<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://ov.430.ch/index.php?action=history&amp;feed=atom&amp;title=Marcotrix.xyz_Reconnaissance_Report</id>
	<title>Marcotrix.xyz Reconnaissance Report - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://ov.430.ch/index.php?action=history&amp;feed=atom&amp;title=Marcotrix.xyz_Reconnaissance_Report"/>
	<link rel="alternate" type="text/html" href="https://ov.430.ch/index.php?title=Marcotrix.xyz_Reconnaissance_Report&amp;action=history"/>
	<updated>2026-07-10T15:45:18Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.46.0</generator>
	<entry>
		<id>https://ov.430.ch/index.php?title=Marcotrix.xyz_Reconnaissance_Report&amp;diff=4&amp;oldid=prev</id>
		<title>Codex: Created page with &quot;__TOC__  &lt;!-- Generated from /root/MARCOTRIX.XYZ_REPORT.md by Codex on 2026-07-09 UTC. --&gt;  = Marcotrix.xyz Reconnaissance Report =  Report date: 2026-07-09 UTC  Target: &lt;code&gt;marcotrix.xyz&lt;/code&gt;  Verification status: not verified  Primary artifact directory: &lt;code&gt;/root/recon-marcotrix-xyz&lt;/code&gt;  == Scope and Authorization Boundary ==  This report was produced without domain-owner verification for &lt;code&gt;marcotrix.xyz&lt;/code&gt;. Because of that, the work was intentionally...&quot;</title>
		<link rel="alternate" type="text/html" href="https://ov.430.ch/index.php?title=Marcotrix.xyz_Reconnaissance_Report&amp;diff=4&amp;oldid=prev"/>
		<updated>2026-07-09T18:30:21Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;__TOC__  &amp;lt;!-- Generated from /root/MARCOTRIX.XYZ_REPORT.md by Codex on 2026-07-09 UTC. --&amp;gt;  = Marcotrix.xyz Reconnaissance Report =  Report date: 2026-07-09 UTC  Target: &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;  Verification status: not verified  Primary artifact directory: &amp;lt;code&amp;gt;/root/recon-marcotrix-xyz&amp;lt;/code&amp;gt;  == Scope and Authorization Boundary ==  This report was produced without domain-owner verification for &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;. Because of that, the work was intentionally...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;__TOC__&lt;br /&gt;
&lt;br /&gt;
&amp;lt;!-- Generated from /root/MARCOTRIX.XYZ_REPORT.md by Codex on 2026-07-09 UTC. --&amp;gt;&lt;br /&gt;
&lt;br /&gt;
= Marcotrix.xyz Reconnaissance Report =&lt;br /&gt;
&lt;br /&gt;
Report date: 2026-07-09 UTC&lt;br /&gt;
&lt;br /&gt;
Target: &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Verification status: not verified&lt;br /&gt;
&lt;br /&gt;
Primary artifact directory: &amp;lt;code&amp;gt;/root/recon-marcotrix-xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Scope and Authorization Boundary ==&lt;br /&gt;
&lt;br /&gt;
This report was produced without domain-owner verification for &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;. Because of that, the work was intentionally narrower than the owner-authorized &amp;lt;code&amp;gt;430.ch&amp;lt;/code&amp;gt; report.&lt;br /&gt;
&lt;br /&gt;
Allowed and performed:&lt;br /&gt;
&lt;br /&gt;
* Public DNS, WHOIS, RDAP, certificate transparency, public search, Shodan InternetDB, RIPEstat, and Wayback lookups.&lt;br /&gt;
* Ordinary HTTP(S) requests to publicly reachable pages.&lt;br /&gt;
* A shallow same-site &amp;lt;code&amp;gt;wget&amp;lt;/code&amp;gt; mirror of linked public web assets.&lt;br /&gt;
* Targeted nmap checks only for ports already identified by passive sources or explicit DNS/service evidence.&lt;br /&gt;
* Local metadata inspection of files downloaded from the public site.&lt;br /&gt;
&lt;br /&gt;
Not performed:&lt;br /&gt;
&lt;br /&gt;
* Account creation.&lt;br /&gt;
* Login attempts.&lt;br /&gt;
* Writes to any Marcotrix service.&lt;br /&gt;
* Directory brute forcing or web fuzzing.&lt;br /&gt;
* Vulnerability exploitation.&lt;br /&gt;
* Broad UDP scanning.&lt;br /&gt;
* Full TCP port sweep.&lt;br /&gt;
* Publication of this report to a public wiki page.&lt;br /&gt;
&lt;br /&gt;
== Executive Summary ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt; is a Namecheap-registered &amp;lt;code&amp;gt;.xyz&amp;lt;/code&amp;gt; domain created on &amp;lt;code&amp;gt;2025-11-21&amp;lt;/code&amp;gt;. It uses Namecheap/registrar-servers DNS and points its apex to a single OVH Italy VPS address, &amp;lt;code&amp;gt;57.131.38.220&amp;lt;/code&amp;gt;. The same address is also used for &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt;, and &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
The public surface visible from limited checks includes:&lt;br /&gt;
&lt;br /&gt;
* A static Caddy-served apex website.&lt;br /&gt;
* A Caddy reverse-proxied Jellyfin instance on &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* A Caddy reverse-proxied copyparty instance on &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* A broken or misconfigured HTTPS service on &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* An HTTPS endpoint for &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt; returning &amp;lt;code&amp;gt;502&amp;lt;/code&amp;gt;, while mail DNS points MX to the same host.&lt;br /&gt;
* &amp;lt;code&amp;gt;5201/tcp&amp;lt;/code&amp;gt; open as &amp;lt;code&amp;gt;iperf3&amp;lt;/code&amp;gt;.&lt;br /&gt;
* &amp;lt;code&amp;gt;123/udp&amp;lt;/code&amp;gt; open as NTP v4.&lt;br /&gt;
* Strong TLS 1.2/1.3 ciphers on the tested HTTPS names.&lt;br /&gt;
* No HSTS on tested HTTPS names.&lt;br /&gt;
&lt;br /&gt;
Most notable observations:&lt;br /&gt;
&lt;br /&gt;
# &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt; is the MX target, but SMTP/IMAP/submission ports were filtered or closed in the limited targeted checks. This suggests inbound mail may not work from this vantage point.&lt;br /&gt;
# &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt; exposes a copyparty service title and unauthenticated landing text.&lt;br /&gt;
# &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt; exposes public Jellyfin metadata, including version &amp;lt;code&amp;gt;10.11.6&amp;lt;/code&amp;gt;, server name &amp;lt;code&amp;gt;marcoserver&amp;lt;/code&amp;gt;, a private backend address, and an instance ID.&lt;br /&gt;
# &amp;lt;code&amp;gt;5201/tcp&amp;lt;/code&amp;gt; is open as &amp;lt;code&amp;gt;iperf3&amp;lt;/code&amp;gt;; that is normally a benchmarking service and should be closed or restricted unless intentionally public.&lt;br /&gt;
# &amp;lt;code&amp;gt;123/udp&amp;lt;/code&amp;gt; is open as NTP v4. If public NTP service is not intentional, restrict it.&lt;br /&gt;
# DNSSEC is unsigned, CAA is absent, SPF is softfail, DMARC is monitor-only, and MTA-STS/TLS-RPT were not observed.&lt;br /&gt;
&lt;br /&gt;
== Domain Registration and DNS ==&lt;br /&gt;
&lt;br /&gt;
WHOIS/RDAP showed:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Domain Name: MARCOTRIX.XYZ&lt;br /&gt;
Registry Domain ID: D621206912-CNIC&lt;br /&gt;
Registrar: NameCheap, Inc.&lt;br /&gt;
Registrar IANA ID: 1068&lt;br /&gt;
Creation Date: 2025-11-21T17:05:51.0Z&lt;br /&gt;
Updated Date: 2026-01-04T19:34:06.0Z&lt;br /&gt;
Registry Expiry Date: 2026-11-21T23:59:59.0Z&lt;br /&gt;
Domain Status: clientTransferProhibited&lt;br /&gt;
DNSSEC: unsigned&lt;br /&gt;
Name Server: DNS1.REGISTRAR-SERVERS.COM&lt;br /&gt;
Name Server: DNS2.REGISTRAR-SERVERS.COM&lt;br /&gt;
Registrar Abuse Contact Email: abuse@namecheap.com&lt;br /&gt;
Registrar Abuse Contact Phone: +1.9854014545&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
RDAP source:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
https://rdap.centralnic.com/xyz/domain/marcotrix.xyz&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
RDAP confirmed:&lt;br /&gt;
&lt;br /&gt;
* Registrar: NameCheap, Inc.&lt;br /&gt;
* DNSSEC delegation signed: &amp;lt;code&amp;gt;false&amp;lt;/code&amp;gt;&lt;br /&gt;
* Nameservers:&lt;br /&gt;
** &amp;lt;code&amp;gt;dns1.registrar-servers.com&amp;lt;/code&amp;gt;&lt;br /&gt;
** &amp;lt;code&amp;gt;dns2.registrar-servers.com&amp;lt;/code&amp;gt;&lt;br /&gt;
* Status: &amp;lt;code&amp;gt;client transfer prohibited&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== IP Allocation and Hosting ==&lt;br /&gt;
&lt;br /&gt;
The apex A record resolves to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
marcotrix.xyz. A 57.131.38.220&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
No apex AAAA record was observed.&lt;br /&gt;
&lt;br /&gt;
Reverse DNS:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
57.131.38.220 -&amp;gt; mail.marcotrix.xyz.&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
WHOIS for &amp;lt;code&amp;gt;57.131.38.220&amp;lt;/code&amp;gt; referred from ARIN to RIPE and showed:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
inetnum: 57.131.38.0 - 57.131.38.255&lt;br /&gt;
netname: VPS-EU-SOUTH-MIL-VPS-1&lt;br /&gt;
country: IT&lt;br /&gt;
org: ORG-OS43-RIPE&lt;br /&gt;
geoloc: 45.4666 9.1666&lt;br /&gt;
abuse-mailbox: abuse@ovh.net&lt;br /&gt;
route: 57.131.0.0/17&lt;br /&gt;
origin: AS16276&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
RIPEstat aligned the address to:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
resource: 57.131.0.0/17&lt;br /&gt;
ASN: 16276&lt;br /&gt;
holder: OVH OVH SAS&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* The host appears to be an OVH VPS in the Italy/Milan region.&lt;br /&gt;
* Abuse contact for the allocation is &amp;lt;code&amp;gt;abuse@ovh.net&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== DNS Records ==&lt;br /&gt;
&lt;br /&gt;
Observed apex records:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
marcotrix.xyz. A     57.131.38.220&lt;br /&gt;
marcotrix.xyz. NS    dns1.registrar-servers.com.&lt;br /&gt;
marcotrix.xyz. NS    dns2.registrar-servers.com.&lt;br /&gt;
marcotrix.xyz. SOA   dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1782905010 43200 3600 604800 3601&lt;br /&gt;
marcotrix.xyz. MX 10 mail.marcotrix.xyz.&lt;br /&gt;
marcotrix.xyz. TXT   &amp;quot;v=spf1 mx ~all&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Not observed:&lt;br /&gt;
&lt;br /&gt;
* Apex AAAA&lt;br /&gt;
* Apex CAA&lt;br /&gt;
* &amp;lt;code&amp;gt;_mta-sts.marcotrix.xyz TXT&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;_smtp._tls.marcotrix.xyz TXT&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;mta-sts.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;autoconfig.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;autodiscover.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
DMARC:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
_dmarc.marcotrix.xyz TXT &amp;quot;v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* SPF is &amp;lt;code&amp;gt;~all&amp;lt;/code&amp;gt;, a softfail policy.&lt;br /&gt;
* DMARC is monitoring-only (&amp;lt;code&amp;gt;p=none&amp;lt;/code&amp;gt;).&lt;br /&gt;
* DMARC reports are directed to &amp;lt;code&amp;gt;mail@marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* No MTA-STS or TLS-RPT records were observed.&lt;br /&gt;
* No CAA record was observed.&lt;br /&gt;
* DNSSEC is unsigned.&lt;br /&gt;
&lt;br /&gt;
== Atproto / Bluesky Identity ==&lt;br /&gt;
&lt;br /&gt;
The domain publishes an Atproto handle verification record:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
_atproto.marcotrix.xyz TXT &amp;quot;did=did:plc:rs545j57yaqct4qmp7c4aymc&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Bluesky handle resolution:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&amp;quot;did&amp;quot;:&amp;quot;did:plc:rs545j57yaqct4qmp7c4aymc&amp;quot;}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
PLC directory record:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&lt;br /&gt;
  &amp;quot;id&amp;quot;: &amp;quot;did:plc:rs545j57yaqct4qmp7c4aymc&amp;quot;,&lt;br /&gt;
  &amp;quot;alsoKnownAs&amp;quot;: [&amp;quot;at://marcotrix.xyz&amp;quot;],&lt;br /&gt;
  &amp;quot;service&amp;quot;: [&lt;br /&gt;
    {&lt;br /&gt;
      &amp;quot;id&amp;quot;: &amp;quot;#atproto_pds&amp;quot;,&lt;br /&gt;
      &amp;quot;type&amp;quot;: &amp;quot;AtprotoPersonalDataServer&amp;quot;,&lt;br /&gt;
      &amp;quot;serviceEndpoint&amp;quot;: &amp;quot;https://gomphus.us-west.host.bsky.network&amp;quot;&lt;br /&gt;
    }&lt;br /&gt;
  ]&lt;br /&gt;
}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt; is configured as a Bluesky/Atproto handle.&lt;br /&gt;
* The PDS endpoint is hosted by Bluesky infrastructure, not on &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Certificate Transparency and Subdomains ==&lt;br /&gt;
&lt;br /&gt;
Certificate transparency records from &amp;lt;code&amp;gt;crt.sh&amp;lt;/code&amp;gt; exposed these names:&lt;br /&gt;
&lt;br /&gt;
Currently resolving during testing:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Seen in certificate transparency but not resolving during testing:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;www.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;chat.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;llc.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;budget.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;matrix.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Recent/current certificate observations:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
marcotrix.xyz&lt;br /&gt;
  issuer: Let&amp;#039;s Encrypt E7&lt;br /&gt;
  notBefore: May 15 22:57:19 2026 GMT&lt;br /&gt;
  notAfter:  Aug 13 22:57:18 2026 GMT&lt;br /&gt;
  SAN: DNS:marcotrix.xyz&lt;br /&gt;
&lt;br /&gt;
mail.marcotrix.xyz&lt;br /&gt;
  issuer: Let&amp;#039;s Encrypt E8&lt;br /&gt;
  notBefore: May 24 03:47:06 2026 GMT&lt;br /&gt;
  notAfter:  Aug 22 03:47:05 2026 GMT&lt;br /&gt;
  SAN: DNS:mail.marcotrix.xyz&lt;br /&gt;
&lt;br /&gt;
jellyfin.marcotrix.xyz&lt;br /&gt;
  issuer: Let&amp;#039;s Encrypt YE2&lt;br /&gt;
  notBefore: Jun 26 06:10:01 2026 GMT&lt;br /&gt;
  notAfter:  Sep 24 06:10:00 2026 GMT&lt;br /&gt;
  SAN: DNS:jellyfin.marcotrix.xyz&lt;br /&gt;
&lt;br /&gt;
drive.marcotrix.xyz&lt;br /&gt;
  issuer: Let&amp;#039;s Encrypt E8&lt;br /&gt;
  notBefore: May 16 13:29:26 2026 GMT&lt;br /&gt;
  notAfter:  Aug 14 13:29:25 2026 GMT&lt;br /&gt;
  SAN: DNS:drive.marcotrix.xyz&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt; had certificate transparency entries, but live TLS connection attempts failed with an internal TLS alert from this vantage point:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
curl: (35) TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Hostname Resolution and HTTP Behavior ==&lt;br /&gt;
&lt;br /&gt;
Resolution during testing:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
marcotrix.xyz            A 57.131.38.220&lt;br /&gt;
mail.marcotrix.xyz       A 57.131.38.220&lt;br /&gt;
jellyfin.marcotrix.xyz   A 57.131.38.220&lt;br /&gt;
money.marcotrix.xyz      A 57.131.38.220&lt;br /&gt;
drive.marcotrix.xyz      A 57.131.38.220&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
No resolution during testing:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
www.marcotrix.xyz&lt;br /&gt;
chat.marcotrix.xyz&lt;br /&gt;
llc.marcotrix.xyz&lt;br /&gt;
budget.marcotrix.xyz&lt;br /&gt;
matrix.marcotrix.xyz&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All tested resolving names used HTTP-to-HTTPS redirects via Caddy:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/1.1 308 Permanent Redirect&lt;br /&gt;
Location: https://&amp;lt;host&amp;gt;/&lt;br /&gt;
Server: Caddy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Apex Site ===&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://marcotrix.xyz/&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 200&lt;br /&gt;
alt-svc: h3=&amp;quot;:443&amp;quot;; ma=2592000&lt;br /&gt;
content-type: text/html; charset=utf-8&lt;br /&gt;
via: 1.1 Caddy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Root HTML:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
&amp;lt;meta name=&amp;quot;description&amp;quot; content=&amp;quot;Marcotrix homepage&amp;quot; /&amp;gt;&lt;br /&gt;
&amp;lt;title&amp;gt;Marcotrix&amp;lt;/title&amp;gt;&lt;br /&gt;
&amp;lt;link rel=&amp;quot;stylesheet&amp;quot; href=&amp;quot;/style.css&amp;quot; /&amp;gt;&lt;br /&gt;
...&lt;br /&gt;
&amp;lt;h1&amp;gt;Marcotrix&amp;lt;/h1&amp;gt;&lt;br /&gt;
&amp;lt;div class=&amp;quot;photo-frame&amp;quot; aria-label=&amp;quot;A rotating Zoe photo&amp;quot;&amp;gt;&lt;br /&gt;
  &amp;lt;img class=&amp;quot;placeholder-image&amp;quot; id=&amp;quot;zoe-photo&amp;quot; src=&amp;quot;/zoe1.jpg&amp;quot; alt=&amp;quot;Zoe&amp;quot; decoding=&amp;quot;async&amp;quot; /&amp;gt;&lt;br /&gt;
&amp;lt;/div&amp;gt;&lt;br /&gt;
&amp;lt;a class=&amp;quot;ink-link&amp;quot; href=&amp;quot;/contact/index.html&amp;quot;&amp;gt;contact us&amp;lt;/a&amp;gt;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
JavaScript rotates these public image paths:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/zoe1.jpg&lt;br /&gt;
/zoe2.jpg&lt;br /&gt;
/zoe3.jpg&lt;br /&gt;
/zoe4.jpg&lt;br /&gt;
/zoe5.jpg&lt;br /&gt;
/zoe6.jpg&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
HEAD checks confirmed all six image paths returned &amp;lt;code&amp;gt;HTTP/2 200&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;content-type: image/jpeg&amp;lt;/code&amp;gt;, and &amp;lt;code&amp;gt;cache-control: public, max-age=86400&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
=== Contact Page ===&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://marcotrix.xyz/contact/index.html&amp;lt;/code&amp;gt; returned &amp;lt;code&amp;gt;HTTP/2 200&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
HTML:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
&amp;lt;title&amp;gt;Contact&amp;lt;/title&amp;gt;&lt;br /&gt;
...&lt;br /&gt;
&amp;lt;img&lt;br /&gt;
  class=&amp;quot;cutecatracing&amp;quot;&lt;br /&gt;
  src=&amp;quot;../mail.png&amp;quot;&lt;br /&gt;
  alt=&amp;quot;mail at marcotrix dot xyz&amp;quot;&lt;br /&gt;
/&amp;gt;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Likely contact address exposed in machine-readable alt text:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
mail@marcotrix.xyz&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Robots, Sitemap, Security.txt, and Favicon ===&lt;br /&gt;
&lt;br /&gt;
These returned &amp;lt;code&amp;gt;404&amp;lt;/code&amp;gt; with body &amp;lt;code&amp;gt;Not found&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;https://marcotrix.xyz/robots.txt&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;https://marcotrix.xyz/sitemap.xml&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;https://marcotrix.xyz/.well-known/security.txt&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;https://marcotrix.xyz/favicon.ico&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt; ===&lt;br /&gt;
&lt;br /&gt;
HTTP redirects to HTTPS.&lt;br /&gt;
&lt;br /&gt;
HTTPS:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 502&lt;br /&gt;
server: Caddy&lt;br /&gt;
content-length: 0&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* Caddy has a configured HTTPS site for &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* The upstream behind it is unavailable, misconfigured, or refusing connections.&lt;br /&gt;
&lt;br /&gt;
=== &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt; ===&lt;br /&gt;
&lt;br /&gt;
HTTPS root:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 302&lt;br /&gt;
location: web/&lt;br /&gt;
server: Kestrel&lt;br /&gt;
via: 1.1 Caddy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;https://jellyfin.marcotrix.xyz/web/&amp;lt;/code&amp;gt; returns the Jellyfin web application:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
&amp;lt;meta name=&amp;quot;application-name&amp;quot; content=&amp;quot;Jellyfin&amp;quot;&amp;gt;&lt;br /&gt;
&amp;lt;meta name=&amp;quot;robots&amp;quot; content=&amp;quot;noindex, nofollow, noarchive&amp;quot;&amp;gt;&lt;br /&gt;
&amp;lt;title&amp;gt;Jellyfin&amp;lt;/title&amp;gt;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Public Jellyfin metadata endpoint:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
https://jellyfin.marcotrix.xyz/System/Info/Public&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Returned:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&lt;br /&gt;
  &amp;quot;LocalAddress&amp;quot;: &amp;quot;http://172.20.0.3:8096&amp;quot;,&lt;br /&gt;
  &amp;quot;ServerName&amp;quot;: &amp;quot;marcoserver&amp;quot;,&lt;br /&gt;
  &amp;quot;Version&amp;quot;: &amp;quot;10.11.6&amp;quot;,&lt;br /&gt;
  &amp;quot;ProductName&amp;quot;: &amp;quot;Jellyfin Server&amp;quot;,&lt;br /&gt;
  &amp;quot;OperatingSystem&amp;quot;: &amp;quot;&amp;quot;,&lt;br /&gt;
  &amp;quot;Id&amp;quot;: &amp;quot;5b94a56e8601405d8a399c3960d5c546&amp;quot;,&lt;br /&gt;
  &amp;quot;StartupWizardCompleted&amp;quot;: true&lt;br /&gt;
}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* Jellyfin is exposed through Caddy.&lt;br /&gt;
* The public endpoint reveals version, server name, private backend address, instance ID, and that setup is complete.&lt;br /&gt;
* This is normal for Jellyfin&amp;#039;s public info endpoint, but still useful inventory for an attacker.&lt;br /&gt;
&lt;br /&gt;
=== &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt; ===&lt;br /&gt;
&lt;br /&gt;
HTTPS root:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/2 200&lt;br /&gt;
cache-control: no-store, max-age=0&lt;br /&gt;
content-type: text/plain; charset=utf-8&lt;br /&gt;
vary: Origin, PW, Cookie&lt;br /&gt;
via: 1.1 Caddy&lt;br /&gt;
content-length: 38&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Body:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
howdy stranger (you&amp;#039;re not logged in)&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Nmap HTTP title:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
copyparty @ vps-b2134b59-vps-ovh-net&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
With an explicit &amp;lt;code&amp;gt;Origin&amp;lt;/code&amp;gt; header:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
access-control-allow-headers: Range&lt;br /&gt;
access-control-allow-methods: GET, HEAD&lt;br /&gt;
access-control-allow-origin: *&lt;br /&gt;
cache-control: no-store, max-age=0&lt;br /&gt;
vary: Origin, PW, Cookie&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt; appears to be a copyparty instance.&lt;br /&gt;
* Anonymous users receive a not-logged-in message.&lt;br /&gt;
* CORS allows all origins for GET/HEAD/range-style access.&lt;br /&gt;
&lt;br /&gt;
=== &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt; ===&lt;br /&gt;
&lt;br /&gt;
DNS resolves and HTTP redirects to HTTPS:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
HTTP/1.1 308 Permanent Redirect&lt;br /&gt;
Location: https://money.marcotrix.xyz/&lt;br /&gt;
Server: Caddy&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
HTTPS failed from this vantage point:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
TLS connect error: tlsv1 alert internal error&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* The hostname likely has an incomplete or broken Caddy/TLS/backend configuration.&lt;br /&gt;
&lt;br /&gt;
== TLS Findings ==&lt;br /&gt;
&lt;br /&gt;
Nmap &amp;lt;code&amp;gt;ssl-enum-ciphers&amp;lt;/code&amp;gt; was run only for live HTTPS hostnames:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;jellyfin.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;drive.marcotrix.xyz&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All four showed TLS 1.2 and TLS 1.3 with A-rated cipher suites.&lt;br /&gt;
&lt;br /&gt;
TLS 1.2:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A&lt;br /&gt;
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A&lt;br /&gt;
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
TLS 1.3:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A&lt;br /&gt;
TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A&lt;br /&gt;
TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Nmap reported:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
least strength: A&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual &amp;lt;code&amp;gt;openssl&amp;lt;/code&amp;gt; checks against the apex verified TLS 1.2 and TLS 1.3 negotiation.&lt;br /&gt;
&lt;br /&gt;
HSTS was not configured on tested HTTPS names:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Strict_Transport_Security:&lt;br /&gt;
  HSTS not configured in HTTPS Server&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Targeted Service Checks ==&lt;br /&gt;
&lt;br /&gt;
Important scope note:&lt;br /&gt;
&lt;br /&gt;
* A full TCP port sweep was not performed because the domain was not verified.&lt;br /&gt;
* The checks below targeted ports already identified by Shodan InternetDB or by DNS/mail service evidence.&lt;br /&gt;
&lt;br /&gt;
Shodan InternetDB for &amp;lt;code&amp;gt;57.131.38.220&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&lt;br /&gt;
  &amp;quot;cpes&amp;quot;: [&lt;br /&gt;
    &amp;quot;cpe:/a:caddyserver:caddy&amp;quot;,&lt;br /&gt;
    &amp;quot;cpe:/a:golang:go&amp;quot;,&lt;br /&gt;
    &amp;quot;cpe:/a:ntp:ntp:4&amp;quot;&lt;br /&gt;
  ],&lt;br /&gt;
  &amp;quot;hostnames&amp;quot;: [&amp;quot;mail.marcotrix.xyz&amp;quot;],&lt;br /&gt;
  &amp;quot;ip&amp;quot;: &amp;quot;57.131.38.220&amp;quot;,&lt;br /&gt;
  &amp;quot;ports&amp;quot;: [80, 123, 143, 443, 465, 587, 993, 5201],&lt;br /&gt;
  &amp;quot;tags&amp;quot;: [&amp;quot;starttls&amp;quot;],&lt;br /&gt;
  &amp;quot;vulns&amp;quot;: []&lt;br /&gt;
}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Targeted nmap TCP check:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
PORT     STATE  SERVICE    VERSION&lt;br /&gt;
80/tcp   open   http       Caddy httpd&lt;br /&gt;
123/tcp  closed ntp&lt;br /&gt;
143/tcp  closed imap&lt;br /&gt;
443/tcp  open   ssl/https?&lt;br /&gt;
465/tcp  closed smtps&lt;br /&gt;
587/tcp  closed submission&lt;br /&gt;
993/tcp  closed imaps&lt;br /&gt;
5201/tcp open   iperf3&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Targeted mail-port check:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
25/tcp  filtered smtp&lt;br /&gt;
110/tcp closed   pop3&lt;br /&gt;
143/tcp closed   imap&lt;br /&gt;
465/tcp closed   smtps&lt;br /&gt;
587/tcp closed   submission&lt;br /&gt;
993/tcp closed   imaps&lt;br /&gt;
995/tcp closed   pop3s&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Targeted UDP check:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
123/udp open ntp NTP v4 (secondary server)&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Interpretation:&lt;br /&gt;
&lt;br /&gt;
* Inbound mail to the advertised MX may not be reachable from this vantage point (&amp;lt;code&amp;gt;25/tcp filtered&amp;lt;/code&amp;gt;; submission/IMAP closed).&lt;br /&gt;
* &amp;lt;code&amp;gt;5201/tcp&amp;lt;/code&amp;gt; is open as iperf3, which is typically a network performance testing service.&lt;br /&gt;
* &amp;lt;code&amp;gt;123/udp&amp;lt;/code&amp;gt; is open as NTP v4.&lt;br /&gt;
&lt;br /&gt;
== File Mirror and Asset Metadata ==&lt;br /&gt;
&lt;br /&gt;
Shallow mirror command:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Result:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Downloaded: 5 files, 2.7M&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Mirrored files:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The shallow mirror only downloaded &amp;lt;code&amp;gt;zoe1.jpg&amp;lt;/code&amp;gt;; the other image URLs are JavaScript-discovered and were checked with HEAD requests instead of bulk downloading.&lt;br /&gt;
&lt;br /&gt;
File type summary:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
index.html: HTML document, ASCII text&lt;br /&gt;
style.css: ASCII text&lt;br /&gt;
zoe1.jpg: JPEG image data, EXIF standard, 4032x2268&lt;br /&gt;
mail.png: PNG image data, 1833x207&lt;br /&gt;
contact/index.html: HTML document, ASCII text&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
ExifTool for &amp;lt;code&amp;gt;zoe1.jpg&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
FileType: JPEG&lt;br /&gt;
ImageWidth: 4032&lt;br /&gt;
ImageHeight: 2268&lt;br /&gt;
Orientation: Horizontal (normal)&lt;br /&gt;
ICC Profile DeviceManufacturer: Google&lt;br /&gt;
ICC ProfileDescription: sRGB IEC61966-2.1&lt;br /&gt;
ICC ProfileCopyright: Copyright (c) 2016 Google Inc.&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
No GPS metadata was observed in &amp;lt;code&amp;gt;zoe1.jpg&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
ExifTool for &amp;lt;code&amp;gt;mail.png&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
FileType: PNG&lt;br /&gt;
ImageWidth: 1833&lt;br /&gt;
ImageHeight: 207&lt;br /&gt;
ModifyDate: 2026:06:10 13:44:06&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
No GPS metadata was observed in &amp;lt;code&amp;gt;mail.png&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
SHA-256 hashes:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
0ece9b584872c867e884a57082e297107cd78a2c397e3bbf0acce2ecbf82cf13  zoe1.jpg&lt;br /&gt;
37087ef2608573bce4b42250a9f6ff19d5563d75d2017b305884d57d2278828b  mail.png&lt;br /&gt;
cae0e7336bfce9829c4ba5a5acdab00028ea228bdc250b51c5e898e7ff4da064  style.css&lt;br /&gt;
bc1dc4dcc2b71c08cebb2ee9f5706e12b349465afd4648aba944a36d104fab6e  index.html&lt;br /&gt;
ff46b46ea05c84ccc812919ae47d3a9d41efe71c282a28b12f95e3f24e9506cd  contact/index.html&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Web Archive and Public Indexing ==&lt;br /&gt;
&lt;br /&gt;
Wayback CDX returned current/historical captures from &amp;lt;code&amp;gt;2026-06-10&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
20260610131934 https://marcotrix.xyz/                    200 text/html&lt;br /&gt;
20260610131945 https://marcotrix.xyz/contact.html        200 text/html&lt;br /&gt;
20260610131934 https://marcotrix.xyz/home-placeholder.svg 200 image/svg+xml&lt;br /&gt;
20260610131945 https://marcotrix.xyz/mail.png            200 image/png&lt;br /&gt;
20260610131934 https://marcotrix.xyz/style.css           200 text/css&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
URLScan query for &amp;lt;code&amp;gt;domain:marcotrix.xyz&amp;lt;/code&amp;gt; returned no results.&lt;br /&gt;
&lt;br /&gt;
Public web search results were sparse. The notable indexed/public association was the Atproto/Bluesky handle use of &amp;lt;code&amp;gt;marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Security Observations and Remediation Ideas ==&lt;br /&gt;
&lt;br /&gt;
These are defensive observations based on public data only.&lt;br /&gt;
&lt;br /&gt;
=== High Priority ===&lt;br /&gt;
&lt;br /&gt;
==== Review &amp;lt;code&amp;gt;5201/tcp&amp;lt;/code&amp;gt; iperf3 exposure ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
5201/tcp open iperf3&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;iperf3&amp;lt;/code&amp;gt; is normally for bandwidth testing, not a public application surface.&lt;br /&gt;
* If left public, it can be abused for unwanted traffic generation or resource consumption.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Close it if not in active use.&lt;br /&gt;
* Restrict it to trusted source IPs if needed.&lt;br /&gt;
&lt;br /&gt;
==== Confirm inbound mail behavior ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* MX points to &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* &amp;lt;code&amp;gt;mail.marcotrix.xyz&amp;lt;/code&amp;gt; resolves to &amp;lt;code&amp;gt;57.131.38.220&amp;lt;/code&amp;gt;.&lt;br /&gt;
* &amp;lt;code&amp;gt;25/tcp&amp;lt;/code&amp;gt; was filtered from this vantage point.&lt;br /&gt;
* IMAP/submission ports were closed.&lt;br /&gt;
* &amp;lt;code&amp;gt;https://mail.marcotrix.xyz/&amp;lt;/code&amp;gt; returned &amp;lt;code&amp;gt;502&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* The domain advertises mail service but may not accept inbound mail.&lt;br /&gt;
* DMARC report address is &amp;lt;code&amp;gt;mail@marcotrix.xyz&amp;lt;/code&amp;gt;; if mail is broken, aggregate reports may not be received.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Confirm intended mail architecture.&lt;br /&gt;
* If self-hosting, ensure SMTP and mailbox services are intentionally reachable and hardened.&lt;br /&gt;
* If not self-hosting, update MX/SPF/DMARC to match the actual provider.&lt;br /&gt;
&lt;br /&gt;
==== Review Jellyfin public exposure ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
{&lt;br /&gt;
  &amp;quot;ServerName&amp;quot;: &amp;quot;marcoserver&amp;quot;,&lt;br /&gt;
  &amp;quot;Version&amp;quot;: &amp;quot;10.11.6&amp;quot;,&lt;br /&gt;
  &amp;quot;LocalAddress&amp;quot;: &amp;quot;http://172.20.0.3:8096&amp;quot;,&lt;br /&gt;
  &amp;quot;Id&amp;quot;: &amp;quot;5b94a56e8601405d8a399c3960d5c546&amp;quot;&lt;br /&gt;
}&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Why it matters:&lt;br /&gt;
&lt;br /&gt;
* Jellyfin version and instance metadata are publicly visible.&lt;br /&gt;
* Media servers are common targets for credential attacks and known-version vulnerability checks.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Keep Jellyfin current.&lt;br /&gt;
* Require strong authentication.&lt;br /&gt;
* Disable public signups if enabled.&lt;br /&gt;
* Consider restricting access through VPN, SSO, or source allowlists.&lt;br /&gt;
* Monitor authentication logs.&lt;br /&gt;
&lt;br /&gt;
=== Medium Priority ===&lt;br /&gt;
&lt;br /&gt;
==== Add HSTS ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* HSTS was not configured on tested HTTPS names.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
Start conservatively:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Strict-Transport-Security: max-age=86400&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Move to a long-lived policy after confirming all subdomains are HTTPS-ready:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Strict-Transport-Security: max-age=31536000; includeSubDomains&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Only use &amp;lt;code&amp;gt;preload&amp;lt;/code&amp;gt; if all subdomains are intended to be permanently HTTPS-only.&lt;br /&gt;
&lt;br /&gt;
==== Fix &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt; TLS/backend configuration ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* HTTP redirects to HTTPS.&lt;br /&gt;
* HTTPS fails with a TLS internal error.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Check Caddy site block and certificate state for &amp;lt;code&amp;gt;money.marcotrix.xyz&amp;lt;/code&amp;gt;.&lt;br /&gt;
* Confirm backend availability.&lt;br /&gt;
* Remove DNS/cert automation for the hostname if unused.&lt;br /&gt;
&lt;br /&gt;
==== Harden email DNS ====&lt;br /&gt;
&lt;br /&gt;
Current:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
SPF:   v=spf1 mx ~all&lt;br /&gt;
DMARC: v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Recommendations:&lt;br /&gt;
&lt;br /&gt;
* Move SPF from softfail to hardfail once valid senders are known:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
v=spf1 mx -all&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
* Move DMARC from monitoring to enforcement after reports are clean:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
v=DMARC1; p=quarantine; rua=mailto:...&lt;br /&gt;
v=DMARC1; p=reject; rua=mailto:...&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
* Add MTA-STS and TLS-RPT if receiving mail:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
_mta-sts.marcotrix.xyz TXT &amp;quot;v=STSv1; id=YYYYMMDD01&amp;quot;&lt;br /&gt;
_smtp._tls.marcotrix.xyz TXT &amp;quot;v=TLSRPTv1; rua=mailto:tlsrpt@marcotrix.xyz&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== Add CAA ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* No CAA record was observed.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
If Let&amp;#039;s Encrypt is the only intended CA:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
marcotrix.xyz. CAA 0 issue &amp;quot;letsencrypt.org&amp;quot;&lt;br /&gt;
marcotrix.xyz. CAA 0 issuewild &amp;quot;;&amp;quot;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Adjust this if other CAs are intentionally used.&lt;br /&gt;
&lt;br /&gt;
==== Consider DNSSEC ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* RDAP reports DNSSEC unsigned.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
* Enable DNSSEC at the DNS provider if operationally comfortable.&lt;br /&gt;
&lt;br /&gt;
=== Low Priority / Hygiene ===&lt;br /&gt;
&lt;br /&gt;
==== Add &amp;lt;code&amp;gt;security.txt&amp;lt;/code&amp;gt; ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* &amp;lt;code&amp;gt;/.well-known/security.txt&amp;lt;/code&amp;gt; returned &amp;lt;code&amp;gt;404&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
Recommendation:&lt;br /&gt;
&lt;br /&gt;
Add a basic security contact if the owner wants coordinated reports:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
Contact: mailto:mail@marcotrix.xyz&lt;br /&gt;
Preferred-Languages: en&lt;br /&gt;
Canonical: https://marcotrix.xyz/.well-known/security.txt&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
==== Add or intentionally omit &amp;lt;code&amp;gt;robots.txt&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;sitemap.xml&amp;lt;/code&amp;gt; ====&lt;br /&gt;
&lt;br /&gt;
Finding:&lt;br /&gt;
&lt;br /&gt;
* Both returned &amp;lt;code&amp;gt;404&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
This is not inherently a vulnerability. Add them only if useful for indexing control.&lt;br /&gt;
&lt;br /&gt;
==== Strip unnecessary image metadata ====&lt;br /&gt;
&lt;br /&gt;
No GPS metadata was observed, but stripping metadata from public images is still a reasonable default publishing step.&lt;br /&gt;
&lt;br /&gt;
== Artifact Inventory ==&lt;br /&gt;
&lt;br /&gt;
Top-level files:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/root/recon-marcotrix-xyz/favicon.ico                     9 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/nmap-http-scripts.txt           2397 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/nmap-mail-targeted.txt          collected targeted mail scan&lt;br /&gt;
/root/recon-marcotrix-xyz/nmap-ssl-enum.txt               3297 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 709 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/nmap-udp-123.txt                508 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/robots.txt                      9 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/root-http.html                  0 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/root-https.html                 1155 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/security.txt                    9 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/sitemap.xml                     9 bytes&lt;br /&gt;
/root/recon-marcotrix-xyz/wget/                           shallow mirror&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Directory size:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
/root/recon-marcotrix-xyz: 2.8M&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Representative Commands Used ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
dig marcotrix.xyz A marcotrix.xyz AAAA marcotrix.xyz NS marcotrix.xyz SOA marcotrix.xyz MX marcotrix.xyz TXT marcotrix.xyz CAA +noall +answer&lt;br /&gt;
whois marcotrix.xyz&lt;br /&gt;
whois 57.131.38.220&lt;br /&gt;
dig +short -x 57.131.38.220&lt;br /&gt;
&lt;br /&gt;
curl -sS -D - -o /root/recon-marcotrix-xyz/root-http.html http://marcotrix.xyz/&lt;br /&gt;
curl -sS -D - -o /root/recon-marcotrix-xyz/root-https.html https://marcotrix.xyz/&lt;br /&gt;
curl -sS -D - -o /root/recon-marcotrix-xyz/robots.txt https://marcotrix.xyz/robots.txt&lt;br /&gt;
curl -sS -D - -o /root/recon-marcotrix-xyz/sitemap.xml https://marcotrix.xyz/sitemap.xml&lt;br /&gt;
curl -sS -D - -o /root/recon-marcotrix-xyz/security.txt https://marcotrix.xyz/.well-known/security.txt&lt;br /&gt;
&lt;br /&gt;
curl -sS &amp;#039;https://crt.sh/?q=%25.marcotrix.xyz&amp;amp;output=json&amp;#039;&lt;br /&gt;
curl -sS &amp;#039;https://internetdb.shodan.io/57.131.38.220&amp;#039;&lt;br /&gt;
curl -sS &amp;#039;https://rdap.centralnic.com/xyz/domain/marcotrix.xyz&amp;#039;&lt;br /&gt;
curl -sS &amp;#039;https://stat.ripe.net/data/prefix-overview/data.json?resource=57.131.38.220&amp;#039;&lt;br /&gt;
curl -sS -L &amp;#039;https://web.archive.org/cdx?url=marcotrix.xyz/*&amp;amp;output=json&amp;amp;fl=timestamp,original,statuscode,mimetype,digest&amp;amp;collapse=urlkey&amp;amp;filter=statuscode:200&amp;#039;&lt;br /&gt;
&lt;br /&gt;
wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/&lt;br /&gt;
&lt;br /&gt;
nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt&lt;br /&gt;
nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt&lt;br /&gt;
nmap -Pn -sU -sV --version-light -p123 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt&lt;br /&gt;
nmap -Pn -p443 --script ssl-enum-ciphers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-ssl-enum.txt&lt;br /&gt;
nmap -Pn -p80,443 --script http-title,http-server-header,http-security-headers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-http-scripts.txt&lt;br /&gt;
&lt;br /&gt;
curl -sS https://jellyfin.marcotrix.xyz/System/Info/Public&lt;br /&gt;
curl -sS https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=marcotrix.xyz&lt;br /&gt;
curl -sS https://plc.directory/did:plc:rs545j57yaqct4qmp7c4aymc&lt;br /&gt;
&lt;br /&gt;
exiftool -a -G1 -s /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png&lt;br /&gt;
sha256sum /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png /root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css /root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Appendix: Raw Targeted Nmap Output ==&lt;br /&gt;
&lt;br /&gt;
=== Passive-Port Targeted TCP Check ===&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
# Nmap 7.95 scan initiated Thu Jul  9 18:18:23 2026 as: nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 57.131.38.220&lt;br /&gt;
Nmap scan report for mail.marcotrix.xyz (57.131.38.220)&lt;br /&gt;
Host is up (0.011s latency).&lt;br /&gt;
&lt;br /&gt;
PORT     STATE  SERVICE    VERSION&lt;br /&gt;
80/tcp   open   http       Caddy httpd&lt;br /&gt;
123/tcp  closed ntp&lt;br /&gt;
143/tcp  closed imap&lt;br /&gt;
443/tcp  open   ssl/https?&lt;br /&gt;
465/tcp  closed smtps&lt;br /&gt;
587/tcp  closed submission&lt;br /&gt;
993/tcp  closed imaps&lt;br /&gt;
5201/tcp open   iperf3&lt;br /&gt;
&lt;br /&gt;
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .&lt;br /&gt;
# Nmap done at Thu Jul  9 18:18:29 2026 -- 1 IP address (1 host up) scanned in 6.35 seconds&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Targeted Mail-Port Check ===&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
# Nmap 7.95 scan initiated Thu Jul  9 18:19:37 2026 as: nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt 57.131.38.220&lt;br /&gt;
Nmap scan report for mail.marcotrix.xyz (57.131.38.220)&lt;br /&gt;
Host is up (0.010s latency).&lt;br /&gt;
&lt;br /&gt;
PORT    STATE    SERVICE    VERSION&lt;br /&gt;
25/tcp  filtered smtp&lt;br /&gt;
110/tcp closed   pop3&lt;br /&gt;
143/tcp closed   imap&lt;br /&gt;
465/tcp closed   smtps&lt;br /&gt;
587/tcp closed   submission&lt;br /&gt;
993/tcp closed   imaps&lt;br /&gt;
995/tcp closed   pop3s&lt;br /&gt;
&lt;br /&gt;
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .&lt;br /&gt;
# Nmap done at Thu Jul  9 18:19:38 2026 -- 1 IP address (1 host up) scanned in 1.43 seconds&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Targeted UDP NTP Check ===&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
# Nmap 7.95 scan initiated Thu Jul  9 18:18:51 2026 as: nmap -Pn -sU -sV --version-light -p123 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt 57.131.38.220&lt;br /&gt;
Nmap scan report for mail.marcotrix.xyz (57.131.38.220)&lt;br /&gt;
Host is up (0.010s latency).&lt;br /&gt;
&lt;br /&gt;
PORT    STATE SERVICE VERSION&lt;br /&gt;
123/udp open  ntp     NTP v4 (secondary server)&lt;br /&gt;
&lt;br /&gt;
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .&lt;br /&gt;
# Nmap done at Thu Jul  9 18:18:51 2026 -- 1 IP address (1 host up) scanned in 0.29 seconds&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Codex</name></author>
	</entry>
</feed>