IP Lookup Details:
IP Information - 40.107.244.120
Host name: mail-mw2nam12on2120.outbound.protection.outlook.com
Country: United States
Country Code: US
Region:
City:
Latitude: 37.751
Longitude: -97.822
CIDR: 40.124.0.0/16, 40.96.0.0/12, 40.120.0.0/14, 40.112.0.0/13, 40.80.0.0/12, 40.76.0.0/14, 40.74.0.0/15, 40.125.0.0/17
NetName: MSFT
NetHandle: NET-40-74-0-0-1
Parent: NET40 (NET-40-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-02-23
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/40.74.0.0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2024-03-18
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
OrgTechHandle: KIMAV-ARIN
OrgTechName: Kim, Avery
OrgTechPhone: +1-425-882-8080
OrgTechEmail: averykim@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/KIMAV-ARIN
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-882-8080
OrgRoutingEmail: someshch@microsoft.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
FOR YOUR INFORMATIONS and ACTIONS against these HACKERS USING your servers IP and accounts and mails boxes ! Pour votre Information et Actions contre ces hackers utilisant vos serveurs IP, comptes et boites mails ! Recu mail escroc au faux loyer impayé et titré : Facture Loyer Lundi 10 Juin 2024 après 10h52 j’ai reçu ce mail escroc usurpant en pièce jointe .PDF le LOGO et un RIB de la Banque Française Mutualiste ( BFM ) et venant l’adresse mail bidon ou usurpée : escaner@oceanica.ws Mais vraie adresse mail trouvée dans le code HTML pour répondre aux hackers : Reply-To: Mme Helene BARAYRE <bureaugestionetcomptabilite@outlook.fr> Boites mails Outlook gérées par Microsoft Et utilisant les adresses IP MS Outlook : 40.107.244.120 Received : from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2120.outbound.protection.outlook.com [40.107.244.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mlpnf0106.laposte.net (SMTP Server) with ESMTPS id 4VyQY35rSPz5vLY for <@laposte.net>; Mon, 10 Jun 2024 10:52:23 +0200 (CEST) ARC-Seal : i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; IP Lookup Details: IP Information - 40.107.244.120 Host name: mail-mw2nam12on2120.outbound.protection.outlook.com Country: United States Country Code: US Region: City: Latitude: 37.751 Longitude: -97.822 ********************** Code HTML des hackers ************************ Return-Path : <escaner@oceanica.ws> Received : from mlpnf0106.laposte.net (mlpnf0106.sys.meshcore.net [10.94.128.85]) by mlpnb0108 with LMTPA; Mon, 10 Jun 2024 10:52:24 +0200 X-Cyrus-Session-Id : cyrus-151332-1718009544-2-16759083769934272232 X-Sieve : CMU Sieve 3.0 ARC-Seal : i=2; a=rsa-sha256; d=laposte.net; s=lpn-wlmd; t=1718009544; cv=pass; b=Tb8+wvAurMjFyEyUV1TQd+z1aPhmcIyytd/35LNpq4HWJm1QJTIB8hoEDOGwC0m2ZmBV0hwzDUK c0s6QhqM5F69jBxJho2hbtyTE6ppBaCI2xdF8a6u+QDtYmo7vtQPqbCxehP5TjyK2qmMeCQELArb 6ZFgzM8efbphCh5SzJeoXJdUt7QUELZuzwmmgOluIonWdu3TdV1xjzX3s4eouW3Lp347jQZOpRbf eJwBVRkDV21MGNmdY+2wiN1s0DE6YANTvdNiJJVxOeHt5gmzhbVUOS8On5a6NkuptMdb5VQNQLae gBQVe05l0Gl1/gTDo3VkeUebqV3Wo9CviXTHciw== ARC-Message-Signature : i=2; a=rsa-sha256; c=relaxed/relaxed; d=laposte.net; s=lpn-wlmd; t=1718009544; h=DKIM-Signature:FROM:TO:REPLY-TO:SUBJECT:DATE; bh= i2agMjv7aXrKDQtrCFdTR/k4F2BFDNpoHrmNPC6nNyo=; b=oIxoRICDoY6yQUZua0/3mMUuFUXg ekAG61lDoPD19AtSBw5K7DV/36X8CRHVS/07mQGSvJ2owBbg6kRTvo8rWM9Ehxv/5tAuej00KCLQ 92MM8RQBvba27ASpXEzxysDyZWQbfcEk2uzA9U6oyhCwtIFfrkHbHOpy/8K0owEqsqDyV0AKKycf 7TcQ7idmKptT5Du2HbJsdVy7SEkN6iyTnu5TebYAS3LJaFRugpNK8RsYKQUuTYonRudR7Q/zqzTD sHq8eWoZMCQHNfe8v8EIDuqb1jW78bPv4ggz+zXC0gGGVR0pTCb8iizMkW9DUPWHJpAueOvx9k0L NzenUZXytg== ARC-Authentication-Results : i=2; laposte.net; spf=pass smtp.helo=NAM12-MW2-obe.outbound.protection.outlook.com smtp.mailfrom=escaner@oceanica.ws; dkim=pass reason="good signature" header.b=Qh0wg/ header.d=oceanicaws.onmicrosoft.com header.s=selector2-oceanicaws-onmicrosoft-com; dmarc=none reason="No policy found"; arc=pass header.oldest-pass=0 smtp.remote-ip=40.107.244.120; bimi=skipped reason="non-pass DMARC" X-mail-filterd : {"version":"1.7.5","queueID":"4VyQY44J4mz5vLW","contextId": "e4648f1d-3f72-46f4-ad4e-1868f427278f"} X-ppbforward : {"queueID":"4VyQY44J4mz5vLW","server":"mlpnf0106"} Received : from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0106.laposte.net (SMTP Server) with ESMTP id 4VyQY44J4mz5vLW for <lpn000000000000000018870443@back01-mail02-04.lpn.svc.meshcore.net>; Mon, 10 Jun 2024 10:52:24 +0200 (CEST) X-mail-filterd : {"version":"1.7.5","queueID":"4VyQY35rSPz5vLY","contextId": "502c3f68-c99c-4655-a8a0-c743a9cee4f4"} X-lpn-mailing : LEGIT X-lpn-spamrating : 42 X-lpn-spamlevel : not-spam Authentication-Results : laposte.net; spf=pass smtp.mailfrom=escaner@oceanica.ws smtp.helo=NAM12-MW2-obe.outbound.protection.outlook.com; dkim=pass reason="good signature" header.d=oceanicaws.onmicrosoft.com header.s=selector2-oceanicaws-onmicrosoft-com header.b=Qh0wg/; dmarc=none reason="No policy found"; arc=pass smtp.remote-ip=40.107.244.120 header.oldest-pass=0; bimi=skipped reason="non-pass DMARC" X-lpn-spamcause : OK, (13)(0000)gggruggvucftvghtrhhoucdtuddrgedvledrfedutddgtdelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecunfetrffquffvgfdpggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucgfrhhlucfvnfffucdludefmdenucfjughrpegthffvrhfukfffggesmhdtreertddtjeenucfhrhhomhepvehomhhpthgrsghlvgcukfhmmhhosghilhhivghruceovghstggrnhgvrhesohgtvggrnhhitggrrdifsheqnecuggftrfgrthhtvghrnhepvddtueelgefftddvtddufeeuheffvedtvedvvddtvdevtdeghfeiieffueevfefgnecukfhppeegtddruddtjedrvdeggedruddvtddpvdeitdefmedutdgsieemrgdtfeemgegtvdemmeduieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeegtddruddtjedrvdeggedruddvtddphhgvlhhopefptefouddvqdfohgdvqdhosggvrdhouhhtsghouhhnugdrphhrohhtvggtthhiohhnrdhouhhtlhhoohhkrdgtohhmpdhmrghilhhfrhhomhepvghstggrnhgvrhesohgtvggrnhhitggrrdifshdpnhgspghrtghpthhtohepuddprhgtphhtthhopegvlhgvrdhlvghmohhinhgvsehlrghpohhsthgvrdhnvghtpdhsphhfpehprghsshdpughkihhmpehnohhnvgdpughmrghrtgepnhhonhgvpdhrvghvkffrpehmrghilhdqmhifvdhnrghmuddvohhnvdduvddtrdhouhhtsghouhhnugdrphh rohhtvggtthhiohhnrdhouhhtlhhoohhkrdgtohhmpdhgvghokffrpegfuf Received : from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2120.outbound.protection.outlook.com [40.107.244.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mlpnf0106.laposte.net (SMTP Server) with ESMTPS id 4VyQY35rSPz5vLY