PORT SCAN ATTACK DETECTOR (PSAD)

This page contains the output of the Port Scan Attack Detector (PSAD) daemon running on my home network.

These statistics have been tracked since Tue Jan 22 17:50:31 2019.  Read more here:  PSAD on Raspberry Pi

Click here to show the various live data being tracked:

Last Attacks  |  Top Attackers  |  Top Signatures  |  Top Ports
Last SeenFirst SeenIP AddressCountryPorts Targeted
Sun Jan 19 10:53:24 2020Wed Dec 4 12:52:28 2019 185.156.73.66 NL3173
Sun Jan 19 10:43:58 2020Thu Dec 5 11:30:42 2019 172.104.76.217 US7777
Sun Jan 19 10:34:01 2020Fri Dec 6 09:41:05 2019 222.186.19.221 CN3129
Sun Jan 19 10:30:28 2020Thu Dec 19 11:22:06 2019 185.156.73.57 NL12345
Sun Jan 19 10:25:50 2020Sun Jan 19 10:25:25 2020 89.34.27.8 RO9001
Sun Jan 19 10:23:08 2020Thu Jan 2 14:27:07 2020 139.162.234.187 NL8443
Sun Jan 19 10:22:22 2020Thu Feb 21 13:27:26 2019 184.105.247.231 US5555
Sun Jan 19 10:21:56 2020Sun Jan 19 10:20:49 2020 183.224.17.137 CN1433
Sun Jan 19 10:20:42 2020Sun Jan 19 10:20:42 2020 218.250.89.163 HK5555
Sun Jan 19 10:16:47 2020Tue Aug 6 10:05:27 2019 169.197.108.196 US8443
Sun Jan 19 10:10:16 2020Sun Jan 19 10:10:08 2020 113.89.59.24 CN5555
Sun Jan 19 10:00:00 2020Wed Sep 11 07:56:50 2019 185.209.0.32 LV6969
Sun Jan 19 09:57:38 2020Wed Dec 4 01:23:25 2019 83.97.20.46 RO8000
Sun Jan 19 09:52:40 2020Thu Feb 21 20:23:15 2019 89.248.168.112 NL3128
Sun Jan 19 09:49:12 2020Mon Dec 30 16:06:18 2019 103.133.107.211 VN3389
Sun Jan 19 09:43:37 2020Sun Jan 19 09:43:30 2020 182.76.15.18 IN1433
Sun Jan 19 09:41:52 2020Tue Feb 26 21:00:57 2019 74.82.47.17 US27017
Sun Jan 19 09:37:46 2020Thu Dec 5 12:29:22 2019 45.141.85.3 RU9475
Sun Jan 19 09:33:33 2020Sun Jan 19 09:33:26 2020 45.77.34.43 SG3389
Sun Jan 19 09:29:40 2020Mon Dec 2 19:42:09 2019 185.209.0.92 LV5800
Last SeenHitsIP AddressCountryHosting Provider
Sun Jan 19 10:53:56 20206855445.141.85.3RUMediaLand
Sun Jan 19 10:53:04 202052828194.26.69.100NLRU-MEDIA-LAND-2-20191120
Sun Jan 19 10:46:02 20201472481.22.45.227RUInformation Technologies LLC
Sat Jan 18 15:15:23 2020793794.102.53.10NLORG-IVI1-RIPE
Wed Jan 15 10:58:27 20207617194.26.69.105NLRU-MEDIA-LAND-2-20191120
Fri Jan 17 09:48:36 20207613194.26.69.103NLRU-MEDIA-LAND-2-20191120
Fri Jan 17 06:04:24 2020750893.174.95.73NLORG-IVI1-RIPE
Fri Jan 17 01:47:27 20207464185.39.10.63CHCO-NETWORKDEDICATED-20131028
Wed Jan 15 11:46:34 20207443194.26.69.106NLRU-MEDIA-LAND-2-20191120
Fri Jan 17 01:38:31 2020736280.82.65.62NLORG-IVI1-RIPE
Sat Jan 18 17:34:54 20206614194.26.69.101NLRU-MEDIA-LAND-2-20191120
Wed Jan 15 06:30:29 2020599545.141.85.4RUMediaLand
Fri Jan 17 02:06:51 2020594480.82.78.192NLORG-IVI1-RIPE
Sun Jan 19 10:53:24 20203854185.156.73.66NLIP Kiktev Nikolay Vladimirovich
Fri Jan 10 05:58:03 2020379692.118.37.55EUDonner Oleg Alexeevich
Sun Jan 19 09:05:46 20203782185.156.73.64NLIP Kiktev Nikolay Vladimirovich
Sun Jan 19 10:20:22 2020362392.118.37.97EUDonner Oleg Alexeevich
Sun Jan 19 10:27:21 2020353645.136.109.87DERU-COMTRADE-20190801
Wed Dec 11 17:46:02 2019344681.22.45.201RUInformation Technologies LLC
Fri Jan 10 05:21:31 2020338892.118.37.53EUDonner Oleg Alexeevich
Thu Jan 9 01:14:47 2020326392.118.37.58EUDonner Oleg Alexeevich
Fri Jan 10 06:06:03 2020296492.118.37.83EUDonner Oleg Alexeevich
Wed Dec 11 17:51:47 2019278645.136.109.227DERU-COMTRADE-20190801
Thu Sep 19 21:50:23 2019277892.119.160.80RUInformation Technologies LLC
Sun Jan 19 10:00:00 20202565185.209.0.32LVSIA "IT Services"
Sat Jan 18 20:01:45 20202440185.209.0.18LVSIA "IT Services"
Sun Jan 19 10:11:48 20202428185.175.93.105RUIP CHistyakov Mihail Viktorovich
Sun Jan 19 10:37:29 2020231492.119.160.52RUInformation Technologies LLC
Sun Jan 19 10:05:37 20202310185.153.196.80MDRU-RMENGINEERING-20160524
Sat Sep 7 00:39:47 20192294185.143.221.187NLinformtech-select
Sun Jan 19 09:26:15 2020227492.119.160.143RUInformation Technologies LLC
Thu Jan 16 02:41:16 20202265185.156.73.52NLIP Kiktev Nikolay Vladimirovich
Sat Jan 4 14:29:14 2020223981.22.45.254RUInformation Technologies LLC
Wed Dec 4 12:55:06 2019214345.136.109.224DERU-COMTRADE-20190801
Wed Jan 8 21:17:34 2020213989.248.168.62NLORG-IVI1-RIPE
Sat Jan 18 23:18:52 20202030185.209.0.17LVSIA "IT Services"
Sun Jan 19 05:11:16 20201998185.175.93.104RUIP CHistyakov Mihail Viktorovich
Sun Jan 19 10:45:23 20201996185.156.73.54NLIP Kiktev Nikolay Vladimirovich
Sat Jan 18 22:17:25 20201962185.209.0.33LVSIA "IT Services"
Sun Jan 19 08:35:36 2020194989.248.172.85NLORG-IVI1-RIPE
Sat Jan 18 22:55:25 20201906185.209.0.58LVSIA "IT Services"
Sat Jan 18 19:16:32 20201890185.209.0.2LVSIA "IT Services"
Sun Jan 19 09:01:13 20201825185.216.140.252NLDEDI-NOVOGARA
Sun Jan 19 10:19:50 2020181780.82.70.239NLORG-IVI1-RIPE
Sun Jan 19 08:38:24 2020181289.248.168.202NLORG-IVI1-RIPE
Sun Jan 19 09:47:48 2020179394.102.56.181NLORG-IVI1-RIPE
Sun Jan 19 09:26:01 2020157580.82.64.127NLORG-IVI1-RIPE
Sun Jan 19 10:03:40 2020153180.82.65.90NLORG-IVI1-RIPE
Fri Jan 10 16:43:38 2020149489.248.160.193NLORG-IVI1-RIPE
Sat Jan 18 23:31:30 20201494185.209.0.84LVSIA "IT Services"
HitsSIDSignature
18994100205MISC Microsoft SQL Server communication attempt
14931100077MISC MS Terminal Server communication attempt
10280564P2P Napster Client Data communication attempt
7171100063BACKDOOR RUX the Tick connection attempt
56762375BACKDOOR DoomJuice file upload attempt
4420100202MISC VNC communication attempt
3945510POLICY HP JetDirect LCD communication attempt
3476486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
2112100090P2P napster communication attempt
2070100084MISC HP Web JetAdmin communication attempt
1957100082MISC Microsoft PPTP communication attempt
1663402ICMP Destination Unreachable Port Unreachable
978562P2P Napster Client Data communication attempt
830563P2P Napster Client Data communication attempt
609100028BACKDOOR netbus Connection Cttempt
5971846POLICY vncviewer Java applet communication attempt
5002181P2P BitTorrent communication attempt
407100073MISC PCAnywhere communication attempt
347100112DOS Real Audio Server communication attempt
308100204MISC Radmin Default install options attempt
2891408DOS MSDTC communication attempt
267568POLICY HP JetDirect LCD commnication attempt
228100041BACKDOOR SatansBackdoor.2.0.Beta, or BackConstruction 2.1 Connection Attempt
215147BACKDOOR GateCrasher Connection attempt
1971641DOS DB2 dos communication attempt
165119BACKDOOR Doly 2.0 Connection attempt
1311987MISC xfs communication attempt
124100100FTP Yak! FTP server communication attempt
1212586P2P eDonkey transfer attempt
117208BACKDOOR PhaseZero Server Active on Network
103561P2P Napster Client Data communication attempt
1021605DOS iParty DOS attempt
93207BAD-TRAFFIC data in TCP SYN packet
801636MISC Xtramail communication attempt
65100044BACKDOOR NetSphere Connection attempt
602587P2P eDonkey communication attempt
56152BACKDOOR BackConstruction 2.1 connection attempt
531383P2P Fastrack kazaa/morpheus communication attempt
45159BACKDOOR NetMetro File List connection attempt
41100038BACKDOOR - Dagger_1.4.0 Connection attempt
391985BACKDOOR Doly 1.5 Connection attempt
31599RPC portmap listing TCP 32771
28505MISC Insecure TIMBUKTU communication attempt
281819MISC Alcatel PABX 4400 connection attempt
26565P2P Napster Server Login communication attempt
252124BACKDOOR Remote PC Access connection attempt
23108BACKDOOR QAZ Worm Client Login access
23100040BACKDOOR Infector.1.x Connection attempt
20100203MISC Ghostsurf communication attempt
181421SNMP AgentX/tcp request
17163BACKDOOR WinCrash 1.0 communication attempt
17100064BACKDOOR Asylum 0.1 connection request
13100206PSAD-CUSTOM Kuang2 virus communication attempt
133016BACKDOOR Insane Network 4.0 connection established port 63536
10100029BACKDOOR NetBus Pro 2.0 Connection Cttempt
10107BACKDOOR Subseven DEFCON8 2.1 connection Attempt
9282DOS arkiea backup communication attempt
9247DDOS mstream client to handler
7249DDOS mstream client to handler
61843BACKDOOR trinity connection attempt
6141BACKDOOR HackAttack 1.20 Connection attempt
6100207BACKDOOR Subseven connection attempt
5100083MISC LDAP communication attempt
5145BACKDOOR GirlFriend Connection attempt
4100007DDOS Trin00 Attacker to Master connection attempt
3153BACKDOOR DonaldDick 1.53 connection attempt
2485ICMP Destination Unreachable Communication Administratively Prohibited
2230DDOS shaft client login to handler connection attempt
22182BACKDOOR typot trojan traffic
11853BACKDOOR win-trin00 connection attempt
PortHits
23105278
143319198
2218762
808018571
8018281
338915365
854512784
8112700
2541110465
555510284
808910272
222227198
23236834
600016473
4436402
50384722
59004453
63792863
82912807
33902796
33062751
80882532
508022421
90002259
84432165
PortHits
33912118
88882117
212094
80002072
31282044
17231959
22221832
95271774
80811771
881611
33881598
90901584
270171584
92001549
251498
33921497
54311464
50601408
90011397
70011363
33991335
33931298
33951275
33941219
112111211
The script to generate this HTML from PSAD output data can be downloaded here:  https://github.com/disloops/psadify