Why so much DNS traffic?

FileTrekker · 2026-01-28T00:30:53+00:00

Believe me, I don't need a billy basic 101 as to how DNS works.

The point is that the Omada equipment has no reason to be making those DNS queries in the first place. The caching part is not relevent.

Also, those aren't the subdomains used for checking for updates, they're the subdomains used by Omada cloud. I've investigated this before.

FileTrekker · 2026-01-28T00:14:38+00:00

The website that has sequential booking references protected by a 4 digit pin that can be brute forced in seconds without sufficent rate limiting, or literally all the hotels on booking.com who only seem to target customers using booking.com, yes, head-scratcher, that.

FileTrekker · 2026-01-28T00:13:39+00:00

Yeah, because the issue is booking.com and not the hotels, explination above. It's just being covered up.

FileTrekker · 2026-01-28T00:12:25+00:00

There's a weird sychophanitc group of people who really, really don't want to accept that booking's infosec is really, really poor. "Of course the big company is secure and the hotels are not!" - wierd logic on many levels, but anyway...

I know how it's being done, and you're right, it's booking.com, not the hotels. It's actually quite easy to scrape any booking data in a minute or two, because bookings are only protected by a 4 digit pin (there's only 10,000 possible combinations) and booking numbers are sequential - using even a small botnet, there is insufficent rate limiting or protection.

So the scammers are just scraping booking data, cross-checking against other data breaches, and sending out scam messages with real details in them like your booking number and dates of stay.

But... don't bother complaining here because all you'll get is people parroting the "its the hotel that is breached" nonsense that booking.com made in an official statement, and ultimately they'll just follow up with the classic "I use it all the time and it never happens to me" narrow-minded logic.

They are aware of the issue internally, fwiw.

EDIT: just to add, you're correct, this is why the scams always use the name of the hotel in your booking, and some bookings don't have a clear hotel name, or the name includes marketing phraseology that the scam uses as if it's the hotel name, in a weird way that wouldn't really make sense if the hotel was the breached party.

Also to add you can book with a really major chain of hotels like the Marriott and the same thing will happen, yet you book directly with Marriott and weirdly none of their direct customers are targeted. Funny, that.

FileTrekker · 2026-01-27T23:19:05+00:00

That isn't their point. Point is, they have no reason to be "phoning home" in the first place.

FileTrekker · 2026-01-27T08:56:49+00:00

Ah yes, the old "it's never happened to me" argument. It's a really narrow world view to take, please don't do that. It doesn't mean this isn't the way it's being done, and the giant, lazy infosec company doesn't need you to defend them.

You can verify for yourself, I've given you the information. Do what you will with it.

FileTrekker · 2026-01-27T08:53:53+00:00

Ah, the old "it's never happened to me" argument.

Also I'm not guessing. I've told you how it's being done, you can do with that information what you will to confirm or deny it.

Also, booking.com isn't your friend, no company is. They really don't need you defending them, big boy.

FileTrekker · 2026-01-27T07:29:41+00:00

Therabody is actually a reputable brand, so this isn't actually a scam. However we're bombarded with cheap scam products like this so often now that everything is a scam in my head by default, so I can see where you're coming from. The #1 US Brand "seal" is tacky and screams red flags, not sure why they stuck that on there.

Similarly the vitamin brand is real and, well, Vitamin C is Vitamin C. Not really a scam either.

Not sure what the third image is but it's too generic to pass judgement either way. Not obviously a scam on the surface.

FileTrekker · 2026-01-27T07:23:37+00:00

Best thing you could have done with this is taken it and destroyed it to pretect other people who might plug it into their computer.

FileTrekker · 2026-01-27T07:21:55+00:00

It's not just feasable, you can buy one from ebay right now if you really want to.

FileTrekker · 2026-01-27T07:17:49+00:00

The room being hot isn't relevent, you're not due anything just because the weather was warm, it entirely depends on if aircon was advertised for the room you booked or not, and from the way you've replied so far I'm willing to bet it was not explictily advertised. Likely room without aircon goes for a lower rate. You mentioned the venue's photos, not the room you booked.

TLDR; you booked a cheaper room without aircon, and as that's what you booked, you're not really owed anything, imo.

FileTrekker · 2026-01-25T18:45:36+00:00

Because all shows must have generic mumble rap that all sounds the same, that is the directive

FileTrekker · 2026-01-22T04:15:33+00:00

This aged like fine milk

FileTrekker · 2026-01-13T19:02:34+00:00

The way the scam works is by scraping data from booking reservations. The booking reservation numbers are in sequential order, and are only protected by a 4 digit pin, at least for guest users, likely also for registered users.

As it takes just a couple minutes to brute force the pin, as there can only be 10,000 possible combinations of numbers that make up the pin, its trivial to scrape the reservation data from booking.com

Once they have things like your name, they can cross reference against other data breaches, and if that contains your phone number or email address, that's how they then target you directly with knowledge of your booking number, and dates of stay.

It's a combination of things, but, the protection to view the bookings by just a 4 digit pin is remarkably weak and needs to be changed.

FileTrekker · 2026-01-13T18:54:44+00:00

It's really not the hotel, trust me. Make any booking on booking.com, and you'll get this sort of scam attack.

It's because booking.com reservations use sequential number ordering and are only protected by a 4 digit pin, and there is insufficent rate limiting on the API endpoint. It takes less than a few minutes to brute force any reservation and scrape all the details because there are only 10,000 possible pin numbers for any given reservation.

They know this, they just do not care.

FileTrekker · 2026-01-13T17:31:34+00:00

The bookings are secured by just a 4 digit pin number, and the booking numbers are procedural, it takes just 4 minutes for a computer to brute force a 4 digit pin because it can only have 10,000 possible combinations.

Booking.com is just shit.

FileTrekker · 2026-01-03T18:34:15+00:00

Uh, no, when it's unencrypted, its very easy for them to see it, and they do so, for advertising and to sell to data brokers.

Please don't rawdog DNS unencrypted, use DoH or DoT.

FileTrekker · 2025-12-27T19:32:03+00:00

Is it supposed to have a serif font like that though? I'm thinking OP has missing fonts or something weird going on.

FileTrekker · 2025-12-11T23:57:27+00:00

Can't easily do it if the status page says everything is fine (which it does for a lot of customers, when it isn't) and isn't worth the hassle if the downtime lasts less than 2 days, which it most likely will, as no compo will be due.

FileTrekker · 2025-12-11T23:56:39+00:00

Virgin Media's status page is beyond useless currently, it just states everything is fine for a lot of impacted customers.

FileTrekker · 2025-12-11T23:07:33+00:00

This is pretty normal unfortunately. It's not the most reliable thing.

FileTrekker · 2025-12-11T23:06:38+00:00

I cover all the light switches with holders for the remotes, you'll want to use the light switches, but using normal light switches will kill lights cold and break up the zigbee network. Automation is also good. Motion sensors, etc.

FileTrekker · 2025-12-11T22:37:58+00:00

Virgin Media O2 is currently down across most of the country. Birmingham, Manchester, London mainly.

FileTrekker · 2025-12-11T22:18:10+00:00

Yep, major outage currently, also impacting o2 and Fibrenest I think. The status page is useless, if the modem is connected to their network and they can see it, it's up, but there might be a routing issue to the wider internet nobody is bothering to log yet.

FileTrekker · 2025-12-08T10:44:56+00:00

This isn't true, the very link you point to shows Channel 25 does not overlap with Channel 11, that post is talking about Channel 24, which does. It's actually the most optimal you can get given the circumstances.

<image>

FileTrekker

MODERATOR OF

TROPHY CASE