[cratermoon]

A ton of sketchy stuff comes from people renting time on AWS, GCloud, or some other service provider. One of the ones OP lists -- 44.192.16.204 -- is an AWS ec2 instance. The other one, 52.224.55.198, looks to be an Azure IP served out of Virginia. Today they could be someone doing something sketchy, but tomorrow they could be assigned to completely legit users.

Sure, you could just block any IP that geolocates Russia, China, or whatever locale is the current worst nation-state actor, but IP blocking is worse than Sisyphean.

[cddotdotslash]

It's a bit extreme, but if your service/site is meant to be consumed by physical users (e.g. a B2C type app), you could probably block the entire IP ranges of all the major cloud providers to prevent this kind of behavior. They all publish their CIDRs onlinez, so it wouldn't be difficult.

[Godel_unicode]

Wait until you find out how many people use vpn services whose end points are hosted in a cloud provider. IP address blocking is a fools errand.