PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Mon Aug 3 00:30:15 2020.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Last Attacks  |  Top Attackers  |  Top Signatures  |  Top Ports
Last SeenFirst SeenIP AddressCountryPorts Targeted
Mon May 17 11:52:20 2021Mon May 17 11:51:58 2021 167.99.123.250 US1433
Mon May 17 11:50:29 2021Wed Apr 21 19:11:07 2021 192.241.212.76 US44818
Mon May 17 11:37:49 2021Mon May 17 11:37:34 2021 112.141.210.9 AU8728
Mon May 17 11:37:34 2021Thu Sep 24 04:47:55 2020 200.68.38.30 CL1433
Mon May 17 11:35:14 2021Tue Nov 17 17:37:26 2020 194.165.16.4 EU1889-9890
Mon May 17 11:28:42 2021Mon May 17 11:28:41 2021 116.4.97.30 CN1433
Mon May 17 11:20:37 2021Fri Dec 4 11:44:02 2020 193.176.251.232 UA1433
Mon May 17 11:19:14 2021Thu Apr 22 21:36:54 2021 192.241.202.82 US5631
Mon May 17 11:10:42 2021Thu May 13 04:06:23 2021 147.135.236.164 NL2375
Mon May 17 10:44:42 2021Mon May 17 10:44:33 2021 171.101.116.249 TH8728
Mon May 17 10:40:54 2021Mon May 17 10:40:46 2021 178.72.68.244 RU5555
Mon May 17 10:38:28 2021Thu Oct 22 04:11:55 2020 185.220.205.213 NL6881
Mon May 17 10:32:34 2021Tue Sep 15 01:13:35 2020 117.50.11.192 CN5555
Mon May 17 10:09:44 2021Thu Aug 27 00:59:42 2020 185.200.118.41 GB3389
Mon May 17 10:04:47 2021Mon Apr 26 14:35:48 2021 205.185.127.25 US5555
Mon May 17 10:00:04 2021Fri May 14 19:21:35 2021 195.230.103.242 DE3389
Mon May 17 09:52:04 2021Mon Apr 19 21:46:29 2021 192.241.220.128 US4899
Mon May 17 09:44:12 2021Mon May 17 09:44:05 2021 205.185.122.173 US1433
Mon May 17 09:44:05 2021Mon May 17 09:43:57 2021 103.100.159.110 HK1433
Mon May 17 09:41:12 2021Mon May 17 09:41:11 2021 143.198.106.77 US7777
Last SeenHitsIP AddressCountryHosting Provider
Sat Mar 13 06:18:50 202130613194.147.140.83SCLeading Mechanical Industry PJS
Thu Jan 7 21:53:03 202129919193.27.229.94RUStarcrecium Limited
Thu Jan 7 21:48:45 202129705193.27.229.93RUStarcrecium Limited
Mon May 17 11:54:52 20212176445.155.205.31RUStarcrecium Limited
Mon May 10 15:00:49 20211942745.155.205.34RUStarcrecium Limited
Wed Jan 27 06:13:48 20211644445.146.166.126RUStarcrecium Limited
Wed Jan 27 11:44:19 20211633345.146.166.127RUStarcrecium Limited
Wed Jan 27 14:42:19 20211626545.134.26.169RUStarcrecium Limited
Wed Jan 27 15:26:51 20211601145.146.165.128RUStarcrecium Limited
Wed Jan 27 19:16:56 20211490445.146.166.162RUStarcrecium Limited
Thu Jan 7 18:19:49 20211273645.129.33.41EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 05:56:59 20211264845.129.33.24EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 05:46:38 20211240845.129.33.12EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:23:56 20211238745.129.33.13EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:24:24 20211218545.129.33.9EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:19:15 20211214845.129.33.10EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:17:19 20211204445.129.33.8EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 05:26:21 20211193845.129.33.15EUMaximilian Kutzner trading as HostSlick
Wed Jan 13 02:19:21 20211170545.129.33.60EUMaximilian Kutzner trading as HostSlick
Thu Aug 27 21:38:23 202011487194.26.29.104RURU-MEDIA-LAND-2-20191120
Thu Mar 18 07:06:33 202111322194.26.27.101RURU-MEDIA-LAND-2-20191120
Thu Aug 27 21:34:35 202011304194.26.29.102RURU-MEDIA-LAND-2-20191120
Mon Mar 22 03:12:44 202111222135.181.219.37NLRIPE Network Coordination Centre (RIPE)
Thu Apr 15 14:24:59 202111058195.54.160.155RUStarcrecium Limited
Wed Jan 20 08:02:09 20211087151.77.86.185DESD-LIM-113A-10G-HG
Tue Apr 20 06:54:08 20211081845.155.205.32RUStarcrecium Limited
Wed Mar 10 10:24:58 20211061794.102.51.17NLORG-IVI1-RIPE
Wed Jan 13 04:01:11 20211053145.129.33.43EUMaximilian Kutzner trading as HostSlick
Wed Jan 13 03:03:35 20211047545.129.33.57EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:06:55 20211029845.129.33.84EUMaximilian Kutzner trading as HostSlick
Tue Jan 12 06:27:17 20211004445.129.33.82EUMaximilian Kutzner trading as HostSlick
Thu Apr 15 14:27:31 20219831185.156.73.57NLIP Kiktev Nikolay Vladimirovich
Tue Jan 12 05:53:52 2021969445.129.33.129EUMaximilian Kutzner trading as HostSlick
Mon May 17 11:52:48 2021965992.63.197.74UAIP Kiktev Nikolay Vladimirovich
Mon Apr 26 23:08:36 2021957345.155.205.33RUStarcrecium Limited
Fri Feb 5 04:42:59 2021931292.63.197.18UAIP Kiktev Nikolay Vladimirovich
Mon Dec 21 17:49:43 2020923351.161.14.102EUNON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
Sat Mar 27 19:13:40 2021906645.135.232.23RUStarcrecium Limited
Tue Jan 12 06:22:27 2021892345.129.33.6EUMaximilian Kutzner trading as HostSlick
Wed Feb 10 10:06:04 2021884683.97.20.35ROOvO Systems Ltd
Sun May 16 10:25:09 2021884145.143.200.6BGKorotkij Denis Aleksandrovich
Wed Jan 13 02:42:47 2021850045.129.33.48EUMaximilian Kutzner trading as HostSlick
Tue Mar 16 04:41:38 20218464141.98.80.242EUCLOUD-CDN-NET
Fri May 14 06:25:45 20218402195.54.160.228RUStarcrecium Limited
Thu Mar 11 09:53:04 2021838480.82.78.82NLORG-IVI1-RIPE
Tue Mar 23 13:35:13 2021838145.135.232.21RUStarcrecium Limited
Tue Mar 23 13:27:09 2021824145.135.232.22RUStarcrecium Limited
Sun May 16 23:04:01 2021823392.63.196.33NLRomanenko Stanislav Sergeevich
Tue Feb 9 13:26:08 2021821292.63.197.16UAIP Kiktev Nikolay Vladimirovich
Tue Jan 12 05:49:31 2021818145.129.33.5EUMaximilian Kutzner trading as HostSlick
HitsSIDSignature
50372100205MISC Microsoft SQL Server communication attempt
28887100077MISC MS Terminal Server communication attempt
16629564P2P Napster Client Data communication attempt
157762375BACKDOOR DoomJuice file upload attempt
6931510POLICY HP JetDirect LCD communication attempt
6062100202MISC VNC communication attempt
4812100090P2P napster communication attempt
4784100084MISC HP Web JetAdmin communication attempt
3871100082MISC Microsoft PPTP communication attempt
3761562P2P Napster Client Data communication attempt
1863563P2P Napster Client Data communication attempt
14791846POLICY vncviewer Java applet communication attempt
1386100063BACKDOOR RUX the Tick connection attempt
1278100028BACKDOOR netbus Connection Cttempt
1212100204MISC Radmin Default install options attempt
11182181P2P BitTorrent communication attempt
908100073MISC PCAnywhere communication attempt
774568POLICY HP JetDirect LCD commnication attempt
7201408DOS MSDTC communication attempt
669561P2P Napster Client Data communication attempt
648100112DOS Real Audio Server communication attempt
5771641DOS DB2 dos communication attempt
557100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
553147BACKDOOR GateCrasher Connection attempt
466119BACKDOOR Doly 2.0 Connection attempt
450100100FTP Yak! FTP server communication attempt
3982586P2P eDonkey transfer attempt
3801605DOS iParty DOS attempt
307208BACKDOOR PhaseZero Server Active on Network
2791987MISC xfs communication attempt
233152BACKDOOR BackConstruction 2.1 connection attempt
188100044BACKDOOR NetSphere Connection attempt
1812587P2P eDonkey communication attempt
180100038BACKDOOR - Dagger_1.4.0 Connection attempt
1611636MISC Xtramail communication attempt
154565P2P Napster Server Login communication attempt
1371985BACKDOOR Doly 1.5 Connection attempt
1301383P2P Fastrack kazaa/morpheus communication attempt
124159BACKDOOR NetMetro File List connection attempt
101100040BACKDOOR Infector.1.x Connection attempt
88100203MISC Ghostsurf communication attempt
81505MISC Insecure TIMBUKTU communication attempt
77108BACKDOOR QAZ Worm Client Login access
761421SNMP AgentX/tcp request
72207BAD-TRAFFIC data in TCP SYN packet
71163BACKDOOR WinCrash 1.0 communication attempt
671819MISC Alcatel PABX 4400 connection attempt
66599RPC portmap listing TCP 32771
63100083MISC LDAP communication attempt
62282DOS arkiea backup communication attempt
582124BACKDOOR Remote PC Access connection attempt
44107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
40100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
40247DDOS mstream client to handler
36100206PSAD-CUSTOM Kuang2 virus communication attempt
34100064BACKDOOR Asylum 0.1 connection request
33249DDOS mstream client to handler
30153BACKDOOR DonaldDick 1.53 connection attempt
28145BACKDOOR GirlFriend Connection attempt
271843BACKDOOR trinity connection attempt
25100207BACKDOOR Subseven connection attempt
22141BACKDOOR HackAttack 1.20 Connection attempt
20100007DDOS Trin00 Attacker to Master connection attempt
93016BACKDOOR Insane Network 4.0 connection established port 63536
3613SCAN myscan
2230DDOS shaft client login to handler connection attempt
12182BACKDOOR typot trojan traffic
PortHits
23140861
143351082
2247710
8037514
808029478
338929329
44328260
844317218
637917110
555516635
8116387
808911478
85459632
50388101
23237082
80816740
23756375
59006122
33905863
82915671
92005659
33065238
112114850
88884816
214801
PortHits
80004786
508024681
31284600
80884514
54324204
33914194
264191
17233871
270173865
23763863
90003765
77773761
33883620
70013399
50603357
22223282
33923271
87283209
99993126
600013105
42433010
104432982
50002981
95302882
45672854
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify