Re: Russian Anal Probing + Malware

["Ronald F. Guilmette" <rfg () tristatelogic com>]

In message <f2682032aa620f49aa50b30579a9357f () mail dessus com>, 
"Keith Medcalf" <kmedcalf () dessus com> wrote:

> On Friday, 21 June, 2019 18:14, Ronald F. Guilmette <rfg@tristatelogic.=
> com> wrote:
>
> >    https://twitter.com/GreyNoiseIO/status/1129017971135995904
> >    https://twitter.com/JayTHL/status/1128718224965685248
>
> Sorry, don't twitter ...  Too much malicious JavaScript there.

Can you be more, um, specific?

> > 80.82.64.21 scanner29.openportstats.com
> > ...
>
> Why do you think it is a problem and not just run-of-the-mill background
> radiation on the Internet?  

It's not a problem for me personally... other than the fact that these
goofballs are filling up my log files to no good end.  I just wanted
others to be aware of this (apparently ongoing) garbage.

And I wouldn't want anyone to be fooled by the mere fact that this
openportstats.com domain has a sort-of a web site.  It's still 100%
illegitimate.

> Do you (or your endpoints) not have a firewall to block such things?

I do, and I hope everyone else does also.

> What malware slinging?  I see none of that.

You didn't look at the Twitter reports.

> >    https://bit.ly/2ZBayc4
>
> Malicious link detected.

If you say so. (It's actually just a cute picture.)


Regards,
rfg