Pages

Tuesday, May 14, 2019

Microsoft Azure Unusual Traffic from Reported IPs

From March 23rd to May 21, 2019, it was pretty much two continuous months of unusual traffic coming from Microsoft Azure hosted IPs. Doing a Whois, it says Microsoft Azure ... so if this was questionable activity, you would need to send your abuse reports to Microsoft Corporation. Before I reported this unusual activity to Microsoft, I generated an output list of IPs for Microsoft's data center to see if this was official Microsoft Corporation activity. I did not find these three IPs on their list, so I proceeded with my report.

It took two reports to get a informational response on May 21, 2019 from Microsoft Azure Safeguards Team that these 3 IPs belonged to a Bing team! Like, I was supposed to know that? They were kind enough to also direct me to a most interesting and informative post about Safer Web Exploration with Bing.

That Bing article goes back to August 7, 2013. It is almost six years later! I don't believe I've seen such unusual traffic like what I've seen the past two months. After being informed of this Bing team, I guess I have concluded that this activity is a good thing for me and my blog. However, in the course of angsting for the past two months because of this unusual traffic, I did find that some websites have employed unscrupulous black hat seo techniques to negatively impact my blog! I am hoping maybe the Bing team might help to rectify that negative activity and set me back on a positive path.

As a result of this new more positive information, I have rewritten my blog post about the Microsoft Azure unusual traffic from reported IPs! And, I have done another blog post to point out the content scrapers who have gone seemingly nuts on stealing my copyrighted images. One of the sites has malware and is a blacklisted url. Not good when you see them ranking with my image and blog name.

DEAR MICROSOFT CORPORATION : HELP!
On May 1, 2019, I first reported this questionable activity to Microsoft through their contact email of abuse@microsoft.com. The 3 different IPs involved:

  1. 52.162.211.179
  2. 52.162.213.79
  3. 23.100.232.233


On May 3, 2019, I heard back from Microsoft Online Security, "Based on the information you have provided, this may have originated from an account hosted on Microsoft Azure. We forwarded your complaint to the CERT team for review and action. Should you encounter additional reports from the same IP, send them directly to Cert@Microsoft.com."

On May 8, 2019, I compiled a comprehensive report on the 3 IPs unusual activity on my Google blog, showing the blog posts and dates and times of the activity. I sent my report directly to Cert@Microsoft.com. I also shared:

There are an extensive number of abuse reports against these IPs. It was because of the abuse reports that I thought something nefarious was going on to negatively impact my blog!
https://www.abuseipdb.com/check/52.162.211.179
https://www.abuseipdb.com/check/52.162.213.79
https://www.abuseipdb.com/check/23.100.232.233

On May 8, 2019, I received back an automated response from Microsoft stating:
In order for the report to be processed it must contain the following information: 
Name:
Organization:
Phone number (optional):
Email address:
Source IP:
Destination IP:
Description of the activity:
Accurate date and time and time zone of activity:
Log Data Extracts:
Your contact details: 
For the fastest response, please submit abuse reports to https://cert.microsoft.com. We will review your report and contact you as appropriate.
My original report to Microsoft had included all of this information with the exception of the Destination IP of my Google blog, https://jaguarjulie.blogspot.com/. So I edited that same report, including the text block of information asked for, and resubmitted to that email.

On May 9, 2019, I noticed that Microsoft Corporation, Redmond, Washington, visited my Google blog to determine more about the destination IP.


As of May 14, 2019, there has been no further response to me directly from Microsoft Corporation about my complaint of unusual activity by 3 IPs hosted on Microsoft Azure. The unusual activity continues daily! You be the judge ... take a look at the type of visits to my Google blog posts ... over and over again to the same posts!

Here is a snippet of one day's unusual traffic from IP 23.100.232.233:

(No referring link)
11 May 02:10:49 AM
https://jaguarjulie.blogspot.com/
(No referring link)
11 May 03:36:05 AM
https://jaguarjulie.blogspot.com/2014/10/breaded-baked-chicken-thighs.html
(No referring link)
11 May 04:19:22 AM
https://jaguarjulie.blogspot.com/2014/10/breaded-baked-chicken-thighs.html
(No referring link)
11 May 04:56:39 AM
https://jaguarjulie.blogspot.com/2014/10/breaded-baked-chicken-thighs.html
(No referring link)
11 May 05:39:20 AM
https://jaguarjulie.blogspot.com/2014/10/breaded-baked-chicken-thighs.html
(No referring link)
11 May 06:43:36 AM
https://jaguarjulie.blogspot.com/2014/10/reflex-blue-pms-286.html
(No referring link)
11 May 07:04:09 AM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
11 May 07:54:55 AM
https://jaguarjulie.blogspot.com/2014/10/reflex-blue-pms-286.html
(No referring link)
11 May 08:11:04 AM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
11 May 08:40:45 AM
https://jaguarjulie.blogspot.com/2014/10/reflex-blue-pms-286.html
(No referring link)
11 May 09:26:05 AM
https://jaguarjulie.blogspot.com/2014/10/reflex-blue-pms-286.html
(No referring link)
11 May 09:35:24 AM
https://jaguarjulie.blogspot.com/2014/10/hungarian-spaetzle-little-dumplings.html
(No referring link)
11 May 09:40:27 AM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
11 May 10:22:15 AM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
11 May 12:15:29 PM
https://jaguarjulie.blogspot.com/2014/10/hungarian-spaetzle-little-dumplings.html
(No referring link)
11 May 01:00:50 PM
https://jaguarjulie.blogspot.com/2014/10/hungarian-spaetzle-little-dumplings.html
(No referring link)
11 May 02:05:34 PM
https://jaguarjulie.blogspot.com/2014/10/hungarian-spaetzle-little-dumplings.html
(No referring link)
11 May 04:23:47 PM
https://jaguarjulie.blogspot.com/2015/07/seniors-vs-crime-in-florida.html
(No referring link)
11 May 07:12:38 PM
https://jaguarjulie.blogspot.com/2015/07/seniors-vs-crime-in-florida.html
(No referring link)
11 May 09:44:10 PM
https://jaguarjulie.blogspot.com/2015/07/seniors-vs-crime-in-florida.html
(No referring link)
11 May 11:47:16 PM
https://jaguarjulie.blogspot.com/2015/07/seniors-vs-crime-in-florida.html

As of the initial writing of this original blog post, there are quite a few visits from IP 23.100.232.233 continuing on a daily basis. This does not look like normal activity, but someone "obsessed" with my blog.

(No referring link)
12 May 01:46:27 AM
https://jaguarjulie.blogspot.com/2012/10/jea-overcharges-customers-for-services.html
(No referring link)
12 May 02:47:07 AM
https://jaguarjulie.blogspot.com/2012/10/jea-overcharges-customers-for-services.html
(No referring link)
12 May 05:53:19 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
13 May 09:03:34 PM
https://jaguarjulie.blogspot.com/2018/10/pink-powder-puff-calliandra-surinamensis.html
(No referring link)
13 May 11:11:25 PM
https://jaguarjulie.blogspot.com/2018/10/pink-powder-puff-calliandra-surinamensis.html
(No referring link)
14 May 02:36:17 AM
https://jaguarjulie.blogspot.com/2018/10/pink-powder-puff-calliandra-surinamensis.html
(No referring link)
14 May 06:17:46 AM
https://jaguarjulie.blogspot.com/2015/01/drake-chinese-elm-tree-removal.html
(No referring link)
14 May 07:04:31 AM
https://jaguarjulie.blogspot.com/2015/01/drake-chinese-elm-tree-removal.html
(No referring link)
14 May 08:11:12 AM
https://jaguarjulie.blogspot.com/2015/01/drake-chinese-elm-tree-removal.html
(No referring link)
14 May 09:01:52 AM
https://jaguarjulie.blogspot.com/2015/01/drake-chinese-elm-tree-removal.html
(No referring link)
14 May 09:18:06 AM
https://jaguarjulie.blogspot.com/2012/10/red-fraggle-rock-costume-for-adults.html
(No referring link)
14 May 10:26:24 AM
https://jaguarjulie.blogspot.com/2012/10/red-fraggle-rock-costume-for-adults.html
(No referring link)
14 May 11:16:10 AM
https://jaguarjulie.blogspot.com/2012/10/red-fraggle-rock-costume-for-adults.html
(No referring link)
14 May 11:54:10 AM
https://jaguarjulie.blogspot.com/2012/10/red-fraggle-rock-costume-for-adults.html
(No referring link)
14 May 09:15:17 PM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
14 May 11:49:53 PM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
15 May 01:14:39 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
15 May 02:14:30 AM
https://jaguarjulie.blogspot.com/2014/04/pink-slime-mold-in-sunflower-garden.html
(No referring link)
15 May 02:28:35 AM
https://jaguarjulie.blogspot.com/2013/09/what-weed-has-tiny-purple-flowers.html
(No referring link)
15 May 03:06:43 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
15 May 03:53:56 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
15 May 06:15:33 AM
https://jaguarjulie.blogspot.com/2008/01/jaguarjulie-anthology-of-squidoo-lenses.html
(No referring link)
16 May 01:22:43 AM
https://jaguarjulie.blogspot.com/2014/09/lamarthe-designer-handbags.html
(No referring link)
16 May 03:36:16 PM
https://jaguarjulie.blogspot.com/2013/08/hollohaza-hungarian-porcelain-1777-nude.html
(No referring link)
16 May 06:07:57 PM
https://jaguarjulie.blogspot.com/2013/08/hollohaza-hungarian-porcelain-1777-nude.html
(No referring link)
16 May 08:36:03 PM
https://jaguarjulie.blogspot.com/2013/08/hollohaza-hungarian-porcelain-1777-nude.html
(No referring link)
16 May 09:43:50 PM
https://jaguarjulie.blogspot.com/2013/08/hollohaza-hungarian-porcelain-1777-nude.html
(No referring link)
19 May 11:50:11 AM
https://jaguarjulie.blogspot.com/2018/04/russian-mammoth-sunflowers.html
(No referring link)
19 May 01:28:17 PM
https://jaguarjulie.blogspot.com/2018/04/russian-mammoth-sunflowers.html
(No referring link)
19 May 02:08:13 PM
https://jaguarjulie.blogspot.com/2018/04/russian-mammoth-sunflowers.html
(No referring link)
19 May 02:53:37 PM
https://jaguarjulie.blogspot.com/2018/04/russian-mammoth-sunflowers.html
(No referring link)
20 May 07:34:11 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
20 May 11:05:44 AM
https://jaguarjulie.blogspot.com/2014/10/best-stuffed-cabbage-rolls-ever.html
(No referring link)
20 May 11:13:17 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
20 May 11:56:21 AM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
20 May 12:22:59 PM
https://jaguarjulie.blogspot.com/2018/03/monarch-butterfly-caterpillar-egg-and.html
(No referring link)
20 May 12:29:46 PM
https://jaguarjulie.blogspot.com/2017/09/
(No referring link)
20 May 01:06:49 PM
https://jaguarjulie.blogspot.com/2017/09/juvenile-southern-black-racer-snake.html
(No referring link)
20 May 01:13:15 PM
https://jaguarjulie.blogspot.com/2014/10/best-stuffed-cabbage-rolls-ever.html
(No referring link)
20 May 01:33:56 PM
https://jaguarjulie.blogspot.com/2018/03/monarch-butterfly-caterpillar-egg-and.html
(No referring link)
20 May 02:39:51 PM
https://jaguarjulie.blogspot.com/2014/10/best-stuffed-cabbage-rolls-ever.html
(No referring link)
20 May 03:38:49 PM
https://jaguarjulie.blogspot.com/2017/09/
(No referring link)
20 May 03:58:16 PM
https://jaguarjulie.blogspot.com/2016/12/tersa-sphinx-moth.html
(No referring link)
20 May 04:36:33 PM
https://jaguarjulie.blogspot.com/2014/10/best-stuffed-cabbage-rolls-ever.html
(No referring link)
20 May 05:55:31 PM
https://jaguarjulie.blogspot.com/2017/09/
(No referring link)
20 May 06:21:23 PM
https://jaguarjulie.blogspot.com/2016/12/tersa-sphinx-moth.html
(No referring link)
20 May 08:26:53 PM
https://jaguarjulie.blogspot.com/2017/09/
(No referring link)
20 May 09:00:11 PM
https://jaguarjulie.blogspot.com/2016/12/tersa-sphinx-moth.html
(No referring link)
21 May 01:17:27 AM
https://jaguarjulie.blogspot.com/2016/12/tersa-sphinx-moth.html

On May 21, 2019 that unusual traffic seemed to stop, or maybe pause. I am glad Microsoft finally sent me a note to inform me that this was their Bing team with the 3 IPs at work. How was I supposed to know this? My blood pressure has been through the roof and my insomnia kicked into high gear. Thanks for letting me know!

7 comments:

Nacho Gómez said...

Goood morning, Julie,

I have the same situation with the continuous visits from Chicago, 23.100.232.233. I undestand that I shouldn't be worried about this IP, am I right?

Thank you very much for your information!

Nacho

Julie Ann Brady said...

Nacho, I would say it is activity related to Microsoft Bing indexing your content. It seems this activity has ramped up recently on my blog as well. Thanks for dropping by and taking time to comment.

Nacho Gómez said...

Thank you! Good luck!

Francesc Puigcarbó said...

The same thing happens to me as it does to you, I have spent a week with 2000 visits you would say to a blog that I have in Spanish that normally receives 100. And it is for a 2011 article. Your writing has clarified the doubts I had. Thank you.

Julie Ann Brady said...

I'm glad my blog post has helped to clarify your questions about this traffic!! I have been seeing a resurgence in the traffic recently. Hopefully, this will me indexing and generating even more genuine traffic to my blog posts!

HowToSolutions said...

Thanks for this post.

For few weeks now, I was noticing traffic from "Microsoft Azure (23.100.232.233)". I wouldn't even notice it, but when the visit came from this IP, it almost always happened 3 times in span of few hours, which made it look odd.

I did have suspicion it was from Bing indexing crawler, since it started soon after signing up for Bing Webmaster Tool. Now your article confirmed it.

tonits said...

I got spike visit from the last IP (23.100.232.233). I blocked it. The next day I got report from bing webmaster tool that it can not visit to crawl my website. Then I released the block to let it in.

Today I check if it was the bing bot from new bing webmaster tool Verify Bingbot. It is said:

"23.100.232.233 is NOT a verified Bingbot"

If it is not a bingbot, what is it?

Post a Comment