Jump to content

Milacious Website Blocked (


Recommended Posts

I've been seeing more and more attacks against RDP sessions recently and I've also seen it get far enough that someone has gained access to the desktop at the logon screen. I know the IP address, as mentioned in the Title and the IP. What I'd like to find out is where the attack is originating from on clients computers. Is it coming from an email they opened, a website they went to, etc. I was allowing RDP connection through the firewall on different ports until I noticed the possible attacker being at the logon screen. Now everyone makes a VPN connection first before RDP.

Does anyone know how this attack is being initiated. After making users create a VPN connection they're are still showing active attacks. I'd like to pinpoint where they are coming from.

Link to post
Share on other sites

Use a service like this to look up DNS records - https://www.findip-address.com/  you will find it originates from Russia.

Or - Google 
who is


You may need to use Intrusion Detection network monitoring and firewall port monitoring to investigate at an IP Packet level, how the traffic is entering your network.

If all of your endpoints only use VPN to connect, then you will need to track down SourceIP, maybe by the VPN server's logs to find the compromised endpoint. 

These topics are beyond the scope of Malwarebytes products and you may need to enlist some expert assistance from a network specialist or penetration tester.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.