ASN 8075 Microsoft Azure botnet cluster detection
Hey all, looking for escalation advice or success stories on getting Microsoft to take down Azure-hosted bot clusters.
Context
- Seeing coordinated abusive traffic sourced from ASN 8075 (Microsoft Azure).
- Looks like short-lived rented VMs running the same automation playbook.
- Goal is to get a faster response from Microsoft than I’m currently seeing.
Indicators
- IPs: <paste list or CIDRs here>
- First seen / last seen: <UTC timestamps>
- Request profile: <paths, methods, headers, JA3, TLS fingerprints, CF Ray IDs if relevant>
- Behavior: <login spraying, scraping, carding, credential stuffing, L7 floods, etc.>
What I’ve done so far
- Sent an abuse report to abuse@microsoft.com with evidence.
Ask
- Which channel or contact at Microsoft gets the fastest takedowns for this kind of abuse.
- What kind of evidence their SOC actually acts on quickly.
Happy to share
- Redacted logs, PCAPs, and reproducible steps in DMs or a private thread.
Thanks — I’ll post updates if I get traction so others can reference.
4 Replies
This is Cloudflare's Discord server
Ah yes a useless individual saying useless things. Let's here more of it.
Because my worker filters out automated botnet attacks and this is what I found? I'm failing to understand why you guys are so aggressive about me asking basic questions.
It’s interesting you’re focusing on whether my opener ‘looked AI’ instead of the Dublin Azure patterns themselves. Is that because you think the logs aren’t valid?
You’re focusing on how the text was written instead of the content, and implying that using AI to format my evidence makes it invalid. I’m autistic and use tools to help present my data clearly — dismissing that instead of engaging with the actual logs is gaslighting and would be considered a human rights issue in a Canadian workplace.
You constantly deflecting the idea is very suspicious man.
Lets just say that right now lol. Very sus.
I have the logs man it's cLled asking.
So, again super sus you're so aggressive.
You, taking every comment to the gaslight territory is unbelievably sus man.
Kinda wild you’ve got “Ministry of Foreign Affairs of the PRC” in your profile but you’re putting this much energy into brushing off Dublin Azure botnet logs. Looks a lot like you’re trying to gaslight instead of actually address it.
At this point were discussing your deflection and gaslight tactics now.
Still nothing on the actual Dublin logs. Just more side chatter.
Take note of the botnet being abused in Dublin and report it?
Wow man you're obviously a bad actor here.
Because duplicity in reporting is how these events are handled.
So just to be clear — you’re saying we should not report evidence of an active Dublin-based botnet abuse pattern, because it might “waste people’s time”? That’s exactly how abuse stays in place.
It's not spam it's reporting abuse. You really seem to want to let continue.
It is literally reporting abuse. Your connection to the Chinese government while trying to gaslight Canadians into not reporting is noted Leo.
If you could provide me with more professional credentials please so I can write up a report that would be fantastic so we can cite you for your contributions here today.
@Community Champion so if you're the mod here. Take not please.
I asked some questions about this botnet.
Instead of providing any questions or help. This dude IMMEDIATELY went to gaslighting, and psychological attacks and comments to deflect the commentary off the botnet.
Why.
Let's just stop this discussion here. @Formant this is competely off-topic, and this server is not the place for comments like this.
I'd also like to kindly ask you to stay away from calling moderators, or any member for that matter a "useless individual"