Community


216.158.232.18 detections

Links used in this discussion
Daniel Brzeziński, User (Posts: 2)
Aug 05, 2022 6:35:16 am EDT
Support level: Free or trial
Hi, we found some connections from one of our devices using rutserv.exe to 216.158.232.18 using port 5655. And our soc found this as possibly malicious, due to this ip being in few places mentioned as IoC for log4j c2c, custom detections.
Is it verified RU ip?
Conrad Sallian, Support (Posts: 3074)
Aug 05, 2022 8:25:03 am EDT
Hi Daniel ,

Thank you for your message.

Yes, this is one of our servers. The reason why your security software says that it might be malicious is that someone may use our legitimate software for malicious purpose and that use was detected. However, this doesn't make the server itself or the software malicious (which is pretty hard to explain to security experts given their level of paranoia:) ).

In other words, the fact that hackers use Windows or Linux to build viruses doesn't make these OSes malicious per se. Unfortunately, modern security software is mostly "reputation-based" and immediately flags benign software as a virus or "suspicious" if it was used at least once in some illegal activity (see technical support scam).

Hope that helps.
Daniel Brzeziński, User (Posts: 2)
Aug 05, 2022 9:41:37 am EDT
Support level: Free or trial
Thank you!

* Website time zone: America/New_York (UTC -5)