We’ve been watching some interesting scans primarily hitting our HITME sensors in Asia for the last couple of weeks. The connection occurs on port 3131/TCP and contains the following request:
GET http://gameframe.net/headers HTTP/1.1
User-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.10
Host: gameframe.net
Accept-Encoding: deflate, gzip
Proxy-Connection: Keep-Alive
Accept-Language: en-gb,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Pragma: no-cache
Cache-Control: no-cache
The scans we have seen seem to be originating primarily from Europe.
Have you seen similar scans and probes on this port? If so, please share with us in comments or via Twitter (@lbhuston).
In the meantime, it is worth checking your application logs if you have any custom applications deployed on this port, particularly exposed to the Internet. While we don’t see anything indicating an attack, review of anything exposed for errors or follow on attack traffic is suggested (it’s usually a good idea anyway).
Thanks for reading!
Hy i seethis today on my log files . Its possible to block this link wia htaccess or any one know the IP maybe? Thank you.
You can block the particular IP addresses, or simply block the ports you see the traffic on.
Hy, Brent i get some ips from bulgaria but i have also htaccess blocked for all bad bots etc i hope it wil be help.. output header is disabled i thing that some one try to create psihing page of my i got right? Thank you for answers.
(000011)3/26/2013 10:59:37 AM – (not logged in)
(93.174.88.31)> Connected, sending welcome message…
(000011)3/26/2013 10:59:37 AM – (not logged in)
(93.174.88.31)> 220 Denied (000011)3/26/2013 10:59:37 AM –
(not logged in) (93.174.88.31)> could not send reply,
disconnected. (000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Connected, sending welcome message…
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 220 Denied (000012)3/26/2013 10:59:38 AM –
(not logged in) (93.174.88.31)> GET
http://gameframe.net/headers HTTP/1.1 (000012)3/26/2013 10:59:38 AM
– (not logged in) (93.174.88.31)> 500 Syntax error, command
unrecognized. (000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> User-Agent: Mozilla/5.0 (Windows NT 6.1;
WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 (000012)3/26/2013
10:59:38 AM – (not logged in) (93.174.88.31)> 500 Syntax
error, command unrecognized. (000012)3/26/2013 10:59:38 AM – (not
logged in) (93.174.88.31)> Host: gameframe.net
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Accept-Encoding: deflate, gzip
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Proxy-Connection: Keep-Alive
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Accept-Language: en-gb,en;q=0.5
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7 (000012)3/26/2013 10:59:38 AM – (not
logged in) (93.174.88.31)> 500 Syntax error, command
unrecognized. (000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> Pragma: no-cache (000012)3/26/2013 10:59:38
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000012)3/26/2013 10:59:38 AM – (not logged
in) (93.174.88.31)> Cache-Control: no-cache
(000012)3/26/2013 10:59:38 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000012)3/26/2013 10:59:48 AM – (not logged in)
(93.174.88.31)> disconnected. (000013)3/26/2013 10:59:49 AM
– (not logged in) (93.174.88.31)> Connected, sending welcome
message… (000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 220 Denied (000013)3/26/2013 10:59:49 AM –
(not logged in) (93.174.88.31)> GET
http://gameframe.net/headers HTTP/1.1 (000013)3/26/2013 10:59:49 AM
– (not logged in) (93.174.88.31)> 500 Syntax error, command
unrecognized. (000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> User-Agent: Mozilla/5.0 (Windows NT 6.1;
WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 (000013)3/26/2013
10:59:49 AM – (not logged in) (93.174.88.31)> 500 Syntax
error, command unrecognized. (000013)3/26/2013 10:59:49 AM – (not
logged in) (93.174.88.31)> Host: gameframe.net
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Accept-Encoding: deflate, gzip
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Proxy-Connection: Keep-Alive
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Accept-Language: en-gb,en;q=0.5
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7 (000013)3/26/2013 10:59:49 AM – (not
logged in) (93.174.88.31)> 500 Syntax error, command
unrecognized. (000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> Pragma: no-cache (000013)3/26/2013 10:59:49
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000013)3/26/2013 10:59:49 AM – (not logged
in) (93.174.88.31)> Cache-Control: no-cache
(000013)3/26/2013 10:59:49 AM – (not logged in)
(93.174.88.31)> 500 Syntax error, command unrecognized.
(000013)3/26/2013 10:59:59 AM – (not logged in)
(93.174.88.31)> disconnected. (000014)3/26/2013 10:59:59 AM
– (not logged in) (93.174.88.31)> Connected, sending welcome
message… (000014)3/26/2013 10:59:59 AM – (not logged in)
(93.174.88.31)> 220 Denied (000014)3/26/2013 10:59:59 AM –
(not logged in) (93.174.88.31)> (000014)3/26/2013 10:59:59
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000014)3/26/2013 10:59:59 AM – (not logged
in) (93.174.88.31)> P>l0 (000014)3/26/2013 10:59:59
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000014)3/26/2013 11:00:00 AM – (not logged
in) (93.174.88.31)> disconnected. (000015)3/26/2013 11:00:00
AM – (not logged in) (93.174.88.31)> Connected, sending
welcome message… (000015)3/26/2013 11:00:00 AM – (not logged in)
(93.174.88.31)> 220 Denied (000015)3/26/2013 11:00:00 AM –
(not logged in) (93.174.88.31)> (000015)3/26/2013 11:00:00
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000015)3/26/2013 11:00:00 AM – (not logged
in) (93.174.88.31)> P>l0 (000015)3/26/2013 11:00:00
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000015)3/26/2013 11:00:00 AM – (not logged
in) (93.174.88.31)> disconnected. (000016)3/26/2013 11:00:00
AM – (not logged in) (93.174.88.31)> Connected, sending
welcome message… (000016)3/26/2013 11:00:00 AM – (not logged in)
(93.174.88.31)> 220 Denied (000016)3/26/2013 11:00:00 AM –
(not logged in) (93.174.88.31)> (000016)3/26/2013 11:00:00
AM – (not logged in) (93.174.88.31)> 500 Syntax error,
command unrecognized. (000016)3/26/2013 11:00:00 AM – (not logged
in) (93.174.88.31)> disconnected. same type of thing on my
ftp server “port 21”
Nice weblog here! Additionally your website a lot up fast!
What web host are you using? Can I am getting your affiliate link
on your host? I wish my website loaded up as
fast as yours lol
Wow, incredible blog layout! How long have you been
blogging for? you make blogging look easy. The overall look
of your site is magnificent, as well as the content!
Thanks on your marvelous posting! I really enjoyed reading it, you
will be a great author.I will always bookmark your blog and
may come back very soon. I want to encourage you continue your great posts, have a
nice weekend!
mind letting me know which web host you are using?
I’ve loaded your page in 2 different browsers and I will have to say this blog site loads a lot quicker then most. Can you suggest a good hosting company at a fair price? Thank you, I appreciate it! Plz also exc
Hello There. I found your blog using msn. This is a very well written article.
I’ll be sure to bookmark it and come back to read more of your useful info. Thanks for the post. I’ll
definitely return.
Woah! I’m really digging the template/theme of this site. It’s
simple, yet effective. A lot of times it’s difficult to get that “perfect balance” between user friendliness and visual appeal. I must say you have done a fantastic job with this. Also, the blog loads extremely fast for me on Internet explorer. Excellent Blog!
I will right away snatch your rss as I can’t find your e-mail subscription hyperlink or newsletter service. Do you have any? Kindly permit me know so that I may just subscribe. Thanks.
Thank you, I have recently been looking for information approximately this topic for a while and yours is the best I have discovered
so far. But, what concerning the conclusion? Are you sure about the
source?
Hi, this weekend is fastidious designed for me, as this
point in time i am reading this impressive educational piece of writing here at my residence.
I do not even know how I stopped up right here, but I believed this put up used to
be good. I don’t recognise who you might be however definitely you’re going to a well-known
blogger should you are not already. Cheers!
Fatigue is the number one side effect of cancer treatment affecting 76% of
patients undergoing treatment. A bone scan report dated 28 August 2006, confirmed “no evidence of MDP avid skeletal metastasis. Sometimes placing the source of radiation within the tumor might have advantages over delivering radiation from an external source.
If you are going for finest contents like I do, only
pay a quick visit this web site every day since it presents quality
contents, thanks
This is also a great tool for someone who is always on-the-go and wants to be prepared
with anything. Duct tape is without a doubt one of the most useful items
in our homes today, in fact G. This small toolbox will fit right into the equation for
that fisherman in the house.
Oh my goodness! Incredible article dude! Thanks, However I am experiencing troubles with your
RSS. I don’t understand the reason why I cannot join it. Is there anybody having similar RSS problems? Anybody who knows the answer will you kindly respond? Thanx!!
Hi there, its nice piece of writing concerning media print, we all be
aware of media is a fantastic source of information.
Eu simplesmente não poderia afastar o seu site antes de sugerir que eu extremamente se a informação padrão uma pessoa fornecer para seus visitantes?
Vai estar de volta, a fim de verificar-se muitas vezes em novos posts
Hello! I know this is sort of off-topic but I
needed to ask. Does running a well-established website like yours require a large amount of work?
I am brand new to running a blog however I do write in my journal every day.
I’d like to start a blog so I can easily share my own experience and feelings online. Please let me know if you have any recommendations or tips for new aspiring blog owners. Appreciate it!
Have you ever considered about adding a little bit more than just your articles?
I mean, what you say is valuable and all. But imagine
if you added some great graphics or video clips to give your posts
more, “pop”! Your content is excellent but with images and clips, this website
could definitely be one of the greatest in its niche.
Fantastic blog!
Howdy great blog! Does running a blog such as this require a lot of
work? I have virtually no understanding of coding however I
had been hoping to start my own blog in the near future.
Anyhow, should you have any suggestions or tips for new blog
owners please share. I know this is off subject but
I simply needed to ask. Many thanks!
Good day! I simply want to give an enormous thumbs up for the good info you
might have here on this post. I can be coming again to your weblog for more soon.
Hello! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing
a few months of hard work due to no backup. Do you have any methods to stop hackers?
Actually when someone doesn’t understand then its up to other visitors that they will help, so here it occurs.
I truly love your website.. Very nice colors & theme.
Did you create this web site yourself? Please reply
back as I’m hoping to create my own personal blog and would like to find out where you got this from or exactly what the theme is named. Many thanks!
What a stuff of un-ambiguity and preserveness of precious familiarity regarding unpredicted emotions.
There’s certainly a great deal to know about this subject. I love all the points you’ve made.
Hello it’s me, I am also visiting this site on a regular basis, this website is in fact pleasant and the viewers are truly sharing nice thoughts.
Pretty! This has been a really wonderful post.
Thanks for supplying this info.
Fabulous, what a website it is! This website presents helpful information to us, keep it up.
Link exchange is nothing else but it is only placing the other person’s webpage link on your page at suitable place and other person will also do similar in favor of you.
This modern computer world you live in, so enjoy the best of that.
So it’s up to the few remaining independents like Lions Gate, Millennium and Anchor Bay to provide a platform. If it is canted to one side or the other the rifle will not function properly and needs to be returned for repair or replacement.