Threat Advisory: Suspicious Scanning Activity

November 7, 2018


Herjavec Group has detected significant malicious scanning attempts across multiple client environments, including entertainment, finance and legal organizations. These scans, mostly targeting web applications and other external facing devices, do not appear to be targeted in nature but rather part of a general, large scale attempt to discover vulnerabilities within networks. Herjavec Group has observed several IPs scanning new clients daily, and increasing in intensity. The types of scans observed from the IP addresses below include (but are not limited to): Adobe ColdFusion, Apache Struts, XSS, directory traversal, and various remote code execution vulnerabilities.   Exploitation of vulnerabilities identified by these scans could allow attackers to gain remote access to and take control of your environment. No known compromises have been observed or communicated to date.

Technical Indicators

IP Addresses Registered in the US Registered in Romania Registered in Ottawa, Leased in Taiwan Registered in the US  


Due to the prevalence and aggressiveness of the scanning activity, Herjavec Group recommends blocking the IP addresses above. Any outbound connections to these IP addresses should be investigated for signs of compromise.   Herjavec Group’s analysts are working with applicable vendor partners to apply detection and mitigation strategies where appropriate. For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group. CONNECT WITH US

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn