Port Scanner data for 2024-02-04 13:02

Top Crackers IP Addresses/Countries
SRC IPCountCountry
167.99.127.131 337064 United States
147.182.194.169 244733 United States
67.207.93.39 233130 United States
137.184.50.236 175713 United States
128.254.194.9 23534 United States
89.248.163.113 7182 Netherlands
172.245.75.11 3901 United States
13.107.5.93 3833 United States
172.245.75.28 3817 United States
158.255.7.153 2825 Russia
106.245.253.150 2750 South Korea
80.66.83.165 2550 Netherlands
124.222.197.135 2223 China
106.14.145.14 2181 China
152.199.4.33 2119 United States
118.89.200.159 2094 China
150.158.50.247 2024 China
118.178.229.234 1997 China
124.223.81.112 1989 China
36.138.248.95 1974 China
36.138.197.31 1930 China
101.89.216.223 1923 China
106.53.74.140 1898 China
120.79.34.147 1895 China
124.223.73.187 1852 China
112.74.50.108 1843 China
121.40.214.119 1806 China
36.99.46.20 1778 China
106.55.7.207 1721 China
120.71.146.106 1637 China
106.54.181.82 1584 China
124.223.169.131 1565 China
106.58.208.39 1503 China
116.253.215.204 1330 China
34.117.59.81 1323 United States
122.112.138.255 1111 China
77.90.185.150 1110 Netherlands
123.207.59.41 1043 China
13.107.42.18 1042 United States
125.124.103.150 1015 China

Top Target Ports
Target PortCountDescription
5900 1072866 ('rfb', 'Remote Framebuffer')
443 8790 ('https', 'HTTPS')
80 4673 ('http', 'HTTP')
23 2959 ('telnet', 'Telnet')
143 2167 ('', 'Reserved')
25 1762 ('smtp', 'Simple Mail Transfer')
6379 748 ('', 'Reserved')
22 664 ('ssh', 'SSH')
993 567 ('', 'Reserved')
8080 504 ('http-alt', 'HTTP Alternate (see port 80)')
110 449 ('pop3', 'Post Office Protocol - Version 3')
995 390 ('pop3s', 'pop3 protocol over TLS/SSL (was spop3)')
3389 384 ('ms-wbt-server', 'MS WBT Server')
8443 343 ('pcsync-https', 'PCsync HTTPS')
1433 261 ('ms-sql-s', 'Microsoft-SQL-Server')
81 183 ('', 'Unassigned')
8081 152 ('sunproxyadmin', 'Sun Proxy Admin Service')
55122 143 Unk
35264 142 Unk
41830 138 Unk
2375 136 ('', 'Reserved')
5555 128 ('personal-agent', 'Personal Agent')
4719 126 Unk
3128 119 ('ndl-aas', 'Active API Server Port')
51764 118 Unk
2376 116 ('docker-s', 'Docker REST API (ssl)')
53304 116 Unk
2222 113 ('EtherNet/IP-1', 'EtherNet/IP I/O')
51478 111 Unk
45306 111 Unk
50780 110 Unk
42998 100 Unk

Port Bar Plot
  • So... what do you think the worldwide cracker web is looking for? Well, they are looking for hosts with inadvertantly unsecured Remote Frame Buffer (RFB) processes running on port 5900. Also known as VNC, these processes provide remote terminal access to the machine AS IF YOU ARE SITTING AT THE CONSOLE.

    This is bad. Bad. Bad.

    To see the preponderance of 5900 scans... check out the Port plot.

  • Also note that the second most popular port to be scanned was hhe ever popular email port, port 25. If the email is open, login attempts are made and a humorous collection of Username/Password combinatins are tried. Yes, the obvious are still the favored Username/Password pairs.