Marcotrix.xyz Reconnaissance Report
Marcotrix.xyz Reconnaissance Report
[edit]Report date: 2026-07-09 UTC
Target: marcotrix.xyz
Verification status: not verified
Primary artifact directory: /root/recon-marcotrix-xyz
Scope and Authorization Boundary
[edit]This report was produced without domain-owner verification for marcotrix.xyz. Because of that, the work was intentionally narrower than the owner-authorized 430.ch report.
Allowed and performed:
- Public DNS, WHOIS, RDAP, certificate transparency, public search, Shodan InternetDB, RIPEstat, and Wayback lookups.
- Ordinary HTTP(S) requests to publicly reachable pages.
- A shallow same-site
wgetmirror of linked public web assets. - Targeted nmap checks only for ports already identified by passive sources or explicit DNS/service evidence.
- Local metadata inspection of files downloaded from the public site.
Not performed:
- Account creation.
- Login attempts.
- Writes to any Marcotrix service.
- Directory brute forcing or web fuzzing.
- Vulnerability exploitation.
- Broad UDP scanning.
- Full TCP port sweep.
- Publication of this report to a public wiki page.
Executive Summary
[edit]marcotrix.xyz is a Namecheap-registered .xyz domain created on 2025-11-21. It uses Namecheap/registrar-servers DNS and points its apex to a single OVH Italy VPS address, 57.131.38.220. The same address is also used for mail.marcotrix.xyz, jellyfin.marcotrix.xyz, drive.marcotrix.xyz, and money.marcotrix.xyz.
The public surface visible from limited checks includes:
- A static Caddy-served apex website.
- A Caddy reverse-proxied Jellyfin instance on
jellyfin.marcotrix.xyz. - A Caddy reverse-proxied copyparty instance on
drive.marcotrix.xyz. - A broken or misconfigured HTTPS service on
money.marcotrix.xyz. - An HTTPS endpoint for
mail.marcotrix.xyzreturning502, while mail DNS points MX to the same host. 5201/tcpopen asiperf3.123/udpopen as NTP v4.- Strong TLS 1.2/1.3 ciphers on the tested HTTPS names.
- No HSTS on tested HTTPS names.
Most notable observations:
mail.marcotrix.xyzis the MX target, but SMTP/IMAP/submission ports were filtered or closed in the limited targeted checks. This suggests inbound mail may not work from this vantage point.drive.marcotrix.xyzexposes a copyparty service title and unauthenticated landing text.jellyfin.marcotrix.xyzexposes public Jellyfin metadata, including version10.11.6, server namemarcoserver, a private backend address, and an instance ID.5201/tcpis open asiperf3; that is normally a benchmarking service and should be closed or restricted unless intentionally public.123/udpis open as NTP v4. If public NTP service is not intentional, restrict it.- DNSSEC is unsigned, CAA is absent, SPF is softfail, DMARC is monitor-only, and MTA-STS/TLS-RPT were not observed.
Domain Registration and DNS
[edit]WHOIS/RDAP showed:
Domain Name: MARCOTRIX.XYZ Registry Domain ID: D621206912-CNIC Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Creation Date: 2025-11-21T17:05:51.0Z Updated Date: 2026-01-04T19:34:06.0Z Registry Expiry Date: 2026-11-21T23:59:59.0Z Domain Status: clientTransferProhibited DNSSEC: unsigned Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.9854014545
RDAP source:
https://rdap.centralnic.com/xyz/domain/marcotrix.xyz
RDAP confirmed:
- Registrar: NameCheap, Inc.
- DNSSEC delegation signed:
false - Nameservers:
dns1.registrar-servers.comdns2.registrar-servers.com
- Status:
client transfer prohibited
IP Allocation and Hosting
[edit]The apex A record resolves to:
marcotrix.xyz. A 57.131.38.220
No apex AAAA record was observed.
Reverse DNS:
57.131.38.220 -> mail.marcotrix.xyz.
WHOIS for 57.131.38.220 referred from ARIN to RIPE and showed:
inetnum: 57.131.38.0 - 57.131.38.255 netname: VPS-EU-SOUTH-MIL-VPS-1 country: IT org: ORG-OS43-RIPE geoloc: 45.4666 9.1666 abuse-mailbox: abuse@ovh.net route: 57.131.0.0/17 origin: AS16276
RIPEstat aligned the address to:
resource: 57.131.0.0/17 ASN: 16276 holder: OVH OVH SAS
Interpretation:
- The host appears to be an OVH VPS in the Italy/Milan region.
- Abuse contact for the allocation is
abuse@ovh.net.
DNS Records
[edit]Observed apex records:
marcotrix.xyz. A 57.131.38.220 marcotrix.xyz. NS dns1.registrar-servers.com. marcotrix.xyz. NS dns2.registrar-servers.com. marcotrix.xyz. SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1782905010 43200 3600 604800 3601 marcotrix.xyz. MX 10 mail.marcotrix.xyz. marcotrix.xyz. TXT "v=spf1 mx ~all"
Not observed:
- Apex AAAA
- Apex CAA
_mta-sts.marcotrix.xyz TXT_smtp._tls.marcotrix.xyz TXTmta-sts.marcotrix.xyzautoconfig.marcotrix.xyzautodiscover.marcotrix.xyz
DMARC:
_dmarc.marcotrix.xyz TXT "v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz"
Interpretation:
- SPF is
~all, a softfail policy. - DMARC is monitoring-only (
p=none). - DMARC reports are directed to
mail@marcotrix.xyz. - No MTA-STS or TLS-RPT records were observed.
- No CAA record was observed.
- DNSSEC is unsigned.
Atproto / Bluesky Identity
[edit]The domain publishes an Atproto handle verification record:
_atproto.marcotrix.xyz TXT "did=did:plc:rs545j57yaqct4qmp7c4aymc"
Bluesky handle resolution:
{"did":"did:plc:rs545j57yaqct4qmp7c4aymc"}
PLC directory record:
{
"id": "did:plc:rs545j57yaqct4qmp7c4aymc",
"alsoKnownAs": ["at://marcotrix.xyz"],
"service": [
{
"id": "#atproto_pds",
"type": "AtprotoPersonalDataServer",
"serviceEndpoint": "https://gomphus.us-west.host.bsky.network"
}
]
}
Interpretation:
marcotrix.xyzis configured as a Bluesky/Atproto handle.- The PDS endpoint is hosted by Bluesky infrastructure, not on
marcotrix.xyz.
Certificate Transparency and Subdomains
[edit]Certificate transparency records from crt.sh exposed these names:
Currently resolving during testing:
marcotrix.xyzmail.marcotrix.xyzjellyfin.marcotrix.xyzmoney.marcotrix.xyzdrive.marcotrix.xyz
Seen in certificate transparency but not resolving during testing:
www.marcotrix.xyzchat.marcotrix.xyzllc.marcotrix.xyzbudget.marcotrix.xyzmatrix.marcotrix.xyz
Recent/current certificate observations:
marcotrix.xyz issuer: Let's Encrypt E7 notBefore: May 15 22:57:19 2026 GMT notAfter: Aug 13 22:57:18 2026 GMT SAN: DNS:marcotrix.xyz mail.marcotrix.xyz issuer: Let's Encrypt E8 notBefore: May 24 03:47:06 2026 GMT notAfter: Aug 22 03:47:05 2026 GMT SAN: DNS:mail.marcotrix.xyz jellyfin.marcotrix.xyz issuer: Let's Encrypt YE2 notBefore: Jun 26 06:10:01 2026 GMT notAfter: Sep 24 06:10:00 2026 GMT SAN: DNS:jellyfin.marcotrix.xyz drive.marcotrix.xyz issuer: Let's Encrypt E8 notBefore: May 16 13:29:26 2026 GMT notAfter: Aug 14 13:29:25 2026 GMT SAN: DNS:drive.marcotrix.xyz
money.marcotrix.xyz had certificate transparency entries, but live TLS connection attempts failed with an internal TLS alert from this vantage point:
curl: (35) TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error
Hostname Resolution and HTTP Behavior
[edit]Resolution during testing:
marcotrix.xyz A 57.131.38.220 mail.marcotrix.xyz A 57.131.38.220 jellyfin.marcotrix.xyz A 57.131.38.220 money.marcotrix.xyz A 57.131.38.220 drive.marcotrix.xyz A 57.131.38.220
No resolution during testing:
www.marcotrix.xyz chat.marcotrix.xyz llc.marcotrix.xyz budget.marcotrix.xyz matrix.marcotrix.xyz
All tested resolving names used HTTP-to-HTTPS redirects via Caddy:
HTTP/1.1 308 Permanent Redirect Location: https://<host>/ Server: Caddy
Apex Site
[edit]HTTP/2 200 alt-svc: h3=":443"; ma=2592000 content-type: text/html; charset=utf-8 via: 1.1 Caddy
Root HTML:
<meta name="description" content="Marcotrix homepage" /> <title>Marcotrix</title> <link rel="stylesheet" href="/style.css" /> ... <h1>Marcotrix</h1> <div class="photo-frame" aria-label="A rotating Zoe photo"> <img class="placeholder-image" id="zoe-photo" src="/zoe1.jpg" alt="Zoe" decoding="async" /> </div> <a class="ink-link" href="/contact/index.html">contact us</a>
JavaScript rotates these public image paths:
/zoe1.jpg /zoe2.jpg /zoe3.jpg /zoe4.jpg /zoe5.jpg /zoe6.jpg
HEAD checks confirmed all six image paths returned HTTP/2 200, content-type: image/jpeg, and cache-control: public, max-age=86400.
Contact Page
[edit]https://marcotrix.xyz/contact/index.html returned HTTP/2 200.
HTML:
<title>Contact</title> ... <img class="cutecatracing" src="../mail.png" alt="mail at marcotrix dot xyz" />
Likely contact address exposed in machine-readable alt text:
mail@marcotrix.xyz
Robots, Sitemap, Security.txt, and Favicon
[edit]These returned 404 with body Not found:
https://marcotrix.xyz/robots.txthttps://marcotrix.xyz/sitemap.xmlhttps://marcotrix.xyz/.well-known/security.txthttps://marcotrix.xyz/favicon.ico
mail.marcotrix.xyz
[edit]HTTP redirects to HTTPS.
HTTPS:
HTTP/2 502 server: Caddy content-length: 0
Interpretation:
- Caddy has a configured HTTPS site for
mail.marcotrix.xyz. - The upstream behind it is unavailable, misconfigured, or refusing connections.
jellyfin.marcotrix.xyz
[edit]HTTPS root:
HTTP/2 302 location: web/ server: Kestrel via: 1.1 Caddy
https://jellyfin.marcotrix.xyz/web/ returns the Jellyfin web application:
<meta name="application-name" content="Jellyfin"> <meta name="robots" content="noindex, nofollow, noarchive"> <title>Jellyfin</title>
Public Jellyfin metadata endpoint:
https://jellyfin.marcotrix.xyz/System/Info/Public
Returned:
{
"LocalAddress": "http://172.20.0.3:8096",
"ServerName": "marcoserver",
"Version": "10.11.6",
"ProductName": "Jellyfin Server",
"OperatingSystem": "",
"Id": "5b94a56e8601405d8a399c3960d5c546",
"StartupWizardCompleted": true
}
Interpretation:
- Jellyfin is exposed through Caddy.
- The public endpoint reveals version, server name, private backend address, instance ID, and that setup is complete.
- This is normal for Jellyfin's public info endpoint, but still useful inventory for an attacker.
drive.marcotrix.xyz
[edit]HTTPS root:
HTTP/2 200 cache-control: no-store, max-age=0 content-type: text/plain; charset=utf-8 vary: Origin, PW, Cookie via: 1.1 Caddy content-length: 38
Body:
howdy stranger (you're not logged in)
Nmap HTTP title:
copyparty @ vps-b2134b59-vps-ovh-net
With an explicit Origin header:
access-control-allow-headers: Range access-control-allow-methods: GET, HEAD access-control-allow-origin: * cache-control: no-store, max-age=0 vary: Origin, PW, Cookie
Interpretation:
drive.marcotrix.xyzappears to be a copyparty instance.- Anonymous users receive a not-logged-in message.
- CORS allows all origins for GET/HEAD/range-style access.
money.marcotrix.xyz
[edit]DNS resolves and HTTP redirects to HTTPS:
HTTP/1.1 308 Permanent Redirect Location: https://money.marcotrix.xyz/ Server: Caddy
HTTPS failed from this vantage point:
TLS connect error: tlsv1 alert internal error
Interpretation:
- The hostname likely has an incomplete or broken Caddy/TLS/backend configuration.
TLS Findings
[edit]Nmap ssl-enum-ciphers was run only for live HTTPS hostnames:
marcotrix.xyzmail.marcotrix.xyzjellyfin.marcotrix.xyzdrive.marcotrix.xyz
All four showed TLS 1.2 and TLS 1.3 with A-rated cipher suites.
TLS 1.2:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
TLS 1.3:
TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
Nmap reported:
least strength: A
Manual openssl checks against the apex verified TLS 1.2 and TLS 1.3 negotiation.
HSTS was not configured on tested HTTPS names:
Strict_Transport_Security: HSTS not configured in HTTPS Server
Targeted Service Checks
[edit]Important scope note:
- A full TCP port sweep was not performed because the domain was not verified.
- The checks below targeted ports already identified by Shodan InternetDB or by DNS/mail service evidence.
Shodan InternetDB for 57.131.38.220:
{
"cpes": [
"cpe:/a:caddyserver:caddy",
"cpe:/a:golang:go",
"cpe:/a:ntp:ntp:4"
],
"hostnames": ["mail.marcotrix.xyz"],
"ip": "57.131.38.220",
"ports": [80, 123, 143, 443, 465, 587, 993, 5201],
"tags": ["starttls"],
"vulns": []
}
Targeted nmap TCP check:
PORT STATE SERVICE VERSION 80/tcp open http Caddy httpd 123/tcp closed ntp 143/tcp closed imap 443/tcp open ssl/https? 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 5201/tcp open iperf3
Targeted mail-port check:
25/tcp filtered smtp 110/tcp closed pop3 143/tcp closed imap 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 995/tcp closed pop3s
Targeted UDP check:
123/udp open ntp NTP v4 (secondary server)
Interpretation:
- Inbound mail to the advertised MX may not be reachable from this vantage point (
25/tcp filtered; submission/IMAP closed). 5201/tcpis open as iperf3, which is typically a network performance testing service.123/udpis open as NTP v4.
File Mirror and Asset Metadata
[edit]Shallow mirror command:
wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/
Result:
Downloaded: 5 files, 2.7M
Mirrored files:
/root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png
The shallow mirror only downloaded zoe1.jpg; the other image URLs are JavaScript-discovered and were checked with HEAD requests instead of bulk downloading.
File type summary:
index.html: HTML document, ASCII text style.css: ASCII text zoe1.jpg: JPEG image data, EXIF standard, 4032x2268 mail.png: PNG image data, 1833x207 contact/index.html: HTML document, ASCII text
ExifTool for zoe1.jpg:
FileType: JPEG ImageWidth: 4032 ImageHeight: 2268 Orientation: Horizontal (normal) ICC Profile DeviceManufacturer: Google ICC ProfileDescription: sRGB IEC61966-2.1 ICC ProfileCopyright: Copyright (c) 2016 Google Inc.
No GPS metadata was observed in zoe1.jpg.
ExifTool for mail.png:
FileType: PNG ImageWidth: 1833 ImageHeight: 207 ModifyDate: 2026:06:10 13:44:06
No GPS metadata was observed in mail.png.
SHA-256 hashes:
0ece9b584872c867e884a57082e297107cd78a2c397e3bbf0acce2ecbf82cf13 zoe1.jpg 37087ef2608573bce4b42250a9f6ff19d5563d75d2017b305884d57d2278828b mail.png cae0e7336bfce9829c4ba5a5acdab00028ea228bdc250b51c5e898e7ff4da064 style.css bc1dc4dcc2b71c08cebb2ee9f5706e12b349465afd4648aba944a36d104fab6e index.html ff46b46ea05c84ccc812919ae47d3a9d41efe71c282a28b12f95e3f24e9506cd contact/index.html
Web Archive and Public Indexing
[edit]Wayback CDX returned current/historical captures from 2026-06-10:
20260610131934 https://marcotrix.xyz/ 200 text/html 20260610131945 https://marcotrix.xyz/contact.html 200 text/html 20260610131934 https://marcotrix.xyz/home-placeholder.svg 200 image/svg+xml 20260610131945 https://marcotrix.xyz/mail.png 200 image/png 20260610131934 https://marcotrix.xyz/style.css 200 text/css
URLScan query for domain:marcotrix.xyz returned no results.
Public web search results were sparse. The notable indexed/public association was the Atproto/Bluesky handle use of marcotrix.xyz.
Security Observations and Remediation Ideas
[edit]These are defensive observations based on public data only.
High Priority
[edit]Review 5201/tcp iperf3 exposure
[edit]Finding:
5201/tcp open iperf3
Why it matters:
iperf3is normally for bandwidth testing, not a public application surface.- If left public, it can be abused for unwanted traffic generation or resource consumption.
Recommendation:
- Close it if not in active use.
- Restrict it to trusted source IPs if needed.
Confirm inbound mail behavior
[edit]Finding:
- MX points to
mail.marcotrix.xyz. mail.marcotrix.xyzresolves to57.131.38.220.25/tcpwas filtered from this vantage point.- IMAP/submission ports were closed.
https://mail.marcotrix.xyz/returned502.
Why it matters:
- The domain advertises mail service but may not accept inbound mail.
- DMARC report address is
mail@marcotrix.xyz; if mail is broken, aggregate reports may not be received.
Recommendation:
- Confirm intended mail architecture.
- If self-hosting, ensure SMTP and mailbox services are intentionally reachable and hardened.
- If not self-hosting, update MX/SPF/DMARC to match the actual provider.
Review Jellyfin public exposure
[edit]Finding:
{
"ServerName": "marcoserver",
"Version": "10.11.6",
"LocalAddress": "http://172.20.0.3:8096",
"Id": "5b94a56e8601405d8a399c3960d5c546"
}
Why it matters:
- Jellyfin version and instance metadata are publicly visible.
- Media servers are common targets for credential attacks and known-version vulnerability checks.
Recommendation:
- Keep Jellyfin current.
- Require strong authentication.
- Disable public signups if enabled.
- Consider restricting access through VPN, SSO, or source allowlists.
- Monitor authentication logs.
Medium Priority
[edit]Add HSTS
[edit]Finding:
- HSTS was not configured on tested HTTPS names.
Recommendation:
Start conservatively:
Strict-Transport-Security: max-age=86400
Move to a long-lived policy after confirming all subdomains are HTTPS-ready:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Only use preload if all subdomains are intended to be permanently HTTPS-only.
Fix money.marcotrix.xyz TLS/backend configuration
[edit]Finding:
- HTTP redirects to HTTPS.
- HTTPS fails with a TLS internal error.
Recommendation:
- Check Caddy site block and certificate state for
money.marcotrix.xyz. - Confirm backend availability.
- Remove DNS/cert automation for the hostname if unused.
Harden email DNS
[edit]Current:
SPF: v=spf1 mx ~all DMARC: v=DMARC1; p=none; rua=mailto:mail@marcotrix.xyz
Recommendations:
- Move SPF from softfail to hardfail once valid senders are known:
v=spf1 mx -all
- Move DMARC from monitoring to enforcement after reports are clean:
v=DMARC1; p=quarantine; rua=mailto:... v=DMARC1; p=reject; rua=mailto:...
- Add MTA-STS and TLS-RPT if receiving mail:
_mta-sts.marcotrix.xyz TXT "v=STSv1; id=YYYYMMDD01" _smtp._tls.marcotrix.xyz TXT "v=TLSRPTv1; rua=mailto:tlsrpt@marcotrix.xyz"
Add CAA
[edit]Finding:
- No CAA record was observed.
Recommendation:
If Let's Encrypt is the only intended CA:
marcotrix.xyz. CAA 0 issue "letsencrypt.org" marcotrix.xyz. CAA 0 issuewild ";"
Adjust this if other CAs are intentionally used.
Consider DNSSEC
[edit]Finding:
- RDAP reports DNSSEC unsigned.
Recommendation:
- Enable DNSSEC at the DNS provider if operationally comfortable.
Low Priority / Hygiene
[edit]Add security.txt
[edit]Finding:
/.well-known/security.txtreturned404.
Recommendation:
Add a basic security contact if the owner wants coordinated reports:
Contact: mailto:mail@marcotrix.xyz Preferred-Languages: en Canonical: https://marcotrix.xyz/.well-known/security.txt
Add or intentionally omit robots.txt and sitemap.xml
[edit]Finding:
- Both returned
404.
This is not inherently a vulnerability. Add them only if useful for indexing control.
Strip unnecessary image metadata
[edit]No GPS metadata was observed, but stripping metadata from public images is still a reasonable default publishing step.
Artifact Inventory
[edit]Top-level files:
/root/recon-marcotrix-xyz/favicon.ico 9 bytes /root/recon-marcotrix-xyz/nmap-http-scripts.txt 2397 bytes /root/recon-marcotrix-xyz/nmap-mail-targeted.txt collected targeted mail scan /root/recon-marcotrix-xyz/nmap-ssl-enum.txt 3297 bytes /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 709 bytes /root/recon-marcotrix-xyz/nmap-udp-123.txt 508 bytes /root/recon-marcotrix-xyz/robots.txt 9 bytes /root/recon-marcotrix-xyz/root-http.html 0 bytes /root/recon-marcotrix-xyz/root-https.html 1155 bytes /root/recon-marcotrix-xyz/security.txt 9 bytes /root/recon-marcotrix-xyz/sitemap.xml 9 bytes /root/recon-marcotrix-xyz/wget/ shallow mirror
Directory size:
/root/recon-marcotrix-xyz: 2.8M
Representative Commands Used
[edit]dig marcotrix.xyz A marcotrix.xyz AAAA marcotrix.xyz NS marcotrix.xyz SOA marcotrix.xyz MX marcotrix.xyz TXT marcotrix.xyz CAA +noall +answer whois marcotrix.xyz whois 57.131.38.220 dig +short -x 57.131.38.220 curl -sS -D - -o /root/recon-marcotrix-xyz/root-http.html http://marcotrix.xyz/ curl -sS -D - -o /root/recon-marcotrix-xyz/root-https.html https://marcotrix.xyz/ curl -sS -D - -o /root/recon-marcotrix-xyz/robots.txt https://marcotrix.xyz/robots.txt curl -sS -D - -o /root/recon-marcotrix-xyz/sitemap.xml https://marcotrix.xyz/sitemap.xml curl -sS -D - -o /root/recon-marcotrix-xyz/security.txt https://marcotrix.xyz/.well-known/security.txt curl -sS 'https://crt.sh/?q=%25.marcotrix.xyz&output=json' curl -sS 'https://internetdb.shodan.io/57.131.38.220' curl -sS 'https://rdap.centralnic.com/xyz/domain/marcotrix.xyz' curl -sS 'https://stat.ripe.net/data/prefix-overview/data.json?resource=57.131.38.220' curl -sS -L 'https://web.archive.org/cdx?url=marcotrix.xyz/*&output=json&fl=timestamp,original,statuscode,mimetype,digest&collapse=urlkey&filter=statuscode:200' wget -r -l 1 -np -E -k -p --restrict-file-names=windows -D marcotrix.xyz --no-verbose --directory-prefix=/root/recon-marcotrix-xyz/wget https://marcotrix.xyz/ nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt nmap -Pn -sU -sV --version-light -p123 57.131.38.220 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt nmap -Pn -p443 --script ssl-enum-ciphers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-ssl-enum.txt nmap -Pn -p80,443 --script http-title,http-server-header,http-security-headers marcotrix.xyz mail.marcotrix.xyz jellyfin.marcotrix.xyz drive.marcotrix.xyz -oN /root/recon-marcotrix-xyz/nmap-http-scripts.txt curl -sS https://jellyfin.marcotrix.xyz/System/Info/Public curl -sS https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=marcotrix.xyz curl -sS https://plc.directory/did:plc:rs545j57yaqct4qmp7c4aymc exiftool -a -G1 -s /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png sha256sum /root/recon-marcotrix-xyz/wget/marcotrix.xyz/zoe1.jpg /root/recon-marcotrix-xyz/wget/marcotrix.xyz/mail.png /root/recon-marcotrix-xyz/wget/marcotrix.xyz/style.css /root/recon-marcotrix-xyz/wget/marcotrix.xyz/index.html /root/recon-marcotrix-xyz/wget/marcotrix.xyz/contact/index.html
Appendix: Raw Targeted Nmap Output
[edit]Passive-Port Targeted TCP Check
[edit]# Nmap 7.95 scan initiated Thu Jul 9 18:18:23 2026 as: nmap -Pn -sT -sV --version-light -p80,123,143,443,465,587,993,5201 -oN /root/recon-marcotrix-xyz/nmap-targeted-passive-ports.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.011s latency). PORT STATE SERVICE VERSION 80/tcp open http Caddy httpd 123/tcp closed ntp 143/tcp closed imap 443/tcp open ssl/https? 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 5201/tcp open iperf3 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:18:29 2026 -- 1 IP address (1 host up) scanned in 6.35 seconds
Targeted Mail-Port Check
[edit]# Nmap 7.95 scan initiated Thu Jul 9 18:19:37 2026 as: nmap -Pn -sT -sV --version-light -p25,110,143,465,587,993,995 -oN /root/recon-marcotrix-xyz/nmap-mail-targeted.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.010s latency). PORT STATE SERVICE VERSION 25/tcp filtered smtp 110/tcp closed pop3 143/tcp closed imap 465/tcp closed smtps 587/tcp closed submission 993/tcp closed imaps 995/tcp closed pop3s Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:19:38 2026 -- 1 IP address (1 host up) scanned in 1.43 seconds
Targeted UDP NTP Check
[edit]# Nmap 7.95 scan initiated Thu Jul 9 18:18:51 2026 as: nmap -Pn -sU -sV --version-light -p123 -oN /root/recon-marcotrix-xyz/nmap-udp-123.txt 57.131.38.220 Nmap scan report for mail.marcotrix.xyz (57.131.38.220) Host is up (0.010s latency). PORT STATE SERVICE VERSION 123/udp open ntp NTP v4 (secondary server) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Jul 9 18:18:51 2026 -- 1 IP address (1 host up) scanned in 0.29 seconds