This past month, we’ve seen some new and different scans targeting tcp ports between 8000 and 10,000. The first occurrence was on 30 April 2020 and originated from ip address %%ip:23.95.67.187%% and containing payload:
Article Link: https://isc.sans.edu/diary/rss/26208