,----,                             ,--.          
       .'   .`|            ,----..      ,--/  /|          
    .'   .'   ;           /   /   \  ,---,': / '          
  ,---, '    .' __  ,-.  /   .     : :   : '/ /   __  ,-. 
  |   :     ./,' ,'/ /| .   /   ;.  \|   '   ,  ,' ,'/ /| 
  ;   | .'  / '  | |' |.   ;   /  ` ;'   |  /   '  | |' | 
  `---' /  ;  |  |   ,';   |  ; \ ; ||   ;  ;   |  |   ,' 
    /  ;  /   '  :  /  |   :  | ; | ':   '   \  '  :  /   
   ;  /  /--, |  | '   .   |  ' ' ' :|   |    ' |  | '    
  /  /  / .`| ;  : |   '   ;  \; /  |'   : |.  \;  : |    
./__;       : |  , ;    \   \  ',  / |   | '_\.'|  , ;    
|   :     .'   ---'      ;   :    /  '   : |     ---'     
;   |  .'                 \   \ .'   ;   |,'              
`---'                      `---`     '---'                
                                                          

--------------------------------------------------------------------------
+ Target IP:          164.77.218.22
+ Target Hostname:    164.77.218.22
+ Target Port:        80
+ Start Time:         2021-06-14 18:51:09 (GMT-4)
---------------------------------------------------------------------------
+ Server: nginx
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /, inode: c9f, size: 5be160e4434d0, mtime: gzip
+ Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE 
+ OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
^[[ 




+ Uncommon header 'x-ob_mode' found, with contents: 1
+ /phpmyadmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpmyadmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ 8068 requests: 0 error(s) and 9 item(s) reported on remote host
+ End Time:           2021-06-14 19:22:07 (GMT-4) (1858 seconds)




Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 19:14 EDT
Stats: 0:02:36 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 91.67% done; ETC: 19:17 (0:00:13 remaining)
Nmap scan report for panel.rodrix.ml (164.77.218.22)
Host is up (0.10s latency).
Not shown: 988 filtered ports
PORT     STATE SERVICE    VERSION
21/tcp   open  ftp?
22/tcp   open  ssh        OpenSSH 7.4p1 (protocol 2.0)
25/tcp   open  smtp       Exim smtpd
53/tcp   open  domain     (generic dns response: NOTIMP)
80/tcp   open  http       nginx
110/tcp  open  pop3
143/tcp  open  imap?
443/tcp  open  ssl/http   nginx
465/tcp  open  ssl/smtps?
587/tcp  open  smtp       Exim smtpd
993/tcp  open  ssl/imap   Dovecot imapd
8083/tcp open  http       nginx
5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port21-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NULL
SF:,37,"220\x20Welcome!\x20Please\x20note\x20that\x20all\x20activity\x20is
SF:\x20logged\.\r\n")%r(GenericLines,37,"220\x20Welcome!\x20Please\x20note
SF:\x20that\x20all\x20activity\x20is\x20logged\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port53-TCP:V=7.91%I=7%D=6/14%Time=60C7E317%P=x86_64-pc-linux-gnu%r(DNSS
SF:tatusRequestTCP,E,"\0\x0c\0\0\x90\x04\0\0\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port110-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NUL
SF:L,19,"\+OK\x20Mail\x20Delivery\x20Agent\r\n")%r(GenericLines,19,"\+OK\x
SF:20Mail\x20Delivery\x20Agent\r\n")%r(HTTPOptions,47,"\+OK\x20Mail\x20Del
SF:ivery\x20Agent\r\n-ERR\x20Unknown\x20command\.\r\n-ERR\x20Unknown\x20co
SF:mmand\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port143-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NUL
SF:L,80,"\*\x20OK\x20\[CAPABILITY\x20IMAP4rev1\x20LITERAL\+\x20SASL-IR\x20
SF:LOGIN-REFERRALS\x20ID\x20ENABLE\x20IDLE\x20STARTTLS\x20AUTH=PLAIN\x20AU
SF:TH=LOGIN\]\x20Mail\x20Delivery\x20Agent\r\n")%r(GetRequest,80,"\*\x20OK
SF:\x20\[CAPABILITY\x20IMAP4rev1\x20LITERAL\+\x20SASL-IR\x20LOGIN-REFERRAL
SF:S\x20ID\x20ENABLE\x20IDLE\x20STARTTLS\x20AUTH=PLAIN\x20AUTH=LOGIN\]\x20
SF:Mail\x20Delivery\x20Agent\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port465-TCP:V=7.91%T=SSL%I=7%D=6/14%Time=60C7E319%P=x86_64-pc-linux-gnu
SF:%r(NULL,15,"220\x20panel\.rodrix\.ml\r\n")%r(Hello,41,"220\x20panel\.ro
SF:drix\.ml\r\n501\x20Syntactically\x20invalid\x20EHLO\x20argument\(s\)\r\
SF:n")%r(Help,6A,"220\x20panel\.rodrix\.ml\r\n214-Commands\x20supported:\r
SF:\n214\x20AUTH\x20HELO\x20EHLO\x20MAIL\x20RCPT\x20DATA\x20BDAT\x20NOOP\x
SF:20QUIT\x20RSET\x20HELP\r\n")%r(GenericLines,49,"220\x20panel\.rodrix\.m
SF:l\r\n500\x20unrecognized\x20command\r\n500\x20unrecognized\x20command\r
SF:\n")%r(GetRequest,49,"220\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x
SF:20command\r\n500\x20unrecognized\x20command\r\n")%r(HTTPOptions,49,"220
SF:\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x20command\r\n500\x20unrec
SF:ognized\x20command\r\n")%r(RTSPRequest,49,"220\x20panel\.rodrix\.ml\r\n
SF:500\x20unrecognized\x20command\r\n500\x20unrecognized\x20command\r\n")%
SF:r(RPCCheck,15,"220\x20panel\.rodrix\.ml\r\n")%r(DNSVersionBindReqTCP,15
SF:,"220\x20panel\.rodrix\.ml\r\n")%r(DNSStatusRequestTCP,15,"220\x20panel
SF:\.rodrix\.ml\r\n")%r(SSLSessionReq,4B,"220\x20panel\.rodrix\.ml\r\n501\
SF:x20NULL\x20characters\x20are\x20not\x20allowed\x20in\x20SMTP\x20command
SF:s\r\n")%r(TerminalServerCookie,4B,"220\x20panel\.rodrix\.ml\r\n501\x20N
SF:ULL\x20characters\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\
SF:n")%r(TLSSessionReq,4B,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20char
SF:acters\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(Kerbe
SF:ros,4B,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20characters\x20are\x2
SF:0not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(SMBProgNeg,15,"220\x2
SF:0panel\.rodrix\.ml\r\n")%r(X11Probe,15,"220\x20panel\.rodrix\.ml\r\n")%
SF:r(FourOhFourRequest,49,"220\x20panel\.rodrix\.ml\r\n500\x20unrecognized
SF:\x20command\r\n500\x20unrecognized\x20command\r\n")%r(LPDString,2F,"220
SF:\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x20command\r\n")%r(LDAPSea
SF:rchReq,81,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20characters\x20are
SF:\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n501\x20NULL\x20characte
SF:rs\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(LDAPBindR
SF:eq,15,"220\x20panel\.rodrix\.ml\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: bridge
Running: Oracle Virtualbox
OS CPE: cpe:/o:oracle:virtualbox
OS details: Oracle Virtualbox

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 221.69 seconds



Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-14 19:52:51
[DATA] max 16 tasks per 1 server, overall 16 tasks, 66 login tries, ~5 tries per task
[DATA] attacking ftp://164.77.218.22:21/

[STATUS] 62.00 tries/min, 62 tries in 00:01h, 37 to do in 00:01h, 16 active

[STATUS] 47.00 tries/min, 94 tries in 00:02h, 5 to do in 00:01h, 16 active

1 of 1 target completed, 0 valid password found
[WARNING] Writing restore file because 4 final worker threads did not complete until end.
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-14 19:55:34













url https://carshopping.com.co/wp-json/
https://carshopping.com.co/phpmyadmin/
https://carshopping.com.co/phpmyadmin/ChangeLog



                                                          
         ,----,                             ,--.          
       .'   .`|            ,----..      ,--/  /|          
    .'   .'   ;           /   /   \  ,---,': / '          
  ,---, '    .' __  ,-.  /   .     : :   : '/ /   __  ,-. 
  |   :     ./,' ,'/ /| .   /   ;.  \|   '   ,  ,' ,'/ /| 
  ;   | .'  / '  | |' |.   ;   /  ` ;'   |  /   '  | |' | 
  `---' /  ;  |  |   ,';   |  ; \ ; ||   ;  ;   |  |   ,' 
    /  ;  /   '  :  /  |   :  | ; | ':   '   \  '  :  /   
   ;  /  /--, |  | '   .   |  ' ' ' :|   |    ' |  | '    
  /  /  / .`| ;  : |   '   ;  \; /  |'   : |.  \;  : |    
./__;       : |  , ;    \   \  ',  / |   | '_\.'|  , ;    
|   :     .'   ---'      ;   :    /  '   : |     ---'     
;   |  .'                 \   \ .'   ;   |,'              
`---'                      `---`     '---'