In the last Days we see 13 IPs from the Network MICROSOFT-CORP—MSN-AS-BLOCK – Microsoft Corp // ASN8075 from a lot of Forum-Spam-/SSH-/Voip-/SIP-Attacks.
We send the default X-ARF-Abuse-Complaint, but only the Server which makes SSH-/Sip-Attacks was stoped or not longer reported to us.
So, we send a normal Mail to email@example.com, abuse@microsoft… abuse@msn…. but received only the acknowledgement-Mail and a bounce-Mail from noc@ that the account does not exist, but is aviable in the Whois-Data.
On the Server there are the rdp-Port open:
We thinking there are Developement-Systems there was hacked or false configured, that he have a (Reverse)Proxy which allows to get URLs from other URLs and not only from the same system.
Some IPs was heavy, like this IP 220.127.116.11 he has send over 760400 Spam-Comments/Posts or automatically Registrations in Honeypot-Systems. The most IPs was stopped or was never reported to us after yesterday, but one IP is still alive.
We wait for a Answer from microsoft so far 😐
Thank you for bringing this to our attention, please file a response to
http://cert.microsoft.com. Then our security teams will start that
investigation, also you can use that in the future to report suspicious
Online Safety Team
We have try to send a Report, but get only the following error-message:
An internal error has occured, please try again. Object reference not set to an instance of an object.
With an fake Referer, the Form works.
But dear Microsoft, please use a X-ARF-Parser and generate a new Report with your own format from your Form.