PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Thu Jun 25 23:52:36 2020.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Last Attacks  |  Top Attackers  |  Top Signatures  |  Top Ports
Last SeenFirst SeenIP AddressCountryPorts Targeted
Sun Jul 12 21:22:35 2020Sun Jul 12 21:22:25 2020 118.140.150.74 HK3389
Sun Jul 12 21:07:29 2020Sun Jul 12 21:06:58 2020 1.62.140.195 CN1433
Sun Jul 12 21:07:23 2020Fri Jul 3 00:06:03 2020 222.186.61.19 CN9001
Sun Jul 12 21:06:08 2020Sat Jul 11 06:49:59 2020 162.243.128.96 US587
Sun Jul 12 21:05:11 2020Sun Jul 12 21:05:09 2020 218.149.178.4 ?5555
Sun Jul 12 20:44:07 2020Mon Jun 29 09:21:15 2020 185.200.118.57 GB1723
Sun Jul 12 20:36:37 2020Thu Jul 9 05:16:19 2020 185.156.73.65 NL3066
Sun Jul 12 20:30:48 2020Sun Jun 28 12:51:35 2020 104.206.128.62 US3389
Sun Jul 12 20:28:51 2020Fri Jul 10 19:43:54 2020 192.241.235.112 US1126
Sun Jul 12 20:18:11 2020Mon Jun 29 15:49:53 2020 106.12.28.157 CN4371
Sun Jul 12 20:10:58 2020Sun Jul 12 20:10:57 2020 129.205.118.115 MU1433
Sun Jul 12 20:10:26 2020Wed Jul 1 08:46:45 2020 106.37.74.142 CN2957
Sun Jul 12 20:00:21 2020Sun Jul 12 20:00:02 2020 112.119.249.248 HK5555
Sun Jul 12 19:59:06 2020Sat Jun 27 14:22:18 2020 194.61.27.247 NL3389
Sun Jul 12 19:50:54 2020Sun Jul 12 19:50:45 2020 222.184.250.250 CN1433
Sun Jul 12 19:48:59 2020Tue Jul 7 08:28:23 2020 220.195.127.202 CN1433
Sun Jul 12 19:46:18 2020Sun Jul 12 19:46:11 2020 190.117.207.222 PE1433
Sun Jul 12 19:43:47 2020Thu Jul 9 19:31:35 2020 162.243.129.241 US5601
Sun Jul 12 19:37:46 2020Sat Jun 27 05:31:10 2020 185.232.30.130 EE12389
Sun Jul 12 19:32:02 2020Sun Jul 12 19:31:37 2020 185.136.77.98 RU3389
Last SeenHitsIP AddressCountryHosting Provider
Sun Jul 12 21:14:33 202012105185.156.73.52NLIP Kiktev Nikolay Vladimirovich
Sun Jul 12 21:13:18 20207707223.71.167.165CNChina Mobile
Sat Jul 11 04:06:05 20207497194.26.29.107RURU-MEDIA-LAND-2-20191120
Sun Jun 28 04:50:11 20206891185.209.0.32LVSIA "IT Services"
Sun Jul 12 20:31:27 20205159185.175.93.3RUIP CHistyakov Mihail Viktorovich
Sun Jun 28 04:01:51 20204285185.209.0.89LVSIA "IT Services"
Sun Jun 28 05:03:36 20204229185.209.0.91LVSIA "IT Services"
Fri Jun 26 21:27:34 20203495185.209.0.18LVSIA "IT Services"
Sun Jul 12 20:53:51 2020348383.97.20.35ROOvO Systems Ltd
Sun Jun 28 05:23:15 2020267145.145.66.10RURU-HOSTWAY-20200514
Sun Jun 28 01:37:13 2020265845.145.66.11RURU-HOSTWAY-20200514
Sun Jul 12 21:09:53 20202613185.176.27.102BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:24:42 20202505185.176.27.30BGIP Dunaev Yuriy Vyacheslavovich
Fri Jul 10 22:07:04 202021132601:0981:c200:014e:91f5:9183:128c:a0b6?Comcast Cable Communications, LLC (CCCS)
Sun Jul 12 21:09:41 202019352601:0981:c200:014e:0208:a2ff:fe0a:49b6USComcast Cable Communications, LLC (CCCS)
Fri Jul 10 22:07:04 202017092601:0981:c200:014e:0000:0000:0000:155aUSComcast Cable Communications, LLC (CCCS)
Sun Jul 12 21:22:54 20201611185.176.27.170BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:31:20 20201561185.176.27.86BGIP Dunaev Yuriy Vyacheslavovich
Wed Jul 8 23:18:42 2020155945.145.66.21RURU-HOSTWAY-20200514
Sun Jul 12 20:01:21 20201549185.176.27.182BGIP Dunaev Yuriy Vyacheslavovich
Thu Jul 9 01:12:51 2020151545.145.66.22RURU-HOSTWAY-20200514
Sun Jul 12 20:48:54 20201514185.176.27.46BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:17:03 20201510185.176.27.186BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:53:12 20201497185.176.27.198BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:07:35 20201481185.176.27.178BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:10:06 2020147945.145.66.5RURU-HOSTWAY-20200514
Sun Jul 12 21:08:31 20201477185.176.27.206BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 14:29:42 20201464195.54.160.202RURU-HOSTWAY-20191220
Sun Jul 12 20:14:07 20201460185.176.27.18BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 19:57:13 20201458185.176.27.106BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:20:15 2020145192.63.197.83UAIP Kiktev Nikolay Vladimirovich
Sun Jul 12 20:55:17 20201448185.176.27.90BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:58:12 20201446185.176.27.110BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:53:38 20201439185.176.27.254BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:47:51 20201432185.176.27.242BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:06:08 20201427185.176.27.118BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:18:55 20201424185.176.27.126BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:18:36 20201423185.176.27.246BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:14:08 20201387185.176.27.214BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 20:34:46 2020136592.63.196.28RUORG-OA984-RIPE
Sun Jul 12 20:59:09 2020135992.63.196.29RUORG-OA984-RIPE
Sun Jul 12 20:51:11 20201348185.176.27.38BGIP Dunaev Yuriy Vyacheslavovich
Sun Jul 12 21:05:49 2020133192.63.197.74UAIP Kiktev Nikolay Vladimirovich
Sun Jul 12 20:51:39 2020132192.63.196.27RUORG-OA984-RIPE
Sun Jul 12 20:56:01 2020130892.63.196.25RUORG-OA984-RIPE
Sun Jul 12 13:10:11 20201244195.54.160.201RURU-HOSTWAY-20191220
Sun Jul 12 14:47:49 20201228195.54.160.203RURU-HOSTWAY-20191220
Sun Jul 12 14:59:01 20201222195.54.161.28RURU-HOSTWAY-20191220
Sun Jul 12 16:54:35 20201130185.39.10.3CHCO-NETWORKDEDICATED-20131028
Sun Jul 12 14:57:59 20201100185.156.73.54NLIP Kiktev Nikolay Vladimirovich
HitsSIDSignature
45606100205MISC Microsoft SQL Server communication attempt
27016100077MISC MS Terminal Server communication attempt
20244564P2P Napster Client Data communication attempt
116452375BACKDOOR DoomJuice file upload attempt
7687100063BACKDOOR RUX the Tick connection attempt
7183100202MISC VNC communication attempt
6486510POLICY HP JetDirect LCD communication attempt
5615100084MISC HP Web JetAdmin communication attempt
4249402ICMP Destination Unreachable Port Unreachable
3778100090P2P napster communication attempt
3516486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
3037100082MISC Microsoft PPTP communication attempt
2249562P2P Napster Client Data communication attempt
1784563P2P Napster Client Data communication attempt
12361846POLICY vncviewer Java applet communication attempt
1065100028BACKDOOR netbus Connection Cttempt
9512181P2P BitTorrent communication attempt
838100073MISC PCAnywhere communication attempt
6471408DOS MSDTC communication attempt
634100204MISC Radmin Default install options attempt
633100112DOS Real Audio Server communication attempt
516568POLICY HP JetDirect LCD commnication attempt
483100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
483147BACKDOOR GateCrasher Connection attempt
4091641DOS DB2 dos communication attempt
340119BACKDOOR Doly 2.0 Connection attempt
2821605DOS iParty DOS attempt
278208BACKDOOR PhaseZero Server Active on Network
267100100FTP Yak! FTP server communication attempt
2521987MISC xfs communication attempt
251561P2P Napster Client Data communication attempt
2392586P2P eDonkey transfer attempt
164152BACKDOOR BackConstruction 2.1 connection attempt
1521636MISC Xtramail communication attempt
120100044BACKDOOR NetSphere Connection attempt
1161383P2P Fastrack kazaa/morpheus communication attempt
1142587P2P eDonkey communication attempt
97100038BACKDOOR - Dagger_1.4.0 Connection attempt
93159BACKDOOR NetMetro File List connection attempt
93207BAD-TRAFFIC data in TCP SYN packet
881985BACKDOOR Doly 1.5 Connection attempt
72599RPC portmap listing TCP 32771
621819MISC Alcatel PABX 4400 connection attempt
58108BACKDOOR QAZ Worm Client Login access
53505MISC Insecure TIMBUKTU communication attempt
52100203MISC Ghostsurf communication attempt
52100040BACKDOOR Infector.1.x Connection attempt
51565P2P Napster Server Login communication attempt
47163BACKDOOR WinCrash 1.0 communication attempt
451421SNMP AgentX/tcp request
452124BACKDOOR Remote PC Access connection attempt
33282DOS arkiea backup communication attempt
32100206PSAD-CUSTOM Kuang2 virus communication attempt
313016BACKDOOR Insane Network 4.0 connection established port 63536
30100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
28100064BACKDOOR Asylum 0.1 connection request
25107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
23100083MISC LDAP communication attempt
22249DDOS mstream client to handler
22247DDOS mstream client to handler
19141BACKDOOR HackAttack 1.20 Connection attempt
17153BACKDOOR DonaldDick 1.53 connection attempt
15100007DDOS Trin00 Attacker to Master connection attempt
151843BACKDOOR trinity connection attempt
14100207BACKDOOR Subseven connection attempt
13145BACKDOOR GirlFriend Connection attempt
82100366GPL ICMP_INFO PING *NIX
8366ICMP PING *NIX
82100368GPL ICMP_INFO PING BSDtype
8384ICMP PING
8368ICMP PING BSDtype
7230DDOS shaft client login to handler connection attempt
42182BACKDOOR typot trojan traffic
22003319ET P2P Edonkey Search Request (search by name)
2485ICMP Destination Unreachable Communication Administratively Prohibited
21281RPC portmap listing UDP 32771
11853BACKDOOR win-trin00 connection attempt
PortHits
12554261966
23179357
143346031
8035073
808031404
2230672
338927693
8123277
854521063
555520248
808914282
44313290
2541110472
232310144
600019181
222227716
50387454
59007241
80886567
63796373
82915890
125935647
80005619
33905359
84435184
PortHits
885008
33064611
33914010
213998
31283956
263950
80813917
88883785
92003772
90003723
95303561
22223268
112113204
33883195
270173167
45673052
17233039
508022927
33922907
90902774
33992592
54322578
33932549
33952519
50002511
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify