodan.io/57.131.38.220' curl -sS 'https://rdap.centralnic.com/xyz/domain/marcotrix.xyz' curl -sS 'https://stat.ripe.net/data/prefix-overview/data.json?resource=57.131.38.220' curl -sS -L 'https://web.archive.org/cdx?url=marcotrix.xyz/*&output=json&fl=timestamp,original,statuscode,mimetype,digest&collapse=urlkey&filter=statuscode:200' wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/ nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt nmap -Pn -sU -sV --version-light -p123 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt nmap -Pn -p443 --script ssl-enum-ciphers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-ssl-enum.txt nmap -Pn -p80,443 --script http-title,http-server-header,http-security-headers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-http-scripts.txt curl -sS https://jellyfin.marcotrix.xyz/System/Info/Public curl -sS https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=marcotrix.xyz curl -sS https://plc.directory/did:plc:rs545j57yaqct4qmp7c4aymc exiftool -a -G1 -s /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png sha256sum /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png /root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css /root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html </pre> == Appendix: Raw Targeted Nmap Output == === Passive-Port Targeted TCP Check === <pre> # Nmap 7.95 scan initiated Thu Jul 9 18:18:23 2026 as: nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.011s latency). PORT STATE SERVICE VERSION 80/tcp open http Caddy httpd 123/tcp closed ntp 143/tcp closed imap 443/tcp open ssl/https? 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 5201/tcp open iperf3 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:18:29 2026 -- 1 IP address (1 host up) scanned in 6.35 seconds </pre> === Targeted Mail-Port Check === <pre> # Nmap 7.95 scan initiated Thu Jul 9 18:19:37 2026 as: nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.010s latency). PORT STATE SERVICE VERSION 25/tcp filtered smtp 110/tcp closed pop3 143/tcp closed imap 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 995/tcp closed pop3s Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:19:38 2026 -- 1 IP address (1 host up) scanned in 1.43 seconds </pre> === Targeted UDP NTP Check === <pre> # Nmap 7.95 scan initiated Thu Jul 9 18:18:51 2026 as: nmap -Pn -sU -sV --version-light -p123 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.010s latency). PORT STATE SERVICE VERSION 123/udp open ntp NTP v4 (secondary server) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:18:51 2026 -- 1 IP address (1 host up) scanned in 0.29 seconds </pre>
Summary:
Please note that all contributions to Marcopedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Marcopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
associated-pages
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Tools
What links here
Related changes
Page information
Online users in chat