[nsp-sec] Inboot.me - vboot.us using DRDoS as a paid service
Rodney Joffe
rjoffe at centergate.com
Tue Sep 30 14:49:17 EDT 2014
We’ve seen:
{
"info": "22 results found.",
"results": [
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-08-01T04:01:01Z",
"type": "ip",
"value": "104.28.31.68",
"value_ip": "104.28.31.68"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-08-01T04:01:01Z",
"type": "ip",
"value": "104.28.30.68",
"value_ip": "104.28.30.68"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "28",
"date": "2014-08-05T07:23:03Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::681c:1f44"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "28",
"date": "2014-08-05T07:23:03Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::681c:1e44"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "28",
"date": "2014-08-15T19:13:45Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::6ca2:cdc3"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "28",
"date": "2014-08-15T19:13:45Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::6ca2:cec3"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-08-14T22:36:53Z",
"type": "ip",
"value": "108.162.205.195",
"value_ip": "108.162.205.195"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-08-14T22:36:53Z",
"type": "ip",
"value": "108.162.206.195",
"value_ip": "108.162.206.195"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "1",
"date": "2014-08-17T07:10:14Z",
"type": "name",
"value": "inboot.me"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "1",
"date": "2014-08-17T07:10:14Z",
"type": "ip",
"value": "108.162.206.195",
"value_ip": "108.162.206.195"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "1",
"date": "2014-08-17T07:10:14Z",
"type": "ip",
"value": "108.162.205.195",
"value_ip": "108.162.205.195"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "1",
"date": "2014-08-17T07:10:14Z",
"type": "cname",
"value": "inboot.me"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "28",
"date": "2014-08-17T07:15:08Z",
"type": "name",
"value": "inboot.me"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "28",
"date": "2014-08-17T07:15:08Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::6ca2:cec3"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "28",
"date": "2014-08-17T07:15:08Z",
"type": "aaaa",
"value": "2400:cb00:2048:1::6ca2:cdc3"
},
{
"domain": "inboot.me",
"qname": "www.inboot.me",
"qtype": "28",
"date": "2014-08-17T07:15:08Z",
"type": "cname",
"value": "inboot.me"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-08-19T14:45:07Z",
"type": "ip",
"value": "67.215.66.149",
"value_ip": "67.215.66.149"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "2",
"date": "2014-08-29T18:48:22.000Z",
"type": "ns",
"value": "lucy.ns.cloudflare.com"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "2",
"date": "2014-08-29T18:48:22.000Z",
"type": "ns",
"value": "eric.ns.cloudflare.com"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-09-15T12:53:37.000Z",
"type": "ip",
"value": "107.23.255.195",
"value_ip": "107.23.255.195"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-09-30T12:27:37.000Z",
"type": "ip",
"value": "190.93.254.153",
"value_ip": "190.93.254.153"
},
{
"domain": "inboot.me",
"qname": "inboot.me",
"qtype": "1",
"date": "2014-09-30T12:27:37.000Z",
"type": "ip",
"value": "190.93.255.153",
"value_ip": "190.93.255.153"
}
On Sep 30, 2014, at 9:04 AM, John Kristoff <jtk at cymru.com> wrote:
> ----------- nsp-security Confidential --------
>
> On Tue, 30 Sep 2014 11:01:32 +0000
> "Shelton, Steve" <sshelton at Cogentco.com> wrote:
>
>> Did anyone happen to see this yesterday hitting their resolvers?
>
> The DRG and my own resolvers have seen some ANY queries for
> smar.vboot.us from 81.17.20.38 on September 27, 2014, all happening
> around the 1930 UTC time frame.
>
> In a cursory search, I've not seen the inboot.me name queried
> for anywhere recently.
>
> John
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list