# Information Provided By:Insidious # Filename:official.blueteamshop-47.33.241.1.txt ======================================================= IP address: 47.33.241.1 Belongs to: Travis James Colt ['official.blueteamshop', 'unknowndarkshadow21'](Age:28) Possbile address: 1804 Pineridge Dr; Hastings, MI 49058-8125 Possible phone number: +1-616-277-8049(Wireless) Local IP (Wi-Fi): 192.168.1.119 Hostname: 047-033-241-001.res.spectrum.com ISP: Charter Communications Organization: Spectrum ======================================================= > IP address Information[json]: ======================================================= { "ip": "47.33.241.1", "hostname": "047-033-241-001.res.spectrum.com", "city": "Whitmore Lake", "region": "Michigan", "country": "US", "loc": "42.4397,-83.7453", "org": "AS20115 Charter Communications", "postal": "48189", "timezone": "America/Detroit", "readme": "https://ipinfo.io/missingauth" } { "status": "success", "continent": "North America", "continentCode": "NA", "country": "United States", "countryCode": "US", "region": "MI", "regionName": "Michigan", "city": "Whitmore Lake", "district": "", "zip": "48189", "lat": 42.4289, "lon": -83.7828, "timezone": "America/Detroit", "offset": -14400, "currency": "USD", "isp": "Charter Communications", "org": "Spectrum", "as": "AS20115 Charter Communications", "asname": "CHARTER-20115", "mobile": false, "proxy": false, "hosting": false, "query": "47.33.241.1" } { "tags": [ "cwmp", "http", "https" ], "443": { "https": { "tls": { "certificate": { "parsed": { "fingerprint_sha1": "87336fcc8f622e66c33e9655fecee195d5427c24", "tbs_noct_fingerprint": "89164807aa1485c2c32acaf6e10efa48772dc349394f4e8a41c2ce0ad7b3874e", "subject_dn": "C=FR, O=Sagemcom Ca, CN=self-signedKey", "issuer": { "common_name": [ "self-signedKey" ], "country": [ "FR" ], "organization": [ "Sagemcom Ca" ] }, "tbs_fingerprint": "89164807aa1485c2c32acaf6e10efa48772dc349394f4e8a41c2ce0ad7b3874e", "redacted": false, "validation_level": "unknown", "issuer_dn": "C=FR, O=Sagemcom Ca, CN=self-signedKey", "fingerprint_sha256": "aeb7066e3d07a64eaa3327bdfc01ce1591c9ff54c98db146258cc97ec87d0ee9", "version": 3, "extensions": { "authority_key_id": "3cf5b89fa1b988ec14e8859a0373d19663d56b60", "basic_constraints": { "is_ca": true }, "subject_key_id": "3cf5b89fa1b988ec14e8859a0373d19663d56b60" }, "validity": { "start": "2011-10-14T12:32:29Z", "length": 3153600000, "end": "2111-09-20T12:32:29Z" }, "signature_algorithm": { "oid": "1.2.840.113549.1.1.11", "name": "SHA256WithRSA" }, "serial_number": "17337485686994924312", "fingerprint_md5": "4d671c8eff209877fc4736c5d4bd46f5", "subject_key_info": { "fingerprint_sha256": "7b22deca9b3d96c417ff0745915620edadeb94d031fe32480a501395eddfebf8", "key_algorithm": { "name": "RSA" }, "rsa_public_key": { "length": 1024, "modulus": "1mugJsgQJk6TYmr66CWVJCqf/eay6H4Yr4MpuNgvIameD39aMENypQ+nWFb2zIE3KjL8sidlUEkBF7EpdODEon6hjRLB/TklnXhhAcolqF0Nd9OFQ7xmtv3QCwDxiPFLGnDtPJVRGO134wCakA4b6gCSadt6+BPF58sNYZ57lI8=", "exponent": 65537 } }, "signature": { "self_signed": true, "valid": true, "value": "In9d/eNvV3FWjDxQhDg1Q78PYCe+ChrtbJTIvTSiydeEuewmLObfYuzDyLk5rNpGDSx37H2lyaJ3K+oXzr8hC20PMOqG4l2Nmx5+HgQCt8dogPgaWBg7WGPx6fOsfDphSA6mxKf6wxGg0Irg7q9o8+88jeQEf4VKIEfJu+5ZIAw=", "signature_algorithm": { "oid": "1.2.840.113549.1.1.11", "name": "SHA256WithRSA" } }, "spki_subject_fingerprint": "54b58be776819ba0e15f579aa780dc256baf29eec07316cb41299e6a8b14c173", "subject": { "common_name": [ "self-signedKey" ], "country": [ "FR" ], "organization": [ "Sagemcom Ca" ] } } }, "cipher_suite": { "id": "0x009C", "name": "TLS_RSA_WITH_AES_128_GCM_SHA256" }, "version": "TLSv1.2", "session_ticket": { "length": 160, "lifetime_hint": 300 }, "validation": { "browser_trusted": false, "browser_error": "x509: unknown error" }, "ocsp_stapling": false, "metadata": {} }, "dhe_export": { "support": false, "metadata": {} }, "get": { "body": "<!--\r\nCopyright : (C) 2014 Sagemcom - URD2\r\n\r\nThis software and source file is the property of Sagemcom\r\nand may not be copied or used without prior written consent.\r\n-->\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\" class=\"no-js\">\r\n\r\n<head>\r\n\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\" />\r\n\t<meta charset=\"utf-8\" />\r\n\t<meta name=\"sagemcom\" content=\"oui\" />\r\n\t<meta name=\"viewport\" content=\"width=device-width,height=device-height,initial-scale=1.0,user-scalable=no,user-scalable=0\" />\r\n\t<meta http-equiv=\"content-language\" content=\"en\">\r\n\t<base href=\"\" id=\"baseHref\" />\r\n\t<script>\r\n\t\tvar initialRegex = /(.*)\\/.*.html/i;\r\n\t\tvar baseHref = initialRegex.exec(window.location.pathname);\r\n\t\tvar usethis = window.location.pathname;\r\n\t\tif (baseHref) {\r\n\t\t\tusethis = baseHref[1] + '/';\r\n\t\t}\r\n\t\tdocument.getElementById(\"baseHref\").href = usethis;\r\n\t</script>\r\n\t<style>\r\n\t\tmeta.foundation-data-attribute-namespace {\r\n\t\t\tfont-family: false;\r\n\t\t}\r\n\t</style>\r\n\r\n\t<link id=\"favicon\" rel=\"shortcut icon\" href=\"images/faviconNone.ico\" />\r\n\r\n\t<title></title>\r\n\r\n\t<script>\r\n\t\twindow.onerror = function (msg, url, line, col, error) {\r\n\t\t\tif (typeof SboxInterface !== 'undefined') {\r\n\t\t\t\tSboxInterface.RemoveLoader();\r\n\t\t\t\tsetTimeout(function () {\r\n\t\t\t\t\tif (document.getElementById('main-ui-view').innerHTML.length === 0) {\r\n\t\t\t\t\t\tSboxInterface.processHTML('retry');\r\n\t\t\t\t\t}\r\n\t\t\t\t}, 1000);\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t};\r\n\t</script>\r\n\r\n\t<script src=\"js/vendor.js?fd92b2fda8791f9c\"></script>\r\n\r\n\t<script>\r\n\t\t// fix for old code in gui-core relying on $.browser\r\n\t\tif (typeof (jQuery) != 'undefined') {\r\n\t\t\tjQuery.browser = {};\r\n\t\t\tjQuery.browser.msie = false;\r\n\t\t\tjQuery.browser.version = 0;\r\n\t\t\tif (navigator.userAgent.match(/MSIE ([0-9]+)\\./)) {\r\n\t\t\t\tjQuery.browser.msie = true;\r\n\t\t\t\tjQuery.browser.version = RegExp.$1;\r\n\t\t\t} else if (!!navigator.userAgent.match(/Trident\\/7\\./)){\r\n\t\t\t\tjQuery.browser.msie = true;\r\n\t\t\t\tjQuery.browser.version = 11;\r\n\t\t\t}\r\n\t\t} else {\r\n\t\t\tjQuery = {};\r\n\t\t\tjQuery.browser = {};\r\n\t\t\tjQuery.browser.msie = true;\r\n\t\t\tjQuery.browser.version = 8;\r\n\t\t}\r\n\t\tsvg4everybody();\r\n\t</script>\r\n\t<script src=\"js/libs.js?6419a6440e810ab6\"></script>\r\n\r\n\t<script src=\"js/jquery-utils.js\"></script>\r\n\t<script src=\"js/gui-core.js\"></script>\r\n\t<script src=\"js/gui-api.js\"></script>\r\n\t<script src=\"js/gui-widgets.js\"></script>\r\n\t\r\n\t<script src=\"js/scripts.js?5d6a00df620587a2\"></script>\r\n\t\r\n\t<script src=\"js/config.js?414a453096689b97\"></script>\r\n\r\n\t<link rel=\"stylesheet\" href=\"styles/vendor.css\">\r\n\t<link rel=\"stylesheet\" href=\"styles/vendor-rtl.css\"/>\r\n\r\n\t<link rel=\"stylesheet\" href=\"styles/lib.css\">\r\n\r\n\t<!--[if IE 8]>\r\n\t<link rel=\"stylesheet\" href=\"../styles/foundation-ie8.css\" />\r\n\t<![endif]-->\r\n\r\n\t<link rel=\"stylesheet\" href=\"styles/main.css\">\r\n\t<link rel=\"stylesheet\" href=\"styles/main-rtl.css\"/>\r\n\r\n\r\n\r\n\t<link rel=\"stylesheet\" href=\"styles/dev.css\">\r\n\t<link rel=\"stylesheet\" href=\"styles/dev-rtl.css\"/>\r\n</head>\r\n\r\n<body ng-app=\"sboxApp\" ng-class=\"isMainTemplate ? '' : 'bg-gradient'\" class=\"bg-gradient-force\">\r\n\t<div wait></div>\r\n\t<div id=\"main-ui-view\" class=\"zoomViewport\" ui-view></div>\r\n</body>\r\n\r\n</html>\r\n", "title": "", "status_code": 200, "status_line": "200 OK", "headers": { "content_length": "3255", "unknown": [ { "key": "date", "value": "Mon, 18 Oct 2021 17:58:12 GMT" }, { "key": "etag", "value": "\"-508645793\"" } ], "server": "HTTP Server", "last_modified": "Thu, 19 Dec 2019 11:57:15 GMT", "content_type": "text/html", "accept_ranges": "bytes" }, "body_sha256": "616c609ca2c692402b36d163efde1506fd2255d9945bd1119a874153eb3fd695", "metadata": { "product": "HTTP", "description": "HTTP" } }, "dhe": { "support": false, "metadata": {} }, "ssl_3": { "support": true, "metadata": {} }, "heartbleed": { "heartbeat_enabled": true, "heartbleed_vulnerable": false, "metadata": {} }, "rsa_export": { "support": false, "metadata": {} } } }, "ip": "47.33.241.1", "updated_at": "2021-10-22T12:21:25+00:00", "autonomous_system": { "description": "CHARTER-20115", "rir": "unknown", "routed_prefix": "47.33.224.0/19", "country_code": "US", "path": [ 11164, 20115 ], "asn": 20115, "name": "CHARTER-20115" }, "location": { "province": "Michigan", "city": "Whitmore Lake", "country": "United States", "longitude": -83.7828, "registered_country": "United States", "registered_country_code": "US", "postal_code": "48189", "country_code": "US", "latitude": 42.4289, "timezone": "America/Detroit", "continent": "North America" }, "ports": [ 443, 7547 ], "protocols": [ "443/https", "7547/cwmp" ], "7547": { "cwmp": { "get": { "headers": { "content_length": "0", "www_authenticate": "Digest realm=\"Sagemcom TR-069\", qop=\"auth,auth-int\", nonce=\"616ff715cb619a537362\", opaque=\"22f1ad33\"", "server": "gSOAP/2.7" }, "metadata": {}, "status_line": "401 Unauthorized", "status_code": 401 } } } } ======================================================= > WHOIS Data: ======================================================= # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2021, American Registry for Internet Numbers, Ltd. # NetRange: 47.32.0.0 - 47.51.255.255 CIDR: 47.48.0.0/14, 47.32.0.0/12 NetName: CC04 NetHandle: NET-47-32-0-0-1 Parent: NET47 (NET-47-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Charter Communications (CC04) RegDate: 2014-12-23 Updated: 2014-12-23 Ref: https://rdap.arin.net/registry/ip/47.32.0.0 OrgName: Charter Communications OrgId: CC04 Address: 6175 S. Willow Dr City: Greenwood Village StateProv: CO PostalCode: 80111 Country: US RegDate: Updated: 2021-09-20 Ref: https://rdap.arin.net/registry/entity/CC04 OrgTechHandle: IPADD14-ARIN OrgTechName: IPADD2-ARIN OrgTechPhone: +1-866-248-7662 OrgTechEmail: PublicIPAddressing@charter.com OrgTechRef: https://rdap.arin.net/registry/entity/IPADD14-ARIN OrgAbuseHandle: ABUSE19-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-877-777-2263 OrgAbuseEmail: abuse@charter.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE19-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2021, American Registry for Internet Numbers, Ltd. # ======================================================= > NMap Scan Report: ======================================================= # Nmap 7.92 scan initiated Sat Oct 23 17:07:39 2021 as: nmap -v -A -T4 --script vuln -oA 47.33.241.1-nmapreport 47.33.241.1 Nmap scan report for 047-033-241-001.res.spectrum.com (47.33.241.1) Host is up (0.013s latency). Not shown: 999 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 443/tcp open ssl/http lighttpd |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-server-header: HTTP Server | ssl-poodle: | VULNERABLE: | SSL POODLE information leak | State: LIKELY VULNERABLE | IDs: CVE:CVE-2014-3566 BID:70574 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other | products, uses nondeterministic CBC padding, which makes it easier | for man-in-the-middle attackers to obtain cleartext data via a | padding-oracle attack, aka the "POODLE" issue. | Disclosure date: 2014-10-14 | Check results: | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_FALLBACK_SCSV properly implemented | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 | https://www.imperialviolet.org/2014/10/14/poodle.html | https://www.securityfocus.com/bid/70574 |_ https://www.openssl.org/~bodo/ssl-poodle.pdf |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug) |_http-trane-info: Problem with XML parsing of /evox/about | http-vuln-cve2010-0738: |_ /jmx-console/: Authentication was not required |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: bridge|general purpose|switch Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%), Bay Networks embedded (88%) OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu cpe:/h:baynetworks:baystack_450 Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%), Bay Networks BayStack 450 switch (software version 3.1.0.22) (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 2 hops TCP Sequence Prediction: Difficulty=17 (Good luck!) IP ID Sequence Generation: Incremental TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 15.72 ms 10.0.2.2 2 13.77 ms 047-033-241-001.res.spectrum.com (47.33.241.1) Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Oct 23 17:10:21 2021 -- 1 IP address (1 host up) scanned in 162.71 seconds =======================================================