PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Tue Jan 22 17:50:31 2019.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Last Attacks  |  Top Attackers  |  Top Signatures  |  Top Ports
Last SeenFirst SeenIP AddressCountryPorts Targeted
Sun Dec 15 02:28:16 2019Mon Dec 2 20:03:46 2019 45.136.111.15 DE6000
Sun Dec 15 02:27:05 2019Sun Dec 15 02:26:58 2019 117.50.11.192 CN1723
Sun Dec 15 02:25:41 2019Thu Aug 22 01:45:42 2019 220.78.223.120 ?5555
Sun Dec 15 02:21:59 2019Mon Dec 2 23:44:48 2019 119.65.57.252 KR5555
Sun Dec 15 02:16:08 2019Thu Dec 5 12:59:40 2019 92.63.194.91 NL1723
Sun Dec 15 02:15:56 2019Sun Dec 15 02:15:56 2019 49.80.203.78 CN1433
Sun Dec 15 02:14:09 2019Sun Jul 14 19:17:30 2019 198.108.66.184 US1433
Sun Dec 15 02:11:43 2019Sat Feb 2 07:27:18 2019 185.176.221.147 LV3389
Sun Dec 15 02:11:37 2019Sun Dec 15 02:11:30 2019 45.225.120.21 BR1433
Sun Dec 15 02:10:55 2019Sun Dec 15 02:10:19 2019 83.102.172.104 RU1433
Sun Dec 15 02:10:19 2019Sat Dec 14 03:09:25 2019 185.156.73.54 NL3167
Sun Dec 15 02:04:10 2019Sun Dec 15 02:03:46 2019 125.77.82.211 CN1433
Sun Dec 15 01:58:18 2019Sun Dec 15 01:58:00 2019 222.86.185.47 CN1433
Sun Dec 15 01:45:26 2019Thu Dec 5 07:24:46 2019 92.118.37.58 EU5662
Sun Dec 15 01:43:27 2019Fri Aug 23 10:35:33 2019 71.6.233.163 US2087
Sun Dec 15 01:40:35 2019Fri Sep 13 18:46:08 2019 159.203.193.47 US50070
Sun Dec 15 01:40:29 2019Thu Jan 24 07:32:22 2019 172.105.197.151 US8888
Sun Dec 15 01:38:12 2019Mon Dec 2 19:45:47 2019 81.22.45.227 RU3926
Sun Dec 15 01:29:17 2019Thu Dec 5 12:58:59 2019 92.63.194.81 NL1723
Sun Dec 15 01:28:47 2019Sun Dec 15 01:27:58 2019 219.147.57.90 CN1433
Last SeenHitsIP AddressCountryHosting Provider
Sun Dec 15 02:30:09 20191256445.141.85.3RUMediaLand
Sun Dec 15 02:34:48 20191121581.22.45.227RUInformation Technologies LLC
Wed Dec 11 17:46:02 2019344681.22.45.201RUInformation Technologies LLC
Sun Dec 15 02:34:13 2019332994.102.53.10NLORG-IVI1-RIPE
Wed Dec 11 17:51:47 2019278645.136.109.227DERU-COMTRADE-20190801
Thu Sep 19 21:50:23 2019277892.119.160.80RUInformation Technologies LLC
Sat Sep 7 00:39:47 20192294185.143.221.187NLinformtech-select
Sun Dec 15 02:19:12 2019223592.118.37.97EUDonner Oleg Alexeevich
Wed Dec 4 12:55:06 2019214345.136.109.224DERU-COMTRADE-20190801
Sun Dec 15 01:58:53 20192083185.209.0.18LVSIA "IT Services"
Mon Dec 9 13:23:03 2019142281.22.45.76RUInformation Technologies LLC
Sun Dec 15 02:08:07 20191312185.209.0.32LVSIA "IT Services"
Sat Dec 14 22:46:08 20191162185.209.0.17LVSIA "IT Services"
Sat Dec 14 22:34:13 20191140185.175.93.105RUIP CHistyakov Mihail Viktorovich
Thu Sep 19 03:15:08 2019112581.22.45.254RUInformation Technologies LLC
Sat Dec 14 20:35:47 20191093185.209.0.33LVSIA "IT Services"
Sat Dec 14 21:36:53 20191084185.209.0.2LVSIA "IT Services"
Sat Dec 14 21:33:00 20191057185.209.0.58LVSIA "IT Services"
Sun Dec 15 00:40:22 2019103589.248.168.62NLORG-IVI1-RIPE
Sun Dec 15 02:13:50 20191006185.156.73.64NLIP Kiktev Nikolay Vladimirovich
Sun Dec 15 02:26:59 201997492.119.160.52RUInformation Technologies LLC
Sun Dec 15 01:40:23 201995792.119.160.143RUInformation Technologies LLC
Sun Dec 15 02:29:33 2019921185.156.73.66NLIP Kiktev Nikolay Vladimirovich
Sun Dec 15 01:37:54 201990592.118.37.55EUDonner Oleg Alexeevich
Sun Dec 15 02:08:13 201986789.248.172.85NLORG-IVI1-RIPE
Sun Dec 15 02:19:30 201982489.248.160.193NLORG-IVI1-RIPE
Sun Dec 15 02:31:14 201982494.102.56.181NLORG-IVI1-RIPE
Sun Dec 15 02:22:29 2019820185.216.140.252NLDEDI-NOVOGARA
Sun Dec 15 02:23:58 201980389.248.168.202NLORG-IVI1-RIPE
Sun Dec 15 02:15:08 201980292.118.37.58EUDonner Oleg Alexeevich
Sun Dec 15 02:08:54 201979480.82.70.239NLORG-IVI1-RIPE
Sun Dec 15 02:22:23 201978192.118.37.53EUDonner Oleg Alexeevich
Sat Dec 14 22:09:56 201975780.82.64.127NLORG-IVI1-RIPE
Sun Dec 15 02:33:49 201973292.118.37.86EUDonner Oleg Alexeevich
Sun Dec 15 02:32:49 201971992.118.37.83EUDonner Oleg Alexeevich
Sat Dec 14 10:31:06 2019706185.153.196.80MDRU-RMENGINEERING-20160524
Sun Dec 15 02:17:25 2019672185.143.221.186NLInformation Technologies LLC
Thu Sep 19 21:15:31 2019644122.228.19.80CNHZZYKJ-WZ
Sat Dec 14 22:40:40 2019634185.209.0.31LVSIA "IT Services"
Sat Dec 14 22:38:34 2019619185.209.0.84LVSIA "IT Services"
Thu Sep 19 21:32:36 201961492.119.160.103RUInformation Technologies LLC
Sun Dec 15 01:10:25 2019592185.175.93.104RUIP CHistyakov Mihail Viktorovich
Sun Dec 15 01:43:27 201955780.82.65.74NLORG-IVI1-RIPE
Tue Aug 27 09:16:41 2019546108.62.202.220USUbiquity Server Solutions Seattle (NTGL-5)
Sat Dec 14 21:52:16 2019527185.209.0.83LVSIA "IT Services"
Thu Sep 19 21:58:54 201945689.248.162.168NLORG-IVI1-RIPE
Sun Dec 15 00:45:08 2019451185.153.198.196MDRU-RMENGINEERING-20160524
Sat Dec 14 19:01:47 201941892.53.65.52RUSELECTEL-NET
Thu Sep 19 21:21:12 201941289.248.162.247NLORG-IVI1-RIPE
Thu Sep 19 20:32:31 2019407185.175.93.18RUIP CHistyakov Mihail Viktorovich
HitsSIDSignature
11983100077MISC MS Terminal Server communication attempt
10033100205MISC Microsoft SQL Server communication attempt
7810564P2P Napster Client Data communication attempt
7069100063BACKDOOR RUX the Tick connection attempt
41812375BACKDOOR DoomJuice file upload attempt
3777100202MISC VNC communication attempt
3470486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
3207510POLICY HP JetDirect LCD communication attempt
1669100090P2P napster communication attempt
1464100082MISC Microsoft PPTP communication attempt
1316100084MISC HP Web JetAdmin communication attempt
954402ICMP Destination Unreachable Port Unreachable
720562P2P Napster Client Data communication attempt
591563P2P Napster Client Data communication attempt
4821846POLICY vncviewer Java applet communication attempt
478100028BACKDOOR netbus Connection Cttempt
3942181P2P BitTorrent communication attempt
291100073MISC PCAnywhere communication attempt
264100204MISC Radmin Default install options attempt
256100112DOS Real Audio Server communication attempt
2271408DOS MSDTC communication attempt
206568POLICY HP JetDirect LCD commnication attempt
170100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
149147BACKDOOR GateCrasher Connection attempt
1421641DOS DB2 dos communication attempt
122119BACKDOOR Doly 2.0 Connection attempt
93207BAD-TRAFFIC data in TCP SYN packet
911987MISC xfs communication attempt
892586P2P eDonkey transfer attempt
89100100FTP Yak! FTP server communication attempt
87208BACKDOOR PhaseZero Server Active on Network
71561P2P Napster Client Data communication attempt
691605DOS iParty DOS attempt
502587P2P eDonkey communication attempt
491636MISC Xtramail communication attempt
421383P2P Fastrack kazaa/morpheus communication attempt
40100044BACKDOOR NetSphere Connection attempt
37152BACKDOOR BackConstruction 2.1 connection attempt
25159BACKDOOR NetMetro File List connection attempt
241985BACKDOOR Doly 1.5 Connection attempt
24100038BACKDOOR - Dagger_1.4.0 Connection attempt
23505MISC Insecure TIMBUKTU communication attempt
21565P2P Napster Server Login communication attempt
152124BACKDOOR Remote PC Access connection attempt
151819MISC Alcatel PABX 4400 connection attempt
15108BACKDOOR QAZ Worm Client Login access
14100064BACKDOOR Asylum 0.1 connection request
141421SNMP AgentX/tcp request
14100040BACKDOOR Infector.1.x Connection attempt
13100203MISC Ghostsurf communication attempt
13599RPC portmap listing TCP 32771
113016BACKDOOR Insane Network 4.0 connection established port 63536
10163BACKDOOR WinCrash 1.0 communication attempt
7107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
7100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
5282DOS arkiea backup communication attempt
5100207BACKDOOR Subseven connection attempt
4100206PSAD-CUSTOM Kuang2 virus communication attempt
4100083MISC LDAP communication attempt
3141BACKDOOR HackAttack 1.20 Connection attempt
3249DDOS mstream client to handler
31843BACKDOOR trinity connection attempt
22182BACKDOOR typot trojan traffic
2230DDOS shaft client login to handler connection attempt
2145BACKDOOR GirlFriend Connection attempt
2100007DDOS Trin00 Attacker to Master connection attempt
2247DDOS mstream client to handler
11853BACKDOOR win-trin00 connection attempt
1153BACKDOOR DonaldDick 1.53 connection attempt
PortHits
2387823
2216549
808014707
8014108
338912335
2541110463
8110273
143310209
85459083
80898826
55557812
222227096
23236173
600015809
4434888
59003808
50383736
33062357
508022343
82912333
63792159
33902125
80882078
90001781
95271720
PortHits
211698
88881674
84431672
33911628
31281619
22221545
251498
17231466
54311447
80001317
33881219
90011216
80811213
270171210
33921166
92001151
90901104
70011069
881066
33991032
50601015
33931015
112111007
33951006
34567969
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify