RemotePortScan
ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.
Malicious behavior
RemotePortScan are sites, domains or IP addresses known to have engaged in unauthorized scanning of network ports on remote systems to find potential vulnerabilities to gain access to these target systems. The detection of RemotePortScan is a preventive measure to not engage a potentially dangerous web address.
This range of IP addresses have been found to be involved in vulnerability scans or attacks. This is a block of incoming traffic – meaning the IP address being blocked is looking for a way to force its way into your environment via different ports. These attacks can last anywhere from a few hours, days, to a week. IP ranges will be probed by the remote scans followed by an attempt to brute force their way into machines in order to infect them with ransomware or other malware.
The most common entries these scans are looking for are vulnerabilities in Internet facing systems, devices, or software. So, it’s imperative to fix known software vulnerabilities before criminals exploit them.