PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Mon Oct 22 03:28:18 2018.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Top Attackers  |  Top Signatures  |  Top Ports
Note: Near-constant attacks from the Gubina Lubov Petrivna netblock
have caused me to remove it from the results.
Last SeenHitsIP AddressCountryHosting Provider
Mon Jan 21 21:56:30 201916946193.238.47.5NLORG-XL50-RIPE
Mon Dec 10 20:02:04 20181328477.72.82.22GBUnited Protection (UK) Security LIMITED
Mon Jan 21 21:30:03 2019110075.188.206.14EUTechnology Advances Investment Limited
Mon Jan 21 20:27:32 20199263146.0.77.157NLRIPE Network Coordination Centre (RIPE)
Mon Jan 21 14:47:06 20198027194.28.115.243NLNetwork Systems Ltd.
Mon Jan 21 15:29:24 20197495194.28.115.245NLNetwork Systems Ltd.
Mon Jan 21 21:47:40 20196706185.143.221.37NLinformtech-select
Fri Jan 18 03:33:46 2019566178.128.112.62EUORG-DDL12-RIPE
Sun Nov 4 02:52:40 20185574185.153.197.8MDRU-RMENGINEERING-20160524
Mon Jan 21 21:57:55 2019310931.192.108.68EUORG-GS326-RIPE
Mon Jan 21 21:19:04 20192660185.208.208.198NLAccess2.IT Group B.V.
Mon Jan 21 21:59:50 20192638185.208.209.6NLAccess2.IT Group B.V.
Mon Jan 21 21:19:36 2019261477.72.85.26BGUnited Protection (UK) Security LIMITED
Thu Nov 29 04:07:22 2018252866.225.225.224??
Mon Jan 21 20:42:11 20192460185.255.31.2CHORG-GS326-RIPE
Fri Jan 4 13:45:56 2019221179.124.56.130BGORG-IPTL2-RIPE
Mon Jan 21 21:14:42 20192057122.228.19.80CNHZZYKJ-WZ
Mon Jan 21 14:20:47 20191999110.249.212.46CNUNICOM-HE
Thu Jan 17 17:46:21 2019193978.128.112.98EUORG-DDL12-RIPE
Mon Jan 14 07:54:05 20191901185.176.27.6BGIP Dunaev Yuriy Vyacheslavovich
Mon Jan 21 21:41:03 20191845185.211.245.157RUteam-host-ru-highload-network
Thu Jan 3 17:42:35 2019182678.128.112.38EUORG-DDL12-RIPE
Sat Jan 5 05:10:06 20191761185.176.27.2BGIP Dunaev Yuriy Vyacheslavovich
Thu Nov 29 04:00:01 20181697185.17.73.141NLDarkness Reigns (Holding) B.V.
Tue Jan 8 13:48:51 2019169078.128.112.94EUORG-DDL12-RIPE
Sun Jan 6 10:03:29 201916515.8.54.27RUPetersburg Internet Network ltd.
Mon Jan 21 20:21:47 20191646185.211.245.168RUteam-host-ru-highload-network
Wed Dec 5 05:32:40 20181623185.153.198.220MDRU-RMENGINEERING-20160524
Tue Jan 1 20:20:18 20191175185.255.31.18CHORG-GS326-RIPE
Sun Jan 20 14:41:53 20191147185.176.26.39BGIP Kirichenko Andrey Evgenievich
Mon Jan 21 20:23:40 20191141125.64.94.197CNCHINANET-SC
Tue Jan 8 07:17:51 2019112578.128.112.54EUORG-DDL12-RIPE
Sun Jan 20 17:13:59 20191124185.176.26.27BGIP Kirichenko Andrey Evgenievich
Tue Jan 15 08:39:47 201911205.188.206.22EUTechnology Advances Investment Limited
Sun Jan 20 16:40:24 20191120185.176.26.21BGIP Kirichenko Andrey Evgenievich
Sun Jan 20 15:39:57 20191091185.176.26.33BGIP Kirichenko Andrey Evgenievich
Sun Jan 20 17:50:30 20191089185.176.26.15BGIP Kirichenko Andrey Evgenievich
Sun Jan 20 13:41:52 20191086185.176.26.3BGIP Kirichenko Andrey Evgenievich
Sun Jan 20 15:24:56 20191079185.176.26.45BGIP Kirichenko Andrey Evgenievich
Sun Jan 20 16:36:22 20191065185.176.26.51BGIP Kirichenko Andrey Evgenievich
Mon Jan 21 21:38:35 20191064185.222.210.45VEPRISM BUSINESS SERVICES LTD
Sun Jan 20 12:02:22 20191063185.176.26.9BGIP Kirichenko Andrey Evgenievich
Sat Dec 1 18:07:16 201810305.188.87.76NLChannelnet LTD.
Mon Jan 21 21:25:52 20191000185.176.26.66BGIP Kirichenko Andrey Evgenievich
Mon Jan 21 21:28:01 2019990122.228.19.79CNHZZYKJ-WZ
Fri Dec 21 09:07:43 20189305.188.87.82NLChannelnet LTD.
Mon Jan 21 20:58:22 2019919185.222.210.15VEPRISM BUSINESS SERVICES LTD
Sun Jan 6 23:50:19 201983289.248.174.3SCQuasi Networks LTD.
Sun Jan 20 18:18:09 2019802185.176.26.57BGIP Kirichenko Andrey Evgenievich
Mon Jan 21 21:34:00 2019794185.53.91.24EECLOUD STAR HOSTING SERVICES
HitsSIDSignature
22540100205MISC Microsoft SQL Server communication attempt
7345100077MISC MS Terminal Server communication attempt
4906100063BACKDOOR RUX the Tick connection attempt
4572564P2P Napster Client Data communication attempt
27062375BACKDOOR DoomJuice file upload attempt
2238100202MISC VNC communication attempt
2170510POLICY HP JetDirect LCD communication attempt
1617100090P2P napster communication attempt
1189100084MISC HP Web JetAdmin communication attempt
622100082MISC Microsoft PPTP communication attempt
464562P2P Napster Client Data communication attempt
325563P2P Napster Client Data communication attempt
288147BACKDOOR GateCrasher Connection attempt
2631846POLICY vncviewer Java applet communication attempt
220100028BACKDOOR netbus Connection Cttempt
171100073MISC PCAnywhere communication attempt
1442181P2P BitTorrent communication attempt
130568POLICY HP JetDirect LCD commnication attempt
122100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
1131408DOS MSDTC communication attempt
98100112DOS Real Audio Server communication attempt
97100204MISC Radmin Default install options attempt
81207BAD-TRAFFIC data in TCP SYN packet
791641DOS DB2 dos communication attempt
72486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
71119BACKDOOR Doly 2.0 Connection attempt
70402ICMP Destination Unreachable Port Unreachable
54208BACKDOOR PhaseZero Server Active on Network
361987MISC xfs communication attempt
36100100FTP Yak! FTP server communication attempt
341605DOS iParty DOS attempt
33561P2P Napster Client Data communication attempt
322586P2P eDonkey transfer attempt
22152BACKDOOR BackConstruction 2.1 connection attempt
191383P2P Fastrack kazaa/morpheus communication attempt
161636MISC Xtramail communication attempt
16505MISC Insecure TIMBUKTU communication attempt
142587P2P eDonkey communication attempt
12159BACKDOOR NetMetro File List connection attempt
12100038BACKDOOR - Dagger_1.4.0 Connection attempt
12100083MISC LDAP communication attempt
121985BACKDOOR Doly 1.5 Connection attempt
122124BACKDOOR Remote PC Access connection attempt
10100040BACKDOOR Infector.1.x Connection attempt
10565P2P Napster Server Login communication attempt
101819MISC Alcatel PABX 4400 connection attempt
8100206PSAD-CUSTOM Kuang2 virus communication attempt
8282DOS arkiea backup communication attempt
8100064BACKDOOR Asylum 0.1 connection request
8163BACKDOOR WinCrash 1.0 communication attempt
7100044BACKDOOR NetSphere Connection attempt
61421SNMP AgentX/tcp request
6108BACKDOOR QAZ Worm Client Login access
6100203MISC Ghostsurf communication attempt
6153BACKDOOR DonaldDick 1.53 connection attempt
4599RPC portmap listing TCP 32771
41843BACKDOOR trinity connection attempt
4141BACKDOOR HackAttack 1.20 Connection attempt
4145BACKDOOR GirlFriend Connection attempt
4100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
4100007DDOS Trin00 Attacker to Master connection attempt
2230DDOS shaft client login to handler connection attempt
2107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
2100207BACKDOOR Subseven connection attempt
PortHits
2356000
143322797
8014666
2211984
2541111304
808011001
8110371
854510185
33897598
222224938
55554572
23233985
4433864
80883139
600012936
82912685
59002260
84432243
33061935
88881619
63791529
31281465
33901463
90001293
211264
PortHits
80001194
90901122
54311101
50381082
80811052
338901010
3391977
9999919
50802887
3388862
25860
1080834
3399779
3392773
7001770
9001761
2222742
33891725
33389715
33892714
8118708
5060695
3395688
3393679
13389661
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify