what is Lumma Stealer? can MS detect itself bugs ans Man-in-the-Middle Attack(MITM攻击)?
2025/05/24 00:17
瀏覽204
迴響0
推薦0
引用0
searched [what is Lumma?]
The term "Lumma" can refer to a few different things:
1. Lumma Stealer (or LummaC2):
This is the most prominent meaning of "Lumma" in recent news. It refers to a sophisticated and prolific information-stealing malware that has been widely used by cybercriminals since at least 2022.
It operates on a Malware-as-a-Service (MaaS) model, meaning its developers sell access to the malware to other cybercriminals who then use it in their attacks.
Function: Lumma Stealer is designed to steal sensitive information from infected Windows computers, such as:
Passwords
Credit card information
Banking credentials
Cryptocurrency wallet information
Browser data
Autofill information
Impact: Lumma Stealer has been used in a wide range of cybercrimes, including ransomware attacks, cryptocurrency theft, business email compromise (BEC) fraud, and more.
2. Lumma (Mesopotamian god):
Lumma was a Mesopotamian god who could be portrayed as a warrior or as a farmer.
He is believed to have been worshiped in Umma and Nippur, and could be paired with Ḫadaniš.
3. Lumma (Menstrual Products):
Lumma is also the brand name for a company that produces reusable menstrual discs and cups.
These products are designed as an alternative to tampons and pads, offering a more sustainable and comfortable option for managing menstrual flow.
In summary, the most relevant meaning of "Lumma" in a cybersecurity context is the Lumma Stealer malware, a dangerous tool used by cybercriminals to steal sensitive data from victims worldwide
.......................
can MS defender full scan detect my notebook infected Lumma Stealer?
Yes, a full scan with Microsoft Defender can detect a Lumma Stealer infection. Microsoft has confirmed that Defender Antivirus detects and removes Lumma Stealer. The scan will identify the malware and provide options for removal.
Elaboration:
Detection:
Lumma Stealer is a type of information-stealing malware that can collect sensitive data like passwords, credit card details, and bank account information. Microsoft Defender Antivirus has been reported to detect various variants of Lumma Stealer.
Full Scan:
A full scan, which checks every file and folder on your system, is the most thorough method for detecting Lumma Stealer or other malware, according to Microsoft Support.
Removal:
If Lumma Stealer is detected, Defender Antivirus can help you remove it. Microsoft has confirmed that Defender Antivirus removes Lumma Stealer.
Real-time Protection:
Defender also provides real-time protection by continuously scanning files and monitoring system activity, helping to block potential threats before they can cause damage.
Multiple Detection Names:
Lumma Stealer might be detected by Defender with various names, such as Behavior:Win32/LummaStealer, Trojan:JS/LummaStealer, or similar, according to Microsofts security blog.
......................
Credential theft May 21, 2025 15 min read
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
By Microsoft Threat Intelligence By Microsoft Digital Crimes Unit
By Microsoft Security Experts
....Microsoft Defender Antivirus detects this threat as the following malware:
Behavior:Win32/LuammaStealer
Trojan:JS/LummaStealer Trojan:MSIL/LummaStealer Trojan:Win32/LummaStealer
Trojan:Win64/LummaStealer TrojanDropper:Win32/LummaStealer
Trojan:PowerShell/Powdow Trojan:Win64/Shaolaod
Behavior:Win64/Shaolaod Behavior:Win32/MaleficAms Behavior:Win32/ClickFix
Behavior:Win32/SuspClickFix
Trojan:Win32/ClickFix Trojan:PowerShell/ClickFixObfus
Behavior:Win32/RegRunMRU
Trojan:HTML/FakeCaptcha Trojan:Script/SuspDown
--to me what i saw my file explorer weird symptons, and router admin logs showed crazy DDoS attack by companies in usa, i beleve already suffering [Lumma Stealer] stole my data files and very likely over paied utility companies and property taxes to fake or companies and bank different version login screen with old database mixed. didnt MS confess it did auto swiched old versions file explorer including data files, isnt also happened to companies? didnt [Lumma Stealer] already wiped off all evidence by stole many data files?
PS 5/20/2025 searched [why file explorer frequently auto switched to older version while MS defender showed no threats?]
If File Explorer frequently reverts to older versions despite no threats detected by Microsoft Defender, the issue could be related to conflicts with synchronization, a bug in Windows Security, or interference with sync paths. Troubleshooting steps include checking the Windows Update history, uninstalling recent updates, or cleaning the Windows Defender scan history......
--you see MS is confessed (only if you ask the PERFECT question) but can users as senior-me-type to perform Troubleshooting 11 Steps and more xx steps for each possibilty caused the problem ?
searched [can ms defender catch mitm attacks?] Yes, Microsoft Defender can detect and help mitigate man-in-the-middle (MitM) attacks, especially those targeting Microsoft 365 accounts. Specifically, Microsoft Defender XDR and related tools like Defender for Identity offer features like automatic attack disruption, which can identify and stop MitM attacks in progress.
--really? deeply suspect can catch inner criminals which including MS, internet provider and bank, utility companies, maybe roter company who insist media server, RalinkLinuxClient, READYSHARE. while file explorer network popped up unknown devices hooked in our network channel.
still strong impression durning Bush wars such 网络攻击手段,通过在通信双方之间插入一个中间人,窃取、篡改或干扰通信内容。这种攻击方式允许攻击者控制通信内容,而通信双方却毫不知情。...already happened to terrorists-so-called? i bet Putin already knew so still use quite old versions(MS DOS or windows?) this is why i deeply believe whoever exposed victims in dark web must be hackers in usa, same as MitM and Lumma Stealer attackers.
ps should i happy about [5/23/2025 10:58am full scan 0 threats found scan lasted 25min 14sec 747665 files scanned] ? since i deleted 2 file folders 4 unknown threats then always [full scan 0 threats found]. but weird symtons didnt stop ie MS file explorer auto switched bugs because no confidence to perform MS suggestions for all possible caused it such as sync, unpin from quick access(what if all unsync data files totally lost?)...
5/23/2025 in admin logs found unusal so searched [i didnt block h-api.taboola.com site why logs showing[site blocked: h-api.taboola.com:80] ]? The error doesnt mean the site itself has been blocked, but rather that a specific API request to that address and port was blocked.
searched [who are clients of taboola company?] got:Walmart, Macys, Wayfair, Skechers, and eBay, CNBC, BBC, NBC News, and Business Insider.
base my block sites searched [is RCN/MS/Amazon/... a client of taboola company? ] got: MS, Amazon are but not identified RCN
logs showed: [DoS attack: SYN Flood] from 35.71.131.137, port 443 1 Fri May 23 11:56:30 2025 spouse-IPaddress 35.71.131.137:443]-->Amazon.com, Inc part of the AS16509 autonomous system, which is managed by Amazon. The IP address is within the 35.71.131.0/24 IP range, also registered to Amazon
[DoS attack: SYN Flood] from 3.232.64.79, port 443 1 Fri May 23 11:53:19 2025 spouse-IPaddress 3.232.64.79:443]----> Amazon.com
3.232.64.0 - 3.232.64.255 - IP Address list by an IP range 3.232.64.79. 13.107.213.70. . 35.201.96.126. 162.19.138.116. United States. ...
[DoS attack: SYN Flood] from 159.127.41.178, port 443 1 Fri May 23 14:04:18 2025 spouse-IPaddress 159.127.41.178:443] ---->Epsilon, United States
[DoS attack: SYN Flood] from 207.65.32.79, port 443 1 Fri May 23 00:13:48 2025 spouse-IPaddress 207.65.32.79:443]--->AS62713 PubMatic, Inc. ; BGP, 207.65.32.0/24 ; IPs with RDNS, 0 ; Hosted Domains, 0 ; Pingable IPs, 1.
32.79. We locate the IP address to the country United States. The organisation with owned this IP address is PubMatic.
The IP Range 207.65.32.0/24 has 256 IP addresses from The Nexus Group, Inc. in and around La Vergne, Tennessee, United States and covering 37086.
[DoS attack: SYN Flood] from 23.78.8.23, port 443 1 Fri May 23 00:10:48 2025 spouse-IPaddress 23.78.8.23:443]---->AS16625 Akamai Technologies, Inc. ; BGP, 23.78.8.0/22 ; IPs with RDNS, 256 ; Hosted Domains, 0 ; Pingable IPs, 0.
in and around Chicago, Illinois, United States and covering 60666. 23.78.
23.78.0.0 - 23.78.255.255 (390987776 - 391053311). Domain Name, a23-78-0-0.deploy.static.akamaitechnologies.com. Result (IP), Unrecorded
[DoS attack: SYN Flood] from 13.107.246.36, port 443 1 Thu May 22 23:51:57 2025 spouse-IPaddress 13.107.246.36:443]---->a commercial server owned by Microsoft Corporation. Its used for various services and is not a standard domestic connection, meaning its not associated with a typical home or personal network.
Location: in San Francisco, CA, United States.
--Isnt very weird continue attacked our 2 notebooks ? mine is 1st so i block MS site.
Use: Its used by Microsoft for various services, and may be used to proxy traffic from other locations.
[DoS attack: SYN Flood] from 103.235.45.242, port 443 1 Thu May 22 22:35:38 2025 spouse-IPaddress 103.235.45.242:443]---->Beijing Baidu Netcom Science and Technology Co., Ltd. Its associated with Baidu (Hong Kong) Limited and is used by Baidus servers in Hong Kong, specifically in Tseung Kwan O. The IP address is part of the 103.235.46.0/24 IP range, according to IPinfo.io
searched [is Baidu a client of Taboola company?] Yes, Baidu, the leading Chinese language Internet search provider, has partnered with Taboola. Baidu invested in Taboola and is working with them to bring Taboolas content-recommendation platform to China.
--to me it seemed more and more clearly any related to Taboola company one by one issued DDoS attack our notebooks from usa companies to china companies PS certainly i wont know whethet Baidu and other companies bosses have usa passport. is it all about advertisements that i block sites (MS, Amazon, Google, Akamai, RCN...?
ps While Akamai is a well-known content delivery network (CDN) and other related services, theres no direct evidence to definitively say that Akamai is a client of Taboola. Taboola is a discovery and native advertising platform, and their business model focuses on helping publishers and advertisers reach audiences online. Akamais primary focus is on providing CDN services, security, and cloud computing solutions. While its possible that Akamai might utilize Taboolas services in some way, its not a common or widely known relationship.
In short, while they are both tech companies, theres no indication that Akamai is a client of Taboola
But MS is Akamai Top 1/10 websites using Akamai.
ps 5/24/2025 searched [Taboola boss is jewish?] Yes, Adam Singolda, the CEO and founder of Taboola, is Jewish. He has publicly stated his strong connection to Israel and his pride in the companys growth there, according to The Jerusalem Post. He is also a graduate of the Israeli Defense Forces elite Mamram computer science training program, further highlighting his connection to Israel, according to The Jerusalem Post
[DoS attack: TCP- or UDP-based Port Scan] from 89.248.163.122, port 40908 1 Sat May 24 05:39:15 2025 149.75.231.61:348 89.248.163.122:40908
what is 89.248.163.122? part of a range of IP addresses (89.248.163.0/24) owned by Owner: IP Volume inc. This block of IP addresses is registered in the Location: Amsterdam, North Holland,Netherlands and is primarily used for Usage Type: data center/web hosting/transit services, as indicated by the RECYBER PROJECT NETBLOCK. The city associated with this IP range is Amsterdam, North Holland
While there are reports of potentially abusive activities associated with other IPs within this range, there is no information in the provided search results to indicate that 89.248.163.122 itself is actively involved in abuse. The information for 89.248.163.122 lists Hostname: "no-reverse-dns-configured.com" as its hostname, which doesnt provide specific details about its current use.
searched [https://www.whois.com/ 89.248.163.122] got:
Whois IP 89.248.163.122....
inetnum: 89.248.163.0 - 89.248.163.127
netname: NET-3-163
descr: RECYBER PROJECT NETBLOCK
remarks: | If you have any further questions please contact email@recyber.net
country: NL
org: ORG-IVI1-RIPE ---->A
......
organisation: ORG-IVI1-RIPE ---->A
org-name: IP Volume inc
country: SC ----> Scheduled Caste塞舌尔共和国, Africa
org-type: OTHER
address: Seychelles
abuse-c: IVNO1-RIPE ---->B Ripe NCC defined abuse-c
.....
role: RECYBER ROLE
address: 35 Firs Avenue, London, England, N11 3NE
abuse-mailbox: email@recyber.net---->D
nic-hdl: RR13369-RIPE ---->C
mnt-by: IPV
source: RIPE # Filtered
route: 89.248.163.0/24
origin: AS202425
remarks: | For abuse e-mail email@ipvolume.net
remarks: | We do not always reply to abuse.
remarks: | But we do take care your report is dealt with!
.....
for end users to find abuse contact information[ie D] to report abuse to the appropriate resource holder, and to give resource holders a single, consistent place to include this information in the RIPE Database.
ref https://www.ripe.net/manage-ips-and-asns/resource-management/abuse-c-information/
abuse-c Information
5/24/2025 i report to IBM X-Force Exchange Conversation as:
this is what i saw in router admin logs repeatedly: [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Thu May 22 13:14:49 2025 149.75.231.61:65109 208.59.247.45:53
then happened to our2pc-IPaddresses as:
[DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Thu May 22 19:40:06 our2pc-IPaddress 208.59.247.45:53
there are other gohost IP-addresses attacked our personal PCs which should not happen. MS defender full scan detected 4 unknown threats after deleted MS file explorer Library and my create directory which many weird unknown hiding files then so far full scan found 0 threat. but more and more SYN Flood attack happened which include Mirosoft(13.107.246.36:443), Amazon(3.232.64.79:443), Akamai Technologies(23.78.8.23:443), Akamai International B.V(104.237.151.205), Epsilon(159.127.41.178:443), taboola, webair Internet (174.137.133.48:443)
there are other similar websited but IBM was spouse worked company and was the 1st company got government contract to develope internet(ArapNet) in usa, then allowed self developed until usa government set rules so sold dept(included spouse) to ATT in 1997-2003?
ps searched [was IBM original boss jewish?]
Thomas J. Watson Sr., the original boss of IBM, was not Jewish. He was born in Campbell, New York, to a family of Scottish descent. While sources indicate he was a prominent industrialist and oversaw the companys growth, they do not mention his religious affiliation. One source notes he was a member of the American Academy of Arts and Sciences and the American Philosophical Society
ps The current Chairman and CEO of IBM is Arvind Krishna.
Information available regarding his background indicates he was born in India and is an American citizen.
The provided search results do not contain information confirming or denying whether Arvind Krishna is Jewish
Arvind Krishna became the CEO of IBM in April 2020. He also became Chairman of the Board in January 2021. Prior to becoming CEO, he was Senior Vice President of Cloud and Cognitive Software.
--maybe i select wrong one? i heard many usa companies became Indo companies. to me Indo and masters did same thing without prove attacked/invaded other countries. same feather always together.
searched [who is IBM boss in 1990s, jewish?] During the 1990s, IBM had two CEOs:
John Fellows Akers: Served as CEO from 1985 to 1993. There is no information in the provided search results to suggest that John Akers was Jewish.
Louis V. Gerstner, Jr.: Took over as CEO in April 1993 and served until 2002. According to the search results, Lou Gerstner is known to be deeply religious and is said to be Roman Catholic, having attended a Catholic high school. The Forward mentions that he was possibly connected to Jewish alliances through Vernon Jordan, but this source doesnt confirm his religion.
Therefore, based on the provided information, neither of IBMs CEOs in the 1990s were Jewish.
--confirmed spouse who remember both IBM CEO names and worked 1991-2002(or 2003).
Is Bill Gates Jewish? No Bill Gates is not Jewish…..
...The confusion likely stems from several factors. First, Gates has been a central figure in the tech world, where many successful leaders have been of Jewish descent, such as Mark Zuckerberg, Sergey Brin, and Larry Page.
--from now on i must verify whether companies boss related to us is Jewish. i really dont have bias on jewish but very dislike Israle did kill other pity countries people brutely and keep invading their lands.
=============================
中国公安机关公布网络攻击来源为中国台湾民进党当局有关黑客组织 2025年5月27日, 12:37
中国公安机关公布网络攻击来源为中国台湾民进党当局有关黑客组织 - 俄罗斯卫星通讯社, 1920, 27.05.2025
© Sputnik / Alexey Malgavko
据广州市公安局天河区分局称, 中国台湾民进党当局豢养的黑客组织对广州某科技公司组织了网络攻击。
据悉,广州某科技公司遭境外黑客组织网络攻击事件发生后,公安机关立即组织技术团队对提取的攻击程序和系统日志进行技术分析和溯源追踪,初步查明该公司遭受的网络攻击系中国台湾民进党当局豢养的黑客组织所为。
据警方调查掌握,该台湾黑客组织近年来频繁利用公开网络资产探测平台,针对大陆10余个省份的1000余个重要网络系统(涉及军工、能源、水电、交通、政府等)开展大规模网络资产探查,搜集相关系统基础信息和技术情报,并通过大范围发送钓鱼邮件、公开漏洞利用、密码暴力破解、自制简易木马程序等低端网攻手法实施了多轮次网络攻击。
--i am not surprised at all.
The term "Lumma" can refer to a few different things:
1. Lumma Stealer (or LummaC2):
This is the most prominent meaning of "Lumma" in recent news. It refers to a sophisticated and prolific information-stealing malware that has been widely used by cybercriminals since at least 2022.
It operates on a Malware-as-a-Service (MaaS) model, meaning its developers sell access to the malware to other cybercriminals who then use it in their attacks.
Function: Lumma Stealer is designed to steal sensitive information from infected Windows computers, such as:
Passwords
Credit card information
Banking credentials
Cryptocurrency wallet information
Browser data
Autofill information
Impact: Lumma Stealer has been used in a wide range of cybercrimes, including ransomware attacks, cryptocurrency theft, business email compromise (BEC) fraud, and more.
2. Lumma (Mesopotamian god):
Lumma was a Mesopotamian god who could be portrayed as a warrior or as a farmer.
He is believed to have been worshiped in Umma and Nippur, and could be paired with Ḫadaniš.
3. Lumma (Menstrual Products):
Lumma is also the brand name for a company that produces reusable menstrual discs and cups.
These products are designed as an alternative to tampons and pads, offering a more sustainable and comfortable option for managing menstrual flow.
In summary, the most relevant meaning of "Lumma" in a cybersecurity context is the Lumma Stealer malware, a dangerous tool used by cybercriminals to steal sensitive data from victims worldwide
.......................
can MS defender full scan detect my notebook infected Lumma Stealer?
Yes, a full scan with Microsoft Defender can detect a Lumma Stealer infection. Microsoft has confirmed that Defender Antivirus detects and removes Lumma Stealer. The scan will identify the malware and provide options for removal.
Elaboration:
Detection:
Lumma Stealer is a type of information-stealing malware that can collect sensitive data like passwords, credit card details, and bank account information. Microsoft Defender Antivirus has been reported to detect various variants of Lumma Stealer.
Full Scan:
A full scan, which checks every file and folder on your system, is the most thorough method for detecting Lumma Stealer or other malware, according to Microsoft Support.
Removal:
If Lumma Stealer is detected, Defender Antivirus can help you remove it. Microsoft has confirmed that Defender Antivirus removes Lumma Stealer.
Real-time Protection:
Defender also provides real-time protection by continuously scanning files and monitoring system activity, helping to block potential threats before they can cause damage.
Multiple Detection Names:
Lumma Stealer might be detected by Defender with various names, such as Behavior:Win32/LummaStealer, Trojan:JS/LummaStealer, or similar, according to Microsofts security blog.
......................
Credential theft May 21, 2025 15 min read
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
By Microsoft Threat Intelligence By Microsoft Digital Crimes Unit
By Microsoft Security Experts
....Microsoft Defender Antivirus detects this threat as the following malware:
Behavior:Win32/LuammaStealer
Trojan:JS/LummaStealer Trojan:MSIL/LummaStealer Trojan:Win32/LummaStealer
Trojan:Win64/LummaStealer TrojanDropper:Win32/LummaStealer
Trojan:PowerShell/Powdow Trojan:Win64/Shaolaod
Behavior:Win64/Shaolaod Behavior:Win32/MaleficAms Behavior:Win32/ClickFix
Behavior:Win32/SuspClickFix
Trojan:Win32/ClickFix Trojan:PowerShell/ClickFixObfus
Behavior:Win32/RegRunMRU
Trojan:HTML/FakeCaptcha Trojan:Script/SuspDown
--to me what i saw my file explorer weird symptons, and router admin logs showed crazy DDoS attack by companies in usa, i beleve already suffering [Lumma Stealer] stole my data files and very likely over paied utility companies and property taxes to fake or companies and bank different version login screen with old database mixed. didnt MS confess it did auto swiched old versions file explorer including data files, isnt also happened to companies? didnt [Lumma Stealer] already wiped off all evidence by stole many data files?
PS 5/20/2025 searched [why file explorer frequently auto switched to older version while MS defender showed no threats?]
If File Explorer frequently reverts to older versions despite no threats detected by Microsoft Defender, the issue could be related to conflicts with synchronization, a bug in Windows Security, or interference with sync paths. Troubleshooting steps include checking the Windows Update history, uninstalling recent updates, or cleaning the Windows Defender scan history......
--you see MS is confessed (only if you ask the PERFECT question) but can users as senior-me-type to perform Troubleshooting 11 Steps and more xx steps for each possibilty caused the problem ?
searched [can ms defender catch mitm attacks?] Yes, Microsoft Defender can detect and help mitigate man-in-the-middle (MitM) attacks, especially those targeting Microsoft 365 accounts. Specifically, Microsoft Defender XDR and related tools like Defender for Identity offer features like automatic attack disruption, which can identify and stop MitM attacks in progress.
--really? deeply suspect can catch inner criminals which including MS, internet provider and bank, utility companies, maybe roter company who insist media server, RalinkLinuxClient, READYSHARE. while file explorer network popped up unknown devices hooked in our network channel.
still strong impression durning Bush wars such 网络攻击手段,通过在通信双方之间插入一个中间人,窃取、篡改或干扰通信内容。这种攻击方式允许攻击者控制通信内容,而通信双方却毫不知情。...already happened to terrorists-so-called? i bet Putin already knew so still use quite old versions(MS DOS or windows?) this is why i deeply believe whoever exposed victims in dark web must be hackers in usa, same as MitM and Lumma Stealer attackers.
ps should i happy about [5/23/2025 10:58am full scan 0 threats found scan lasted 25min 14sec 747665 files scanned] ? since i deleted 2 file folders 4 unknown threats then always [full scan 0 threats found]. but weird symtons didnt stop ie MS file explorer auto switched bugs because no confidence to perform MS suggestions for all possible caused it such as sync, unpin from quick access(what if all unsync data files totally lost?)...
5/23/2025 in admin logs found unusal so searched [i didnt block h-api.taboola.com site why logs showing[site blocked: h-api.taboola.com:80] ]? The error doesnt mean the site itself has been blocked, but rather that a specific API request to that address and port was blocked.
searched [who are clients of taboola company?] got:Walmart, Macys, Wayfair, Skechers, and eBay, CNBC, BBC, NBC News, and Business Insider.
base my block sites searched [is RCN/MS/Amazon/... a client of taboola company? ] got: MS, Amazon are but not identified RCN
logs showed: [DoS attack: SYN Flood] from 35.71.131.137, port 443 1 Fri May 23 11:56:30 2025 spouse-IPaddress 35.71.131.137:443]-->Amazon.com, Inc part of the AS16509 autonomous system, which is managed by Amazon. The IP address is within the 35.71.131.0/24 IP range, also registered to Amazon
[DoS attack: SYN Flood] from 3.232.64.79, port 443 1 Fri May 23 11:53:19 2025 spouse-IPaddress 3.232.64.79:443]----> Amazon.com
3.232.64.0 - 3.232.64.255 - IP Address list by an IP range 3.232.64.79. 13.107.213.70. . 35.201.96.126. 162.19.138.116. United States. ...
[DoS attack: SYN Flood] from 159.127.41.178, port 443 1 Fri May 23 14:04:18 2025 spouse-IPaddress 159.127.41.178:443] ---->Epsilon, United States
[DoS attack: SYN Flood] from 207.65.32.79, port 443 1 Fri May 23 00:13:48 2025 spouse-IPaddress 207.65.32.79:443]--->AS62713 PubMatic, Inc. ; BGP, 207.65.32.0/24 ; IPs with RDNS, 0 ; Hosted Domains, 0 ; Pingable IPs, 1.
32.79. We locate the IP address to the country United States. The organisation with owned this IP address is PubMatic.
The IP Range 207.65.32.0/24 has 256 IP addresses from The Nexus Group, Inc. in and around La Vergne, Tennessee, United States and covering 37086.
[DoS attack: SYN Flood] from 23.78.8.23, port 443 1 Fri May 23 00:10:48 2025 spouse-IPaddress 23.78.8.23:443]---->AS16625 Akamai Technologies, Inc. ; BGP, 23.78.8.0/22 ; IPs with RDNS, 256 ; Hosted Domains, 0 ; Pingable IPs, 0.
in and around Chicago, Illinois, United States and covering 60666. 23.78.
23.78.0.0 - 23.78.255.255 (390987776 - 391053311). Domain Name, a23-78-0-0.deploy.static.akamaitechnologies.com. Result (IP), Unrecorded
[DoS attack: SYN Flood] from 13.107.246.36, port 443 1 Thu May 22 23:51:57 2025 spouse-IPaddress 13.107.246.36:443]---->a commercial server owned by Microsoft Corporation. Its used for various services and is not a standard domestic connection, meaning its not associated with a typical home or personal network.
Location: in San Francisco, CA, United States.
--Isnt very weird continue attacked our 2 notebooks ? mine is 1st so i block MS site.
Use: Its used by Microsoft for various services, and may be used to proxy traffic from other locations.
[DoS attack: SYN Flood] from 103.235.45.242, port 443 1 Thu May 22 22:35:38 2025 spouse-IPaddress 103.235.45.242:443]---->Beijing Baidu Netcom Science and Technology Co., Ltd. Its associated with Baidu (Hong Kong) Limited and is used by Baidus servers in Hong Kong, specifically in Tseung Kwan O. The IP address is part of the 103.235.46.0/24 IP range, according to IPinfo.io
searched [is Baidu a client of Taboola company?] Yes, Baidu, the leading Chinese language Internet search provider, has partnered with Taboola. Baidu invested in Taboola and is working with them to bring Taboolas content-recommendation platform to China.
--to me it seemed more and more clearly any related to Taboola company one by one issued DDoS attack our notebooks from usa companies to china companies PS certainly i wont know whethet Baidu and other companies bosses have usa passport. is it all about advertisements that i block sites (MS, Amazon, Google, Akamai, RCN...?
ps While Akamai is a well-known content delivery network (CDN) and other related services, theres no direct evidence to definitively say that Akamai is a client of Taboola. Taboola is a discovery and native advertising platform, and their business model focuses on helping publishers and advertisers reach audiences online. Akamais primary focus is on providing CDN services, security, and cloud computing solutions. While its possible that Akamai might utilize Taboolas services in some way, its not a common or widely known relationship.
In short, while they are both tech companies, theres no indication that Akamai is a client of Taboola
But MS is Akamai Top 1/10 websites using Akamai.
ps 5/24/2025 searched [Taboola boss is jewish?] Yes, Adam Singolda, the CEO and founder of Taboola, is Jewish. He has publicly stated his strong connection to Israel and his pride in the companys growth there, according to The Jerusalem Post. He is also a graduate of the Israeli Defense Forces elite Mamram computer science training program, further highlighting his connection to Israel, according to The Jerusalem Post
[DoS attack: TCP- or UDP-based Port Scan] from 89.248.163.122, port 40908 1 Sat May 24 05:39:15 2025 149.75.231.61:348 89.248.163.122:40908
what is 89.248.163.122? part of a range of IP addresses (89.248.163.0/24) owned by Owner: IP Volume inc. This block of IP addresses is registered in the Location: Amsterdam, North Holland,Netherlands and is primarily used for Usage Type: data center/web hosting/transit services, as indicated by the RECYBER PROJECT NETBLOCK. The city associated with this IP range is Amsterdam, North Holland
While there are reports of potentially abusive activities associated with other IPs within this range, there is no information in the provided search results to indicate that 89.248.163.122 itself is actively involved in abuse. The information for 89.248.163.122 lists Hostname: "no-reverse-dns-configured.com" as its hostname, which doesnt provide specific details about its current use.
searched [https://www.whois.com/ 89.248.163.122] got:
Whois IP 89.248.163.122....
inetnum: 89.248.163.0 - 89.248.163.127
netname: NET-3-163
descr: RECYBER PROJECT NETBLOCK
remarks: | If you have any further questions please contact email@recyber.net
country: NL
org: ORG-IVI1-RIPE ---->A
......
organisation: ORG-IVI1-RIPE ---->A
org-name: IP Volume inc
country: SC ----> Scheduled Caste塞舌尔共和国, Africa
org-type: OTHER
address: Seychelles
abuse-c: IVNO1-RIPE ---->B Ripe NCC defined abuse-c
.....
role: RECYBER ROLE
address: 35 Firs Avenue, London, England, N11 3NE
abuse-mailbox: email@recyber.net---->D
nic-hdl: RR13369-RIPE ---->C
mnt-by: IPV
source: RIPE # Filtered
route: 89.248.163.0/24
origin: AS202425
remarks: | For abuse e-mail email@ipvolume.net
remarks: | We do not always reply to abuse.
remarks: | But we do take care your report is dealt with!
.....
for end users to find abuse contact information[ie D] to report abuse to the appropriate resource holder, and to give resource holders a single, consistent place to include this information in the RIPE Database.
ref https://www.ripe.net/manage-ips-and-asns/resource-management/abuse-c-information/
abuse-c Information
5/24/2025 i report to IBM X-Force Exchange Conversation as:
this is what i saw in router admin logs repeatedly: [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Thu May 22 13:14:49 2025 149.75.231.61:65109 208.59.247.45:53
then happened to our2pc-IPaddresses as:
[DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Thu May 22 19:40:06 our2pc-IPaddress 208.59.247.45:53
there are other gohost IP-addresses attacked our personal PCs which should not happen. MS defender full scan detected 4 unknown threats after deleted MS file explorer Library and my create directory which many weird unknown hiding files then so far full scan found 0 threat. but more and more SYN Flood attack happened which include Mirosoft(13.107.246.36:443), Amazon(3.232.64.79:443), Akamai Technologies(23.78.8.23:443), Akamai International B.V(104.237.151.205), Epsilon(159.127.41.178:443), taboola, webair Internet (174.137.133.48:443)
there are other similar websited but IBM was spouse worked company and was the 1st company got government contract to develope internet(ArapNet) in usa, then allowed self developed until usa government set rules so sold dept(included spouse) to ATT in 1997-2003?
ps searched [was IBM original boss jewish?]
Thomas J. Watson Sr., the original boss of IBM, was not Jewish. He was born in Campbell, New York, to a family of Scottish descent. While sources indicate he was a prominent industrialist and oversaw the companys growth, they do not mention his religious affiliation. One source notes he was a member of the American Academy of Arts and Sciences and the American Philosophical Society
ps The current Chairman and CEO of IBM is Arvind Krishna.
Information available regarding his background indicates he was born in India and is an American citizen.
The provided search results do not contain information confirming or denying whether Arvind Krishna is Jewish
Arvind Krishna became the CEO of IBM in April 2020. He also became Chairman of the Board in January 2021. Prior to becoming CEO, he was Senior Vice President of Cloud and Cognitive Software.
--maybe i select wrong one? i heard many usa companies became Indo companies. to me Indo and masters did same thing without prove attacked/invaded other countries. same feather always together.
searched [who is IBM boss in 1990s, jewish?] During the 1990s, IBM had two CEOs:
John Fellows Akers: Served as CEO from 1985 to 1993. There is no information in the provided search results to suggest that John Akers was Jewish.
Louis V. Gerstner, Jr.: Took over as CEO in April 1993 and served until 2002. According to the search results, Lou Gerstner is known to be deeply religious and is said to be Roman Catholic, having attended a Catholic high school. The Forward mentions that he was possibly connected to Jewish alliances through Vernon Jordan, but this source doesnt confirm his religion.
Therefore, based on the provided information, neither of IBMs CEOs in the 1990s were Jewish.
--confirmed spouse who remember both IBM CEO names and worked 1991-2002(or 2003).
Is Bill Gates Jewish? No Bill Gates is not Jewish…..
...The confusion likely stems from several factors. First, Gates has been a central figure in the tech world, where many successful leaders have been of Jewish descent, such as Mark Zuckerberg, Sergey Brin, and Larry Page.
--from now on i must verify whether companies boss related to us is Jewish. i really dont have bias on jewish but very dislike Israle did kill other pity countries people brutely and keep invading their lands.
=============================
中国公安机关公布网络攻击来源为中国台湾民进党当局有关黑客组织 2025年5月27日, 12:37
中国公安机关公布网络攻击来源为中国台湾民进党当局有关黑客组织 - 俄罗斯卫星通讯社, 1920, 27.05.2025
© Sputnik / Alexey Malgavko
据广州市公安局天河区分局称, 中国台湾民进党当局豢养的黑客组织对广州某科技公司组织了网络攻击。
据悉,广州某科技公司遭境外黑客组织网络攻击事件发生后,公安机关立即组织技术团队对提取的攻击程序和系统日志进行技术分析和溯源追踪,初步查明该公司遭受的网络攻击系中国台湾民进党当局豢养的黑客组织所为。
据警方调查掌握,该台湾黑客组织近年来频繁利用公开网络资产探测平台,针对大陆10余个省份的1000余个重要网络系统(涉及军工、能源、水电、交通、政府等)开展大规模网络资产探查,搜集相关系统基础信息和技术情报,并通过大范围发送钓鱼邮件、公开漏洞利用、密码暴力破解、自制简易木马程序等低端网攻手法实施了多轮次网络攻击。
--i am not surprised at all.
自訂分類:中国
上一則: 买者放心 食者安心 good reputations spread all over the world; 60后小时玩什么?70后小时玩什么?80后小时又玩什么?都还记得吗?--really enjoy 幼年美好时光 两岸几乎相同下一則: China companies might pay attention to the company(Indo?)
你可能會有興趣的文章:
- 遭中国学界集体“拉黑”后,NeurIPS道歉--it is time to build 全球学术 and post in china 期刊 as a real 开放、信任、合作的国际学术环境
- 马杜罗夫妇将再次出庭受审(3/26/2026),关押地如“人间炼狱”;特写|“反霸权、反帝国主义”—委内瑞拉民众要求美国释放马杜罗更新 3/27/2026
- 被打到命根子,卡塔尔终于谴责以色列;以色列的大麻烦来了--最大输家海湾6国停战2.5万亿续战5万亿,台湾唯有一中能解套--更新3/28/2026
- after restart PC many files folders auto disappeared in pined file folder but find in [windows system32 notepad.exe] ?
- 公安机关悬赏征集2名台湾居民违法犯罪线索--台湾居民走私惯犯简文昇、陈顺进操控“宏泰58号”等船只
- why Iran has confidence and threat 鱼死网破 ? can hit and got 真正的以色列禁忌--内盖夫沙漠迪莫纳藏核地址更新3/17/2026
限會員,要發表迴響,請先登入
