PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Mon Aug 3 00:30:15 2020.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Last Attacks  |  Top Attackers  |  Top Signatures  |  Top Ports
Last SeenFirst SeenIP AddressCountryPorts Targeted
Thu Sep 24 06:48:23 2020Wed Sep 16 23:42:43 2020 128.14.141.119 US5801
Thu Sep 24 06:45:17 2020Thu Sep 24 06:33:53 2020 18.134.73.242 US4243
Thu Sep 24 06:37:31 2020Thu Sep 24 06:37:30 2020 113.53.198.253 TH22-8728
Thu Sep 24 06:26:08 2020Tue Sep 1 07:00:17 2020 218.4.90.211 CN1433
Thu Sep 24 06:16:13 2020Sun Sep 20 07:38:17 2020 162.216.19.69 US9160
Thu Sep 24 06:15:13 2020Fri Sep 18 09:11:59 2020 210.172.87.226 ?1433
Thu Sep 24 06:14:13 2020Tue Sep 15 04:56:30 2020 157.245.134.19 US49666
Thu Sep 24 06:05:15 2020Thu Sep 24 06:05:14 2020 182.180.150.106 PK1433
Thu Sep 24 05:59:20 2020Wed Sep 2 08:12:49 2020 192.35.168.35 US5900
Thu Sep 24 05:47:56 2020Wed Sep 16 07:30:11 2020 192.241.223.12 US8983
Thu Sep 24 05:28:52 2020Wed Aug 5 14:31:00 2020 114.67.168.255 CN1433
Thu Sep 24 05:19:50 2020Mon Aug 3 05:14:03 2020 188.165.126.60 FR3389
Thu Sep 24 05:17:29 2020Fri Aug 21 05:12:54 2020 192.241.234.7 US1028
Thu Sep 24 05:15:42 2020Thu Sep 24 05:15:28 2020 112.67.176.79 CN1433
Thu Sep 24 05:14:34 2020Mon Aug 3 15:04:42 2020 192.241.239.123 US2000
Thu Sep 24 05:07:31 2020Thu Sep 24 05:07:21 2020 187.36.173.4 BR5555
Thu Sep 24 05:06:28 2020Wed Sep 23 21:05:31 2020 18.179.62.244 US5555
Thu Sep 24 04:57:35 2020Thu Sep 24 04:57:23 2020 172.252.242.58 US1433
Thu Sep 24 04:47:59 2020Thu Sep 24 04:47:55 2020 200.68.38.30 CL1433
Thu Sep 24 04:44:36 2020Thu Sep 24 04:44:26 2020 118.123.249.177 CN1433
Last SeenHitsIP AddressCountryHosting Provider
Thu Aug 27 21:38:23 202011487194.26.29.104RURU-MEDIA-LAND-2-20191120
Thu Aug 27 21:34:35 202011304194.26.29.102RURU-MEDIA-LAND-2-20191120
Wed Sep 23 23:00:52 202099482601:0981:c200:014e:91f5:9183:128c:a0b6USComcast Cable Communications, LLC (CCCS)
Fri Aug 7 22:11:51 2020519645.145.67.14RURU-HOSTWAY-20200514
Thu Sep 24 06:42:51 20204770193.27.228.172RURU-HOSTWAY-20191218
Mon Sep 21 05:22:18 2020445545.145.66.96RURU-HOSTWAY-20200514
Thu Sep 24 07:03:02 2020443745.129.33.41NLMaximilian Kutzner trading as HostSlick
Mon Sep 21 06:44:23 20204007185.176.27.26BGIP Dunaev Yuriy Vyacheslavovich
Mon Sep 21 06:28:32 20203991185.176.27.102BGIP Dunaev Yuriy Vyacheslavovich
Mon Sep 21 05:30:30 20203982185.176.27.14BGIP Dunaev Yuriy Vyacheslavovich
Tue Sep 22 04:26:58 2020395845.129.33.48NLMaximilian Kutzner trading as HostSlick
Mon Sep 21 08:29:47 2020384745.129.33.46NLMaximilian Kutzner trading as HostSlick
Mon Sep 21 07:33:32 20203833185.176.27.30BGIP Dunaev Yuriy Vyacheslavovich
Mon Sep 21 06:21:01 20203815185.176.27.34BGIP Dunaev Yuriy Vyacheslavovich
Thu Sep 24 06:53:43 2020373145.129.33.24NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 07:01:22 2020368945.129.33.47NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 06:57:07 2020365845.129.33.43NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 07:03:42 2020357545.129.33.12NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 06:29:35 2020356545.129.33.13NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 06:45:24 2020353645.129.33.9NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 06:53:49 2020349145.129.33.10NLMaximilian Kutzner trading as HostSlick
Tue Sep 22 22:02:06 2020348645.129.33.5NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 07:06:28 2020347945.129.33.8NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 07:06:01 2020344845.129.33.15NLMaximilian Kutzner trading as HostSlick
Thu Aug 6 11:54:16 20203356193.27.228.198RURU-HOSTWAY-20191218
Thu Sep 10 21:27:28 20203350185.156.73.52NLIP Kiktev Nikolay Vladimirovich
Thu Sep 17 06:13:58 2020327445.129.33.44NLMaximilian Kutzner trading as HostSlick
Sat Sep 19 13:43:54 20203164185.176.27.166BGIP Dunaev Yuriy Vyacheslavovich
Sat Sep 19 19:38:25 2020313645.129.33.16NLMaximilian Kutzner trading as HostSlick
Mon Sep 7 20:17:23 20203078194.26.27.104RURU-MEDIA-LAND-2-20191120
Sat Sep 19 22:22:33 2020307645.129.33.45NLMaximilian Kutzner trading as HostSlick
Mon Sep 7 20:17:04 20203024194.26.27.102RURU-MEDIA-LAND-2-20191120
Thu Sep 24 06:50:42 2020297883.97.20.35ROOvO Systems Ltd
Thu Sep 10 08:26:05 2020295145.129.33.50NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 07:04:28 2020280445.129.33.60NLMaximilian Kutzner trading as HostSlick
Tue Sep 22 14:11:08 2020272345.129.33.49NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 06:58:15 2020247445.129.33.153NLMaximilian Kutzner trading as HostSlick
Thu Sep 3 16:20:26 2020244694.102.57.152NLORG-IVI1-RIPE
Thu Sep 3 16:11:50 2020243194.102.57.179NLORG-IVI1-RIPE
Thu Sep 3 16:46:27 2020242694.102.57.172NLORG-IVI1-RIPE
Thu Sep 3 17:15:53 2020240593.174.93.26NLORG-IVI1-RIPE
Thu Sep 3 16:11:00 2020240394.102.57.180NLORG-IVI1-RIPE
Thu Sep 3 17:24:58 2020240180.82.78.188NLORG-IVI1-RIPE
Thu Sep 3 16:47:52 2020238594.102.57.153NLORG-IVI1-RIPE
Thu Sep 3 15:30:27 2020237394.102.57.136NLORG-IVI1-RIPE
Thu Sep 24 04:46:09 2020231345.129.33.14NLMaximilian Kutzner trading as HostSlick
Thu Sep 17 22:11:25 202022012601:0981:c200:014e:0000:0000:0000:2000USComcast Cable Communications, LLC (CCCS)
Mon Aug 31 10:12:41 2020211145.129.33.42NLMaximilian Kutzner trading as HostSlick
Thu Sep 24 02:52:53 2020210080.82.78.82NLORG-IVI1-RIPE
Thu Sep 24 07:08:20 2020205645.129.33.149NLMaximilian Kutzner trading as HostSlick
HitsSIDSignature
10605100205MISC Microsoft SQL Server communication attempt
5188100077MISC MS Terminal Server communication attempt
2995564P2P Napster Client Data communication attempt
24812375BACKDOOR DoomJuice file upload attempt
1095100202MISC VNC communication attempt
1071510POLICY HP JetDirect LCD communication attempt
865100090P2P napster communication attempt
668100084MISC HP Web JetAdmin communication attempt
597100082MISC Microsoft PPTP communication attempt
501562P2P Napster Client Data communication attempt
357563P2P Napster Client Data communication attempt
2941846POLICY vncviewer Java applet communication attempt
271100063BACKDOOR RUX the Tick connection attempt
225100028BACKDOOR netbus Connection Cttempt
179100204MISC Radmin Default install options attempt
1512181P2P BitTorrent communication attempt
150100073MISC PCAnywhere communication attempt
130568POLICY HP JetDirect LCD commnication attempt
123147BACKDOOR GateCrasher Connection attempt
1211408DOS MSDTC communication attempt
1001641DOS DB2 dos communication attempt
96100112DOS Real Audio Server communication attempt
89119BACKDOOR Doly 2.0 Connection attempt
84561P2P Napster Client Data communication attempt
82100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
741605DOS iParty DOS attempt
71100100FTP Yak! FTP server communication attempt
552586P2P eDonkey transfer attempt
54208BACKDOOR PhaseZero Server Active on Network
401987MISC xfs communication attempt
37100044BACKDOOR NetSphere Connection attempt
332587P2P eDonkey communication attempt
31152BACKDOOR BackConstruction 2.1 connection attempt
27100038BACKDOOR - Dagger_1.4.0 Connection attempt
251383P2P Fastrack kazaa/morpheus communication attempt
251636MISC Xtramail communication attempt
231985BACKDOOR Doly 1.5 Connection attempt
22107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
18100040BACKDOOR Infector.1.x Connection attempt
182124BACKDOOR Remote PC Access connection attempt
17108BACKDOOR QAZ Worm Client Login access
17565P2P Napster Server Login communication attempt
16100206PSAD-CUSTOM Kuang2 virus communication attempt
12159BACKDOOR NetMetro File List connection attempt
11599RPC portmap listing TCP 32771
11163BACKDOOR WinCrash 1.0 communication attempt
10249DDOS mstream client to handler
10247DDOS mstream client to handler
10282DOS arkiea backup communication attempt
101819MISC Alcatel PABX 4400 connection attempt
10100203MISC Ghostsurf communication attempt
101421SNMP AgentX/tcp request
9100083MISC LDAP communication attempt
61843BACKDOOR trinity connection attempt
6141BACKDOOR HackAttack 1.20 Connection attempt
5100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
5505MISC Insecure TIMBUKTU communication attempt
4100007DDOS Trin00 Attacker to Master connection attempt
4153BACKDOOR DonaldDick 1.53 connection attempt
4145BACKDOOR GirlFriend Connection attempt
3100207BACKDOOR Subseven connection attempt
2100064BACKDOOR Asylum 0.1 connection request
13016BACKDOOR Insane Network 4.0 connection established port 63536
1613SCAN myscan
PortHits
2328473
143310799
228466
806916
33895287
80804889
4433924
55552995
812884
85452820
80892698
95302370
84432320
63791681
23231412
33901227
80811153
50381122
59001095
23751079
9200989
8088926
3128909
8888865
21860
PortHits
27017833
3391831
4567790
3388764
3306735
8291726
11211697
60001685
3392675
5432673
8000668
88611
9000604
1723597
5000568
3399559
2222554
3393546
3000518
33389511
50802507
7777501
389500
3395487
3394482
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify