Detection Details

xxx.100.200.300

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

The IP {address/domain} xxx.100.200.300 was blocked by Malwarebytes because one or more systems at this {address/domain} have been found to be involved in remote port scans looking for vulnerabilities in your environment.

Malicious behavior

RemotePortScan are sites, domains or IP addresses known to have engaged in unauthorized scanning of network ports on remote systems to find potential vulnerabilities to gain access to these target systems. The detection of RemotePortScan is a preventive measure to not engage a potentially dangerous web address.

This range of IP addresses have been found to be involved in vulnerability scans or attacks. This is a block of incoming traffic – meaning the IP address being blocked is looking for a way to force its way into your environment via different ports. These attacks can last anywhere from a few hours, days, to a week. IP ranges will be probed by the remote scans followed by an attempt to brute force their way into machines in order to infect them with ransomware or other malware.

The most common entries these scans are looking for are vulnerabilities in Internet facing systems, devices, or software. So, it’s imperative to fix known software vulnerabilities before criminals exploit them.

Protection

Malwarebytes blocks the address xxx.100.200.300 because it has been involved in Remote Port Scans.

Malwarebytes blocks xxx.100.200.300
Malwarebytes blocks xxx.100.200.300

What you can do

Given that Malwarebytes is blocking the attackers, you do not need to worry and no further action is required.

If the block alerts are interfering too much with your daily work, it may help if you add the IP address you see in our Alert to the Windows Firewall.
To view the IP address in our alert:

  • Open Malwarebytes for Windows > click the Detection History card.
  • Click the History tab.
  • Under the Event column, open the Real-Time Protection detection report.

Add an exclusion

Should users wish to visit a blocked address and exclude it from being blocked, they can add it to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add item.
  • Select Allow a website.
  • Select Select a URL or an IP address and enter the address that you wish to exclude.
  • Click on Done and the address should appear in your Allow List.

Please note that allowing these inbound scans could lead to an infection of your system.

Related Content

Which ports to monitor for ransomware attacks

Insights into your unpatched vulnerabilities