ThreatSTOP Blog

Bad IP of the Week: ThreatSTOP Blocks 2M+ Connections from Russian IP

Written by Ofir Ashman | April 26, 2021

Over the weekend, a Russian IP known to be malicious by a variety of threat intelligence vendors tried to communicate with our customers' networks over 2 million times. The IP is known to be malicious by DShield, CINS Army, AbuseIPDB, IPSum and Collective Intelligence. Malicious activity from this IP was also reported on Alienvault's Open Threat Exchange by two additional sources - the Louisiana Cyber Investigators Alliance (LCIA) who caught this IP using their honeypot, and the Internet Storm Center.

 

This IP address (45.155.205[.]117) is hosted by Selectel[.]ru (ASN: 49505), a Russian hosting provider known to be high risk for fraud and malicious activity. ThreatSTOP has been protecting customers from this IP for months, which has been live in our systems thanks the aggregation of a number of blocklists out of our 800+ threat intelligence sources. Just recently, our team investigated another malicious Selectel IP and address space that was trying to reach our customer networks as we reported in an earlier blog post here.

 

Other malicious IPs in the 45.155.205[.]0/24 address space:

45.155.205[.]4 45.155.205[.]86 45.155.205[.]124 45.155.205[.]165
45.155.205[.]22 45.155.205[.]87 45.155.205[.]125 45.155.205[.]174
45.155.205[.]23 45.155.205[.]90 45.155.205[.]129 45.155.205[.]177
45.155.205[.]24 45.155.205[.]95 45.155.205[.]130 45.155.205[.]179
45.155.205[.]25 45.155.205[.]99 45.155.205[.]131 45.155.205[.]188
45.155.205[.]27 45.155.205[.]103 45.155.205[.]136 45.155.205[.]193
45.155.205[.]31 45.155.205[.]104 45.155.205[.]143 45.155.205[.]206
45.155.205[.]32 45.155.205[.]105 45.155.205[.]149 45.155.205[.]208
45.155.205[.]33 45.155.205[.]108 45.155.205[.]151 45.155.205[.]211
45.155.205[.]34 45.155.205[.]109 45.155.205[.]155 45.155.205[.]212
45.155.205[.]58 45.155.205[.]115 45.155.205[.]156 45.155.205[.]213
45.155.205[.]65 45.155.205[.]116 45.155.205[.]157 45.155.205[.]215
45.155.205[.]76 45.155.205[.]119 45.155.205[.]158 45.155.205[.]216
45.155.205[.]78 45.155.205[.]120 45.155.205[.]159 45.155.205[.]225
45.155.205[.]83 45.155.205[.]121 45.155.205[.]160 45.155.205[.]249
45.155.205[.]85 45.155.205[.]123 45.155.205[.]162  

 

We highly recommend blocking these IPs, and to consider blocking all IPs in the address space that have been deemed malicious by high quality threat intelligence providers such as the ones we aggregate. To find out if an IP is in our threat targets, use our free checkIOC tool.

 

Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?