Blocking of suspicious IP address - Unfi Alarm: IPS Alert

Hi, good afternoon.

I have found that my router has blocked a suspicious IP address, although I think it may be a false alarm, on the website where I have put the IP address, it has many reports. Any ideas?

The destination port address looks like a Storj node inbound connection, but this is coming from ‘Media Land LLC’ in Russia. I doubt this is legit.

So you mean it’s a suspicious address? Well, in that case, it’s blocked and you can’t access the node again.

I wouldn’t block it its a server hosting site so someone probably rented a server from them to run there nodes on…

The IP address in your post is listed on a few Blacklists:

It’s likely that the contact is legit. The problem is most likely that the prior user controlling that IP address was behaving poorly… i.e. spamming. This is fairly common with various inexpensive hosting services. The problem is that IPv4 addresses are recycled.

If the address is legit, and the person or entity controlling the address is reading these forums… perhaps they will look into delisting their legit IP address from the blacklists.

The router does not blacklist the IP address, but as long as the database still has this IP address as a suspect, it will continue to block it.

On second thought:

Looking at the dates on the reports…

It looks like it’s a problem IP address.

The port scanning is not necessarily an issue. However, the submission port connection is an issue. Either the owner of the IP address is a malicious actor, or the host has been infected with some malware.