PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Tue Jan 22 22:50:31 2019.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Top Attackers  |  Top Signatures  |  Top Ports
Last SeenHitsIP AddressCountryHosting Provider
Sat Feb 9 01:09:04 2019335796.4.0.35??
Fri Mar 1 11:20:52 2019297446.161.27.159NLMEGA HOLDINGS LIMITED
Fri Feb 8 10:41:14 2019280877.72.82.22RUORG-NA225-RIPE
Mon Feb 4 10:18:36 2019169980.211.185.78ITARUBA-NET
Tue Jan 29 12:56:58 2019153294.102.56.235SCQuasi Networks LTD.
Tue Mar 19 03:13:48 20191164122.228.19.79CNHZZYKJ-WZ
Tue Mar 12 18:01:45 20191008193.32.160.35EUSTELLAR ADVANCED CONCEPTS LTD
Tue Mar 19 03:21:04 2019857185.211.245.168RUteam-host-ru-highload-network
Sun Mar 17 15:16:01 2019837185.208.209.6NLAccess2.IT Group B.V.
Sun Mar 17 16:37:42 2019836185.208.208.198NLAccess2.IT Group B.V.
Tue Mar 19 00:19:33 2019825185.211.245.157RUteam-host-ru-highload-network
Fri Mar 15 07:43:56 2019804194.28.115.243NLNetwork Systems Ltd.
Tue Mar 19 03:03:09 2019776185.176.26.100BGIP Kirichenko Andrey Evgenievich
Fri Mar 15 07:36:57 2019773194.28.115.245NLNetwork Systems Ltd.
Tue Mar 19 03:26:29 2019752185.176.26.101BGIP Kirichenko Andrey Evgenievich
Tue Mar 19 02:31:01 2019750185.254.122.5LTARTURAS
Tue Feb 5 16:49:15 2019690176.119.4.18UAFOP Gubina Lubov Petrivna
Sat Mar 16 07:34:59 2019688185.176.27.106BGIP Dunaev Yuriy Vyacheslavovich
Tue Feb 5 16:40:26 2019682176.119.4.77UAFOP Gubina Lubov Petrivna
Tue Jan 29 09:18:33 201961794.102.56.252SCQuasi Networks LTD.
Tue Mar 19 01:51:40 2019611110.249.212.46CNUNICOM-HE
Tue Mar 19 02:46:51 2019609120.52.152.18CNCU-CDC
Mon Mar 18 19:16:43 2019598185.176.26.66BGIP Kirichenko Andrey Evgenievich
Thu Feb 28 11:17:33 2019594185.222.210.15VEPRISM BUSINESS SERVICES LTD
Tue Jan 29 13:31:26 201958789.248.168.107SCQuasi Networks LTD.
Tue Mar 19 03:26:59 201958592.63.196.17RUORG-OA984-RIPE
Wed Feb 27 16:05:02 201957892.63.196.77RUORG-OA984-RIPE
Tue Jan 29 15:08:55 201957780.82.64.116SCQuasi Networks LTD.
Wed Feb 27 15:57:32 201956692.63.196.74RUORG-OA984-RIPE
Fri Feb 15 06:28:09 201956477.72.85.26RUORG-NA225-RIPE
Sun Mar 10 16:20:37 2019538193.32.163.41EUPP "Semenyuta Aleksandr Ivanovich"
Sat Feb 2 11:31:05 2019530104.168.148.138USHostwinds LLC. (HL-29)
Mon Mar 18 01:58:36 201951770.50.23.10CASYMDYN-20190204-CA23
Tue Mar 19 03:21:16 2019512120.52.152.17CNCU-CDC
Tue Mar 19 03:30:55 2019504185.176.27.118BGIP Dunaev Yuriy Vyacheslavovich
Mon Mar 18 18:17:37 2019501120.52.152.16CNCU-CDC
Tue Feb 12 07:32:53 2019467185.153.197.182MDRU-RMENGINEERING-20160524
Thu Feb 28 10:29:01 2019446185.222.210.45VEPRISM BUSINESS SERVICES LTD
Mon Mar 11 00:58:42 2019444185.176.26.78BGIP Kirichenko Andrey Evgenievich
Thu Mar 14 18:17:40 2019422185.254.122.120LTARTURAS
Thu Mar 14 19:59:58 201942131.192.108.68RUMir Telematiki Ltd
Tue Mar 19 03:27:11 2019404125.64.94.197CNCHINANET-SC
Mon Mar 18 20:05:14 2019398125.64.94.200CNCHINANET-SC
Tue Feb 5 16:33:20 2019396176.119.4.73UAFOP Gubina Lubov Petrivna
Tue Mar 19 03:38:30 2019392185.211.245.196RUteam-host-ru-highload-network
Wed Feb 13 01:34:07 201938488.108.138.205GBDSL-TISCALI-UK
Sun Mar 3 07:02:24 201937981.22.45.102DEDE-IMPULSE-20181015
Tue Mar 19 02:41:33 201937581.22.45.153DEDE-IMPULSE-20181015
Wed Feb 27 15:05:13 201937092.63.196.38RUORG-OA984-RIPE
Wed Feb 27 16:01:11 201937092.63.196.13RUORG-OA984-RIPE
HitsSIDSignature
4371100205MISC Microsoft SQL Server communication attempt
3399486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
2462100077MISC MS Terminal Server communication attempt
2044100063BACKDOOR RUX the Tick connection attempt
1391564P2P Napster Client Data communication attempt
1004100202MISC VNC communication attempt
8742375BACKDOOR DoomJuice file upload attempt
448100090P2P napster communication attempt
386510POLICY HP JetDirect LCD communication attempt
336100084MISC HP Web JetAdmin communication attempt
204402ICMP Destination Unreachable Port Unreachable
200100082MISC Microsoft PPTP communication attempt
144562P2P Napster Client Data communication attempt
1321846POLICY vncviewer Java applet communication attempt
126563P2P Napster Client Data communication attempt
93207BAD-TRAFFIC data in TCP SYN packet
91100028BACKDOOR netbus Connection Cttempt
822181P2P BitTorrent communication attempt
53100204MISC Radmin Default install options attempt
511408DOS MSDTC communication attempt
50100112DOS Real Audio Server communication attempt
50100073MISC PCAnywhere communication attempt
45568POLICY HP JetDirect LCD commnication attempt
34100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
32147BACKDOOR GateCrasher Connection attempt
251641DOS DB2 dos communication attempt
21119BACKDOOR Doly 2.0 Connection attempt
202586P2P eDonkey transfer attempt
18561P2P Napster Client Data communication attempt
18208BACKDOOR PhaseZero Server Active on Network
161605DOS iParty DOS attempt
141636MISC Xtramail communication attempt
121383P2P Fastrack kazaa/morpheus communication attempt
121987MISC xfs communication attempt
112587P2P eDonkey communication attempt
10100100FTP Yak! FTP server communication attempt
8505MISC Insecure TIMBUKTU communication attempt
6599RPC portmap listing TCP 32771
5100038BACKDOOR - Dagger_1.4.0 Connection attempt
42124BACKDOOR Remote PC Access connection attempt
41421SNMP AgentX/tcp request
33016BACKDOOR Insane Network 4.0 connection established port 63536
31985BACKDOOR Doly 1.5 Connection attempt
3100206PSAD-CUSTOM Kuang2 virus communication attempt
3152BACKDOOR BackConstruction 2.1 connection attempt
2100044BACKDOOR NetSphere Connection attempt
21819MISC Alcatel PABX 4400 connection attempt
2565P2P Napster Server Login communication attempt
2282DOS arkiea backup communication attempt
2100064BACKDOOR Asylum 0.1 connection request
2100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
21843BACKDOOR trinity connection attempt
1247DDOS mstream client to handler
1159BACKDOOR NetMetro File List connection attempt
1100040BACKDOOR Infector.1.x Connection attempt
1100203MISC Ghostsurf communication attempt
12182BACKDOOR typot trojan traffic
1163BACKDOOR WinCrash 1.0 communication attempt
1145BACKDOOR GirlFriend Connection attempt
1100083MISC LDAP communication attempt
PortHits
2317862
14334375
803750
223465
254113420
80803321
85452889
33892537
812489
222222056
23231524
55551391
4431246
59001005
60001900
5038753
3390519
6379518
3306509
8888449
9527436
3128425
3391425
25414
5431405
PortHits
21379
8291370
50802365
8443364
8000337
3392306
2222298
8088292
3388288
5060280
1080271
27017268
3395266
3399264
9000263
3394263
3393259
88259
9090254
8081247
5901245
3398233
8118222
4145217
3397216
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify