Port Scanner data for 2024-02-04 13:02

Top Crackers IP Addresses/Countries
SRC IP	Count	Country
167.99.127.131	337064	United States
147.182.194.169	244733	United States
67.207.93.39	233130	United States
137.184.50.236	175713	United States
128.254.194.9	23534	United States
89.248.163.113	7182	Netherlands
172.245.75.11	3901	United States
13.107.5.93	3833	United States
172.245.75.28	3817	United States
158.255.7.153	2825	Russia
106.245.253.150	2750	South Korea
80.66.83.165	2550	Netherlands
124.222.197.135	2223	China
106.14.145.14	2181	China
152.199.4.33	2119	United States
118.89.200.159	2094	China
150.158.50.247	2024	China
118.178.229.234	1997	China
124.223.81.112	1989	China
36.138.248.95	1974	China
36.138.197.31	1930	China
101.89.216.223	1923	China
106.53.74.140	1898	China
120.79.34.147	1895	China
124.223.73.187	1852	China
112.74.50.108	1843	China
121.40.214.119	1806	China
36.99.46.20	1778	China
106.55.7.207	1721	China
120.71.146.106	1637	China
106.54.181.82	1584	China
124.223.169.131	1565	China
106.58.208.39	1503	China
116.253.215.204	1330	China
34.117.59.81	1323	United States
122.112.138.255	1111	China
77.90.185.150	1110	Netherlands
123.207.59.41	1043	China
13.107.42.18	1042	United States
125.124.103.150	1015	China

Top Target Ports
Target Port	Count	Description
5900	1072866	('rfb', 'Remote Framebuffer')
443	8790	('https', 'HTTPS')
80	4673	('http', 'HTTP')
23	2959	('telnet', 'Telnet')
143	2167	('', 'Reserved')
25	1762	('smtp', 'Simple Mail Transfer')
6379	748	('', 'Reserved')
22	664	('ssh', 'SSH')
993	567	('', 'Reserved')
8080	504	('http-alt', 'HTTP Alternate (see port 80)')
110	449	('pop3', 'Post Office Protocol - Version 3')
995	390	('pop3s', 'pop3 protocol over TLS/SSL (was spop3)')
3389	384	('ms-wbt-server', 'MS WBT Server')
8443	343	('pcsync-https', 'PCsync HTTPS')
1433	261	('ms-sql-s', 'Microsoft-SQL-Server')
81	183	('', 'Unassigned')
8081	152	('sunproxyadmin', 'Sun Proxy Admin Service')
55122	143	Unk
35264	142	Unk
41830	138	Unk
2375	136	('', 'Reserved')
5555	128	('personal-agent', 'Personal Agent')
4719	126	Unk
3128	119	('ndl-aas', 'Active API Server Port')
51764	118	Unk
2376	116	('docker-s', 'Docker REST API (ssl)')
53304	116	Unk
2222	113	('EtherNet/IP-1', 'EtherNet/IP I/O')
51478	111	Unk
45306	111	Unk
50780	110	Unk
42998	100	Unk

Port Bar Plot
So... what do you think the worldwide cracker web is looking for? Well, they are looking for hosts with inadvertantly unsecured Remote Frame Buffer (RFB) processes running on port 5900. Also known as VNC, these processes provide remote terminal access to the machine AS IF YOU ARE SITTING AT THE CONSOLE. This is bad. Bad. Bad. To see the preponderance of 5900 scans... check out the Port plot. Also note that the second most popular port to be scanned was hhe ever popular email port, port 25. If the email is open, login attempts are made and a humorous collection of Username/Password combinatins are tried. Yes, the obvious are still the favored Username/Password pairs.

Port Bar Plot

So... what do you think the worldwide cracker web is looking for? Well, they are looking for hosts with inadvertantly unsecured Remote Frame Buffer (RFB) processes running on port 5900. Also known as VNC, these processes provide remote terminal access to the machine AS IF YOU ARE SITTING AT THE CONSOLE.

This is bad. Bad. Bad.

To see the preponderance of 5900 scans... check out the Port plot.

Also note that the second most popular port to be scanned was hhe ever popular email port, port 25. If the email is open, login attempts are made and a humorous collection of Username/Password combinatins are tried. Yes, the obvious are still the favored Username/Password pairs.