rootsource || members scanned a microsoft vuln bot

1. @boolsyntax
2. @phantoms
3. @randy
4. @BaSs
5. @sc
6. @godly
7. @fedsrus
8. @weleakinfospools
9. @zeekill
10. @proxylord
11. @notorious
12.  
13. for a group of "hackers" that think they know what they
14. are talking about, you scanned and sent denial of service attacks to a
15. fucking microsoft bot thinking it was a reponse of a home router.
16.  
17. its a microsoft bot,
18. they have it set to scan and set and have reports of vulnerabilities.
19.  
20.  
21. -read added comments on the response.
22. - fyi this isn't me flexing my capabilities, you would've had to be around to understand the situation.
23.  
24. {
25. {
26. "response_type": clearboolset(xls);
27. "IP": 52.114.142.71
28. "_response": .botset ** <<
29. "bottype": pro_llc
30. "company(s)": azure, microsoft, bots.net, sql, ssh, ftp, response.llo, querty, mozilla. **<<
31. "botping": active_response();
32. "user"; stan
33. "ss"; active
34. }
35. }
36. Country: USA
37. State/Region: Virginia
38. City Name
39. Boydton
40. Total IP Addresses on which we have information in this City: 2,052 ip
41. Total IPv6 Addresses on which we have information in this City: 1,045 ipv6
42. Similar Records
43. Total Websites hosted in City (on which we have information): 8,331 sites
44.  
45. Dirección IP: 52.114.142.71
46. AS Number (ASN):
47. Organización: E.I. du Pont de Nemours and Co.
48. Dominio:
49. DNS: 52.114.142.71
50. Pais: Estados Unidos
51. Código País: us
52. Bandera: Click para ver la bandera en grande
53. Nombre Región: Virginia
54. País Original: United States
55. Ciudad: Boydton
56. Código ZIP: 23917
57. Diferencia Horaria: -04:00
58. Ips vinculadas: 52.114.142.71
59. Latitude: 37 °
60. Longitude: -78 °
61. TOP World Websites Hosted hosted in City (from World Top 100,000 sites): 162 sites
62. IP Address 52.114.142.71
63. Decimal Representation 879922759
64. ASN AS8075
65. City Boydton
66. Country United States of America
67. Country Code US
68. ISP Microsoft Corporation
69. Latitude 36.6544° (36° 39' 15? N)
70. Longitude -78.3752° (78° 22' 30? W)
71. Organization Microsoft Azure
72. Postal Code 23917
73. Is Private IP Address no
74. PTR Resource Record
75. Is Reserved IP Address no
76. State Virginia
77. State Code VA
78. Timezone America/New_York
79. Local Time 2019-01-05 21:51:01-05:00
80. ISP Microsoft Corporation
81. Usage Type Data Center/Web Hosting/Transit
82. Domain Name microsoft.com
83. Country
84. City Boydton, Virginia
85. According to our records, this IP belongs to the subnet 52.112.0.0/14, identified as: " MSFT Public IP Address Block"
86. IP Address 52.114.142.71
87. Reverse DNS / Hostname 52.114.142.71
88. City Ashburn
89. Region North america
90. Country us United states (US)
91. Organization / ISP Microsoft Corporation
92. Latitude / Longitude 39.0438, -77.4874
93. Zipcode / Postcode 20149
94. TimeZone America/New_York (-5)
95. Calling Code +1
96. Currency USD
97. Languages en-US, es-US, haw, fr
98. ASN 4744870
99. Output:
100. GeoIP 52.114.142.71:
101. IP: 52.114.142.71
102. Hostname: Unknown
103. Country Code: US (USA)
104. Country: US United States
105. Region: Virginia
106. City: Boydton
107. Postal Code / zip: 23917
108. ISP: Microsoft Corporation
109. Organization: Microsoft Corporation
110. ASN: AS8075
111. Continent: NA North America
112. Timezone: America/New_York (Wed, 02 Jan 2019 17:14:01 -0500)
113. Google Maps »
114. IP Address 52.114.142.71
115. Country
116. United States, Boydton
117. Name Skype URI Preview
118. Site Skype Communications S.à.r.l.
119. URL https://www.skype.com
120. User Agent Bot: Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5
121. Referring URL no referrer
122. Host Name 52.114.142.71
123. ISP Microsoft Azure
124. ISP Microsoft Corporation
125. ASN AS8075
126. Country United States flag United States (US)
127. State/region VA
128. City Boydton
129. Postal code 23917
130. Lat / Long 36.6648 / -78.3715
131. Decimal 879922759
132. Binary 00110100 01110010 10001110 01000111
133. Hex 0x34728e47
134. NetRange: 52.96.0.0 - 52.115.255.255
135. CIDR: 52.112.0.0/14, 52.96.0.0/12
136. NetName: MSFT
137. NetHandle: NET-52-96-0-0-1
138. Parent: NET52 (NET-52-0-0-0-0)
139. NetType: Direct Assignment
140. OriginAS:
141. Organization: Microsoft Corporation (MSFT)
142. RegDate: 2015-11-24
143. Updated: 2015-11-24
144. Ref: https://rdap.arin.net/registry/ip/52.96.0.0
145. OrgName: Microsoft Corporation
146. OrgId: MSFT
147. Address: One Microsoft Way
148. City: Redmond
149. StateProv: WA
150. PostalCode: 98052
151. Country: US
152. RegDate: 1998-07-09
153. Updated: 2017-01-28
154. Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
155. Comment: * https://cert.microsoft.com.
156. Comment:
157. Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
158. Comment: * abuse@microsoft.com.
159. Comment:
160. Comment: To report security vulnerabilities in Microsoft products and services, please contact:
161. Comment: * secure@microsoft.com.
162. Comment:
163. Comment: For legal and law enforcement-related requests, please contact:
164. Comment: * msndcc@microsoft.com
165. Comment:
166. Comment: For routing, peering or DNS issues, please
167. Comment: contact:
168. Comment: * IOC@microsoft.com
169. Ref: https://rdap.arin.net/registry/entity/MSFT
170. OrgTechHandle: MRPD-ARIN
171. OrgTechName: Microsoft Routing, Peering, and DNS
172. OrgTechPhone: +1-425-882-8080
173. OrgTechEmail: IOC@microsoft.com
174. OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
175. OrgAbuseHandle: MAC74-ARIN
176. OrgAbuseName: Microsoft Abuse Contact
177. OrgAbusePhone: +1-425-882-8080
178. OrgAbuseEmail: abuse@microsoft.com
179. OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
180. Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-02 14:15 Pacific Standard Time
181.  
182. NSE: Loaded 148 scripts for scanning.
183.  
184. NSE: Script Pre-scanning.
185.  
186. Initiating NSE at 14:15
187.  
188. Completed NSE at 14:15, 0.00s elapsed
189.  
190. Initiating NSE at 14:15
191.  
192. Completed NSE at 14:15, 0.00s elapsed
193.  
194. Initiating Ping Scan at 14:15
195.  
196. Scanning 52.114.142.71 [4 ports]
197.  
198. Completed Ping Scan at 14:15, 4.66s elapsed (1 total hosts)
199.  
200. Initiating Parallel DNS resolution of 1 host. at 14:16
201.  
202. Completed Parallel DNS resolution of 1 host. at 14:16, 0.16s elapsed
203.  
204. Initiating SYN Stealth Scan at 14:16
205.  
206. Scanning 52.114.142.71 [1000 ports]
207.  
208. Discovered open port 443/tcp on 52.114.142.71
209.  
210. Completed SYN Stealth Scan at 14:16, 35.17s elapsed (1000 total ports)
211.  
212. Initiating Service scan at 14:16
213.  
214. Scanning 1 service on 52.114.142.71
215.  
216. Completed Service scan at 14:17, 24.14s elapsed (1 service on 1 host)
217.  
218. Initiating OS detection (try #1) against 52.114.142.71
219.  
220. Retrying OS detection (try #2) against 52.114.142.71
221.  
222. Initiating Traceroute at 14:17
223.  
224. Completed Traceroute at 14:17, 6.46s elapsed
225.  
226. Initiating Parallel DNS resolution of 17 hosts. at 14:17
227.  
228. Completed Parallel DNS resolution of 17 hosts. at 14:17, 0.28s elapsed
229.  
230. NSE: Script scanning 52.114.142.71.
231.  
232. Initiating NSE at 14:17
233.  
234. Completed NSE at 14:17, 3.21s elapsed
235.  
236. Initiating NSE at 14:17
237.  
238. Completed NSE at 14:17, 0.00s elapsed
239.  
240. Nmap scan report for 52.114.142.71
241.  
242. Host is up (0.13s latency).
243.  
244. Not shown: 999 filtered ports
245.  
246. PORT STATE SERVICE VERSION
247.  
248. 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
249.  
250. |_http-server-header: Microsoft-HTTPAPI/2.0
251.  
252. |_http-title: Site doesn't have a title.
253.  
254. | ssl-cert: Subject: commonName=urlp.asm.skype.com
255.  
256. | Subject Alternative Name: DNS:urlp.asm.skype.com, DNS:urlp-asm-skype.trafficmanager.net, DNS:ea1-urlp.cloudapp.net, DNS:eus1-urlp.asm.skype.com, DNS:eus1-urlp.cloudapp.net, DNS:neu1-urlp.asm.skype.com, DNS:neu1-urlp.cloudapp.net, DNS:nus1-urlp.asm.skype.com, DNS:nus1-urlp.cloudapp.net, DNS:sa1-urlp.asm.skype.com, DNS:sa1-urlp.cloudapp.net, DNS:sus1-urlp.asm.skype.com, DNS:sus1-urlp.cloudapp.net, DNS:weu1-urlp.asm.skype.com, DNS:weu1-urlp.cloudapp.net, DNS:wus1-urlp.asm.skype.com, DNS:wus1-urlp.cloudapp.net
257.  
258. | Issuer: commonName=Microsoft IT TLS CA 5/organizationName=Microsoft Corporation/stateOrProvinceName=Washington/countryName=US
259.  
260. | Public Key type: rsa
261.  
262. | Public Key bits: 2048
263.  
264. | Signature Algorithm: sha256WithRSAEncryption
265.  
266. | Not valid before: 2017-10-25T09:50:24
267.  
268. | Not valid after: 2019-10-25T09:50:24
269.  
270. | MD5: 72fa bbbc 640d 0766 d4ea 1e65 f00c 05f5
271.  
272. |_SHA-1: 72cb ac60 0389 3fa7 107d 64b1 917a 72ee f316 08b2
273. Hop Ip RTT Domain name Location
274. 1 45.79.12.201 1.699 United States
275. 2 45.79.12.2 1.676 United States
276. 3 206.223.118.17 1.672 8075-dal.msn.net United States
277. 4 206.223.118.17 1.668 8075-dal.msn.net United States
278. 5 104.44.8.128 33.808 be-71-0.ibr02.dfw05.ntwk.msn.net United States
279. 6 104.44.4.13 33.952 be-5-0.ibr03.atb.ntwk.msn.net United States
280. 7 104.44.16.43 33.916 be-4-0.ibr01.bn6.ntwk.msn.net United States
281. 8 104.44.4.39 36.375 be-1-0.ibr02.atb.ntwk.msn.net United States
282. 9 104.44.21.74 31.513 ae161-0.icr03.bn6.ntwk.msn.net United States
283. 10 * * * *
284. IP neighbourhood:
285. 52.114.142.7052.114.142.6952.114.142.6752.114.142.7952.114.142.8752.114.142.10352.114.142.752.114.142.19952.114.143.7152.114.140.7152.114.138.7152.114.134.7152.114.158.7152.114.174.7152.114.206.7152.114.14.7152.115.142.7152.112.142.7152.118.142.7152.122.142.7152.98.142.7152.82.142.7152.50.142.7152.242.142.7153.114.142.7154.114.142.7148.114.142.7160.114.142.7136.114.142.7120.114.142.71116.114.142.71180.114.142.71
286. DNS lookup for 52.114.142.71
287. (reverse DNS of 52.114.142.71)
288. No records found
289. PING 52.114.142.71 (52.114.142.71) 56(84) bytes of data.
290. --- 52.114.142.71 ping statistics ---
291. 5 packets transmitted, 0 received, 100% packet loss, time 4064ms
292. Blocklist Lookup Results
293. 52.114.142.71 is not listed in the SBL
294. 52.114.142.71 is not listed in the PBL
295. 52.114.142.71 is not listed in the XBL
296. IP Domain Country Region City ISP ASN
297. 52.114.142.71 United States flag United States VA Boydton Microsoft Corporation AS8075
298. IP Address: 52.114.142.71
299. Name: MSFTHandle: NET-52-96-0-0-1
300. Registration Date: 11/24/15
301. Range: 52.96.0.0-52.115.255.255
302. Org: Microsoft Corporation
303. Org Handle:
304. MSFTAddress: One Microsoft Way
305. City: RedmondState/Province:
306. WAPostal Code:
307. 98052Country: United States
308. Query terms are ambiguous. The query is assumed to be:
309. "n 52.114.142.71"
310.  
311. Use "?" to get help.
312.  
313.  
314. NetRange: 52.96.0.0 - 52.115.255.255
315. CIDR: 52.96.0.0/12, 52.112.0.0/14
316. NetName: MSFT
317. NetHandle: NET-52-96-0-0-1
318. Parent: NET52 (NET-52-0-0-0-0)
319. NetType: Direct Assignment
320. OriginAS:
321. Organization: Microsoft Corporation (MSFT)
322. RegDate: 2015-11-24
323. Updated: 2015-11-24
324. Ref: https://rdap.arin.net/registry/ip/52.96.0.0
325.  
326.  
327.  
328. OrgName: Microsoft Corporation
329. OrgId: MSFT
330. Address: One Microsoft Way
331. City: Redmond
332. StateProv: WA
333. PostalCode: 98052
334. Country: US
335. RegDate: 1998-07-09
336. Updated: 2017-01-28
337. Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
338. Comment: * https://cert.microsoft.com.
339. Comment:
340. Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
341. Comment: * abuse@microsoft.com.
342. Comment:
343. Comment: To report security vulnerabilities in Microsoft products and services, please contact:
344. Comment: * secure@microsoft.com.
345. Comment:
346. Comment: For legal and law enforcement-related requests, please contact:
347. Comment: * msndcc@microsoft.com
348. Comment:
349. Comment: For routing, peering or DNS issues, please
350. Comment: contact:
351. Comment: * IOC@microsoft.com
352. Ref: https://rdap.arin.net/registry/entity/MSFT
353.  
354.  
355. OrgTechHandle: MRPD-ARIN
356. OrgTechName: Microsoft Routing, Peering, and DNS
357. OrgTechPhone: +1-425-882-8080
358. OrgTechEmail: IOC@microsoft.com
359. OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
360.  
361. OrgAbuseHandle: MAC74-ARIN
362. OrgAbuseName: Microsoft Abuse Contact
363. OrgAbusePhone: +1-425-882-8080
364. OrgAbuseEmail: abuse@microsoft.com
365. OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
366. Query Time: 0.00016 seconds
367. Total: 0 Hits in 0 Websites
368. Error: No results found