This indicates detection of an attempted scan from Masscan port scanner.
Port scanners are used to probe computer networks to see which ports or services are available. An attacker may utilize a scanner to identify what services the target system is running and perform further attacks based on its findings. This signature detects for HTTP traffics associated with Masscan.
Affected Products
All web servers.
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Monitor the traffic from the network for any suspicious activity.
Other References
https://github.com/robertdavidgraham/masscan
Log Example:
138.68.247.104 – – [10/Nov/2019:21:56:30 -0500] “GET / HTTP/1.0” 301 229 “-” “masscan/1.0