Over the weekend, a Russian IP known to be malicious by a variety of threat intelligence vendors tried to communicate with our customers' networks over 2 million times. The IP is known to be malicious by DShield, CINS Army, AbuseIPDB, IPSum and Collective Intelligence. Malicious activity from this IP was also reported on Alienvault's Open Threat Exchange by two additional sources - the Louisiana Cyber Investigators Alliance (LCIA) who caught this IP using their honeypot, and the Internet Storm Center.
This IP address (45.155.205[.]117) is hosted by Selectel[.]ru (ASN: 49505), a Russian hosting provider known to be high risk for fraud and malicious activity. ThreatSTOP has been protecting customers from this IP for months, which has been live in our systems thanks the aggregation of a number of blocklists out of our 800+ threat intelligence sources. Just recently, our team investigated another malicious Selectel IP and address space that was trying to reach our customer networks as we reported in an earlier blog post here.
Other malicious IPs in the 45.155.205[.]0/24 address space:
| 45.155.205[.]4 | 45.155.205[.]86 | 45.155.205[.]124 | 45.155.205[.]165 |
| 45.155.205[.]22 | 45.155.205[.]87 | 45.155.205[.]125 | 45.155.205[.]174 |
| 45.155.205[.]23 | 45.155.205[.]90 | 45.155.205[.]129 | 45.155.205[.]177 |
| 45.155.205[.]24 | 45.155.205[.]95 | 45.155.205[.]130 | 45.155.205[.]179 |
| 45.155.205[.]25 | 45.155.205[.]99 | 45.155.205[.]131 | 45.155.205[.]188 |
| 45.155.205[.]27 | 45.155.205[.]103 | 45.155.205[.]136 | 45.155.205[.]193 |
| 45.155.205[.]31 | 45.155.205[.]104 | 45.155.205[.]143 | 45.155.205[.]206 |
| 45.155.205[.]32 | 45.155.205[.]105 | 45.155.205[.]149 | 45.155.205[.]208 |
| 45.155.205[.]33 | 45.155.205[.]108 | 45.155.205[.]151 | 45.155.205[.]211 |
| 45.155.205[.]34 | 45.155.205[.]109 | 45.155.205[.]155 | 45.155.205[.]212 |
| 45.155.205[.]58 | 45.155.205[.]115 | 45.155.205[.]156 | 45.155.205[.]213 |
| 45.155.205[.]65 | 45.155.205[.]116 | 45.155.205[.]157 | 45.155.205[.]215 |
| 45.155.205[.]76 | 45.155.205[.]119 | 45.155.205[.]158 | 45.155.205[.]216 |
| 45.155.205[.]78 | 45.155.205[.]120 | 45.155.205[.]159 | 45.155.205[.]225 |
| 45.155.205[.]83 | 45.155.205[.]121 | 45.155.205[.]160 | 45.155.205[.]249 |
| 45.155.205[.]85 | 45.155.205[.]123 | 45.155.205[.]162 |
We highly recommend blocking these IPs, and to consider blocking all IPs in the address space that have been deemed malicious by high quality threat intelligence providers such as the ones we aggregate. To find out if an IP is in our threat targets, use our free checkIOC tool.
Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?