|
Scanning by IP 91.199.118.137 (first reported in DShield end September) began early this morning which appears to be testing access to site aahwwx.52host.xyz [2] and currently there is little information available for this host. The scan is alternating between ports TCP/81 and TCP/8088. Domaintools [7] shows the root domain 52host.xyz was last updated yesterday. The only information currently available for this site is "Welcome to nginx!"
Log Examples 20201204-225750: 192.168.25.9:8088-91.199.118.137:18360 data 'GET http://91.199.118.137:12542/19gtaf/1.txt HTTP/1.1\r\nHost: 91.199.118.137:12542\r\nUser-Agent: Go-http-client/1.1\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n' Indicators with ASN 91.199.118.137:12542/19gtaf/1.txt [1] https://isc.sans.edu/ipdetails.html?ip=91.199.118.137&34475 ----------- |
Guy 523 Posts ISC Handler Dec 5th 2020 |
| Thread locked Subscribe |
Dec 5th 2020 1 year ago |
|
Noticed scanning across a larger number of ports
Time src_ip dst_port December 4th 2020, 05:03 91.199.118.137 8008 December 3rd 2020, 03:50 91.199.118.137 8090 December 2nd 2020, 22:50 91.199.118.137 23500 December 2nd 2020, 21:43 91.199.118.137 808 December 2nd 2020, 19:32 91.199.118.137 10000 December 2nd 2020, 16:50 91.199.118.137 9999 December 2nd 2020, 16:22 91.199.118.137 8123 December 2nd 2020, 13:38 91.199.118.137 8090 November 19th 2020, 21:48 91.199.118.137 82 November 19th 2020, 21:17 91.199.118.137 8008 November 19th 2020, 21:07 91.199.118.137 8123 November 19th 2020, 20:07 91.199.118.137 83 November 19th 2020, 19:17 91.199.118.137 999 |
Anonymous |
| Quote |
Dec 6th 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
