Montag, 21. September 2015

208.100.26.231 - fire on port 8080

BEGIN OF TOMCAT DATA:
2015-09-22 00:33:24
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
^V^C^@^@S^A^@^@O^C^@?G<D7><F7><BA>,<EE><EA><B2>`~<F3>^@<FD><82>{<B9>Ֆ<C8>w<9B><E6><C4><DB><=<DB>o<EF>^Pn^@^@(^@^V^@^S^@
^@f^@^E^@^D^@e^@d^@c^@b^@a^@`^@^U^@^R^@ ^@^T^@^Q^@^H^@^F^@^C^A^@
 END OF DATA

BEGIN OF TOMCAT DATA:
2015-09-22 00:33:29
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
^@^@^@qj<81>n0<81>k<A1>^C^B^A^E<A2>^C^B^A
<A4><81>^0\<A0>^G^C^E^@P<80>^@^P<A2>^DESC^BNM<A3>^W0^U<A0>^C^B^A^@<A1>^N0^LESC^FkrbtgtESC^BNM<A5>^Q^X^O19700101000000Z<A7>^F^B^D^_^^<B9>٨^W0^U^B^A^R^B^A^Q^B^A^P^B^A^W^B^A^A^B^A^C^B^A^B
 END OF DATA

BEGIN OF TOMCAT DATA:
2015-09-22 00:33:34
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
^@^@^@<A4><FF>SMBr^@^@^@^@^H^A@^@^@^@^@^@^@^@^@^@^@^@^@^@^@@^F^@^@^A^@^@<81>^@^BPC NETWORK PROGRAM 1.0^@^BMICROSOFT NETWORKS 1.03^@^BMICROSOFT NETWORKS 3.0^@^BLANMAN1.0^@^BLM1.2X002^@^BSamba^@^BNT LANMAN 1.0^@^BNT LM 0.12^@
 END OF DATA
BEGIN OF TOMCAT DATA:
2015-09-22 00:34:26
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
:^@^@^@/^@^@^@^B^@^@@^B^O^@^A^@=^E^@^@^@^@^@^@^@^@^@^@^@^@/^@^@^@^@^@^@^@^@^@@^_^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
 END OF DATA

BEGIN OF TOMCAT DATA:
2015-09-22 00:34:31
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
^A^@^@<FD><CE><FA>^K<B0><A0>^@^@^@MMS^T^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^R^@^@^@^A^@^C^@<F0><F0><F0><F0>^K^@^D^@^\^@^C^@N^@S^@P^@
l^@a^@y^@e^@r^@/^@9^@.^@0^@.^@0^@.^@2^@9^@8^@0^@;^@ ^@{^@0^@0^@0^@0^@A^@A^@0^@0^@-^@0^@A^@0^@0^@-^@0^@0^@a^@0^@-^@A^@A^@0^@A^@
-^@0^@0^@0^@0^@A^@0^@A^@A^@0^@A^@A^@0^@}^@^@^@<E0>m<DF>_
 END OF DATA

BEGIN OF TOMCAT DATA:
2015-09-22 00:34:37
Source IP: 208.100.26.231
Country: US RiskScore: 1 Malware: []
^@Z^@^@^A^@^@^@^A6^A,^@^@^H^@^?<FF>^?^H^@^@^@^A^@ ^@:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@4<E6>^@^@^@^A^@^@^@^@^@^@^@^@(CONNECT_DAT
A=(COMMAND=version))
 END OF DATA
 
Although I am not able to read the exact try, there have been several different events.

208.100.26[.]231
    Static Source: GeoIP data
  • Country: United States
  • ASN: AS32748 Steadfast Networks
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/208.100.26.231
    Static Source: http://sendmespamids.blogspot.nl/ Blacklist
  • Comment: Listed on Honeypot blacklist
  • Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt