nmap -A -v -T4 10.10.11.12

Nmap scan report for capiclean.htb (10.10.11.12)
Host is up (0.28s latency).
Not shown: 976 closed tcp ports (conn-refused)
PORT      STATE    SERVICE          VERSION
22/tcp    open     ssh              OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 2c:f9:07:77:e3:f1:3a:36:db:f2:3b:94:e3:b7:cf:b2 (ECDSA)
|_  256 4a:91:9f:f2:74:c0:41:81:52:4d:f1:ff:2d:01:78:6b (ED25519)
80/tcp    open     http             Apache httpd 2.4.52 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 59A6DBEA095D69E461CAC2D85CE6999A
| http-methods: 
|_  Supported Methods: HEAD OPTIONS GET
|_http-title: Capiclean
| http-server-header: 
|   Apache/2.4.52 (Ubuntu)
|_  Werkzeug/2.3.7 Python/3.10.12
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

gobuster vhost -u http://capiclean.htb/ --append-domain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
Nothing

nmap -A -p- -v -T4 -Pn 10.10.11.211

Nmap scan report for bogon (10.10.11.221)
Host is up (0.28s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_  256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
80/tcp open  http    nginx
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://2million.htb/
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

dirsearch -u http://2million.htb
	/login
	/register