detection icon

Short bio

The IP address was blocked by Malwarebytes as part of the range because one or more systems at this IP have been compromised. Systems at this IP are used to scan your system.

Malicious behavior

This range of IP addresses have been found to be involved in RDP probes or attacks. This is a block of incoming traffic – meaning the IP address being blocked is scanning and/or attempting to force its way into your machine via different ports. These attacks can last anywhere from a few hours, days, to a week. IP ranges will be probed by the compromised systems followed by an attempt to brute force their way into machines in order to infect them with ransomware.

The most common method of accessing machines is via Windows Remote Desktop Protocol (RDP). We recommend you check to see if you have the Remote Desktop enabled and if so, disable it. For more information, see How to use Remote Desktop. If you need to use Remote Desktop, see our Malwarebytes Labs article How to protect your RDP access from ransomware attacks on how best to lock it down.



Malwarebytes blocks the IP