This indicates detection of an attempted scan from Masscan port scanner.
Port scanners are used to probe computer networks to see which ports or services are available. An attacker may utilize a scanner to identify what services the target system is running and perform further attacks based on its findings. This signature detects for HTTP traffics associated with Masscan.
All web servers.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Monitor the traffic from the network for any suspicious activity.
18.104.22.168 – – [10/Nov/2019:21:56:30 -0500] “GET / HTTP/1.0” 301 229 “-” “masscan/1.0