We are getting excessive scanning to our vms coming from a couple of foreign IP addresses. These are getting blocked successfully by our NSG, but is there a way to have Azure block this upstream so it does not even get to our NSG?
I use RiskIQ and these have been reported as malicious. One of them is class C 89.248.165.0 which claims to be The Recyber Project. See the arin lookup info below
Thank You
Steve
arin:89.248.165.203
arin
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '89.248.165.0 - 89.248.165.255'
% Abuse contact for '89.248.165.0 - 89.248.165.255' is 'abuse@recyber.net'
inetnum: 89.248.165.0 - 89.248.165.255
netname: NET-2-165
descr: RECYBER PROJECT NETBLOCK
remarks: +-----------------------------------------------
remarks: | This net-block is not trying to hack you, we are only scanning
remarks: | for LEGIT purposes ONLY. This scanning is done by multiple
remarks: | security organizations.
remarks: | Please use https://www.recyber.net/opt-out
remarks: | to have your ip-address and/or netblock/as number white-listed
remarks: | and excluded from this project.
remarks: | If you have any further questions please contact admin@recyber.net
remarks: +-----------------------------------------------
country: NL
geoloc: 52.370216 4.895168
org: ORG-IVI1-RIPE
admin-c: RR13369-RIPE
abuse-c: RR13369-RIPE
tech-c: RR13369-RIPE
status: ASSIGNED PA
mnt-by: IPV
mnt-lower: IPV
mnt-routes: IPV
created: 2019-02-03T20:52:14Z
last-modified: 2021-01-27T15:23:15Z
source: RIPE
organisation: ORG-IVI1-RIPE
org-name: IP Volume inc
org-type: OTHER
address: Suite 9
address: Victoria, Mahe
address: Seychelles
abuse-c: IVNO1-RIPE
mnt-ref: IPV
mnt-by: IPV
created: 2018-05-14T11:46:50Z
last-modified: 2019-01-31T14:39:36Z
source: RIPE # Filtered
role: RECYBER ROLE
address: 35 Firs Avenue, London, England, N11 3NE
abuse-mailbox: abuse@recyber.net
nic-hdl: RR13369-RIPE
mnt-by: IPV
created: 2021-01-27T15:12:59Z
last-modified: 2021-01-27T15:12:59Z
source: RIPE # Filtered
% Information related to '89.248.165.0/24AS202425'
route: 89.248.165.0/24
origin: AS202425
remarks: +-----------------------------------------------
remarks: | For abuse e-mail abuse@ipvolume.net
remarks: | We do not always reply to abuse.
remarks: | But we do take care your report is dealt with!
remarks: +-----------------------------------------------
mnt-by: IPV
created: 2019-02-08T15:42:07Z
last-modified: 2019-02-08T15:42:07Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.101 (BLAARKOP)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 92%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)