PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Tue Jan 22 22:50:31 2019.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Top Attackers  |  Top Signatures  |  Top Ports
Last SeenHitsIP AddressCountryHosting Provider
Fri Mar 29 21:36:38 201918125194.147.34.12RUORG-LB141-RIPE
Fri Mar 22 05:32:15 20196095176.57.71.239NLON-LINE DATA LTD
Sat Feb 9 01:09:04 2019335796.4.0.35??
Fri Mar 1 11:20:52 2019297446.161.27.159NLMEGA HOLDINGS LIMITED
Fri Feb 8 10:41:14 2019280877.72.82.22RUORG-NA225-RIPE
Tue Apr 23 03:40:03 20192077185.176.26.101BGIP Kirichenko Andrey Evgenievich
Tue Apr 23 03:15:26 20192046185.176.26.100BGIP Kirichenko Andrey Evgenievich
Mon Feb 4 10:18:36 2019169980.211.185.78ITARUBA-NET
Tue Jan 29 12:56:58 2019153294.102.56.235SCQuasi Networks LTD.
Thu Apr 11 08:30:07 2019145892.63.196.17RUORG-OA984-RIPE
Tue Apr 23 02:16:36 20191414122.228.19.79CNHZZYKJ-WZ
Tue Apr 23 01:30:56 20191297185.208.208.198NLAccess2.IT Group B.V.
Tue Apr 23 03:50:45 20191294185.208.209.6NLAccess2.IT Group B.V.
Tue Apr 23 04:03:49 20191283185.176.27.118BGIP Dunaev Yuriy Vyacheslavovich
Tue Apr 23 02:37:54 20191197185.176.26.66BGIP Kirichenko Andrey Evgenievich
Tue Apr 23 03:57:29 20191088185.176.27.242BGIP Dunaev Yuriy Vyacheslavovich
Fri Apr 5 06:41:49 20191065185.211.245.168RUteam-host-ru-highload-network
Tue Apr 23 03:31:53 2019104489.248.174.3NLORG-IVI1-RIPE
Fri Apr 5 10:53:13 20191026185.211.245.157RUteam-host-ru-highload-network
Sat Apr 20 11:47:20 20191018207.244.86.222USLeaseweb USA, Inc. (LU)
Tue Apr 2 07:51:59 20191015193.32.160.35EUSTELLAR ADVANCED CONCEPTS LTD
Mon Apr 22 21:17:42 2019926110.249.212.46CNUNICOM-HE
Wed Apr 17 07:48:25 201991392.63.196.143RUORG-OA984-RIPE
Tue Apr 23 02:57:48 2019891185.176.27.6BGIP Dunaev Yuriy Vyacheslavovich
Wed Apr 3 15:10:52 2019874185.254.122.5LTARTURAS
Tue Apr 23 03:31:06 2019845185.176.27.246BGIP Dunaev Yuriy Vyacheslavovich
Mon Apr 22 13:19:29 2019843185.176.27.2BGIP Dunaev Yuriy Vyacheslavovich
Mon Mar 25 14:10:59 2019836141.98.89.143GBUK-BRITNET2-20190111
Fri Mar 15 07:43:56 2019804194.28.115.243NLNetwork Systems Ltd.
Tue Apr 23 03:59:14 201977681.22.45.229RUInformation Technologies LLC
Fri Mar 15 07:36:57 2019773194.28.115.245NLNetwork Systems Ltd.
Tue Apr 23 02:23:25 201976381.22.45.230RUInformation Technologies LLC
Tue Apr 23 03:29:21 201975981.22.45.231RUInformation Technologies LLC
Tue Apr 23 03:27:07 201974381.22.45.232RUInformation Technologies LLC
Tue Apr 23 03:36:09 201974081.22.45.228RUInformation Technologies LLC
Mon Apr 22 20:47:44 201972381.22.45.191RUInformation Technologies LLC
Tue Apr 23 02:11:48 2019720185.176.26.78BGIP Kirichenko Andrey Evgenievich
Thu Apr 18 05:20:23 2019718120.52.152.17CNCU-CDC
Tue Apr 23 03:01:48 201970281.22.45.192RUInformation Technologies LLC
Tue Apr 23 03:08:54 201969781.22.45.193RUInformation Technologies LLC
Tue Apr 23 03:01:54 2019691120.52.152.16CNCU-CDC
Tue Feb 5 16:49:15 2019690176.119.4.18UAFOP Gubina Lubov Petrivna
Sat Mar 16 07:34:59 2019688185.176.27.106BGIP Dunaev Yuriy Vyacheslavovich
Tue Feb 5 16:40:26 2019682176.119.4.77UAFOP Gubina Lubov Petrivna
Tue Apr 23 03:33:15 201966089.248.168.112NLORG-IVI1-RIPE
Tue Apr 23 04:00:59 201965989.248.168.51NLORG-IVI1-RIPE
Tue Apr 23 03:19:43 2019631185.176.27.42BGIP Dunaev Yuriy Vyacheslavovich
Wed Mar 20 23:37:20 2019623120.52.152.18CNCU-CDC
Sun Apr 7 08:58:34 2019620185.153.196.80MDRU-RMENGINEERING-20160524
Tue Jan 29 09:18:33 201961794.102.56.252SCQuasi Networks LTD.
HitsSIDSignature
4817100205MISC Microsoft SQL Server communication attempt
3907100077MISC MS Terminal Server communication attempt
3400486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
3088100063BACKDOOR RUX the Tick connection attempt
1923564P2P Napster Client Data communication attempt
14502375BACKDOOR DoomJuice file upload attempt
1394100202MISC VNC communication attempt
1233510POLICY HP JetDirect LCD communication attempt
693100090P2P napster communication attempt
464100084MISC HP Web JetAdmin communication attempt
374402ICMP Destination Unreachable Port Unreachable
318100082MISC Microsoft PPTP communication attempt
242562P2P Napster Client Data communication attempt
198563P2P Napster Client Data communication attempt
1891846POLICY vncviewer Java applet communication attempt
1682181P2P BitTorrent communication attempt
148100028BACKDOOR netbus Connection Cttempt
991408DOS MSDTC communication attempt
93207BAD-TRAFFIC data in TCP SYN packet
93100204MISC Radmin Default install options attempt
88100073MISC PCAnywhere communication attempt
85100112DOS Real Audio Server communication attempt
71568POLICY HP JetDirect LCD commnication attempt
58147BACKDOOR GateCrasher Connection attempt
57100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
411641DOS DB2 dos communication attempt
39208BACKDOOR PhaseZero Server Active on Network
37119BACKDOOR Doly 2.0 Connection attempt
28561P2P Napster Client Data communication attempt
272586P2P eDonkey transfer attempt
261605DOS iParty DOS attempt
231383P2P Fastrack kazaa/morpheus communication attempt
21100100FTP Yak! FTP server communication attempt
211636MISC Xtramail communication attempt
201987MISC xfs communication attempt
172587P2P eDonkey communication attempt
14505MISC Insecure TIMBUKTU communication attempt
13100044BACKDOOR NetSphere Connection attempt
8599RPC portmap listing TCP 32771
8152BACKDOOR BackConstruction 2.1 connection attempt
73016BACKDOOR Insane Network 4.0 connection established port 63536
7100064BACKDOOR Asylum 0.1 connection request
7100038BACKDOOR - Dagger_1.4.0 Connection attempt
62124BACKDOOR Remote PC Access connection attempt
51421SNMP AgentX/tcp request
51985BACKDOOR Doly 1.5 Connection attempt
4565P2P Napster Server Login communication attempt
3100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
31819MISC Alcatel PABX 4400 connection attempt
3100040BACKDOOR Infector.1.x Connection attempt
3100206PSAD-CUSTOM Kuang2 virus communication attempt
3159BACKDOOR NetMetro File List connection attempt
2107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
2282DOS arkiea backup communication attempt
2100203MISC Ghostsurf communication attempt
2163BACKDOOR WinCrash 1.0 communication attempt
21843BACKDOOR trinity connection attempt
2247DDOS mstream client to handler
2108BACKDOOR QAZ Worm Client Login access
1100007DDOS Trin00 Attacker to Master connection attempt
1249DDOS mstream client to handler
1145BACKDOOR GirlFriend Connection attempt
1100083MISC LDAP communication attempt
1100207BACKDOOR Subseven connection attempt
12182BACKDOOR typot trojan traffic
PortHits
2331311
254115627
805477
225215
80805030
14334864
33894016
813854
85453529
222223101
23232202
55551923
4431819
600011749
59001402
50381248
3306813
3390746
9001744
6379740
8888694
3128669
25657
50802627
21617
PortHits
3391598
5431571
8443570
9527510
8291504
2222484
8000465
8089456
8088453
3392443
3388440
9000439
27017416
1080409
7001404
5060398
8081392
3395383
3399379
3393379
3394375
9090374
8118351
88349
5901342
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify