Uninvited guests randomly scanning my honeypot.
No DNS = IOT device or ??
Count | IP Address | Port | DNS (if available)
APNIC (Asia)
1 103.218.100.242 2323
1 103.219.246.174 23
1 103.29.69.96 554 96.69.29.103.in-addr.arpa. 81788 IN PTR li1542-96.members.linode.com.
1 103.50.4.26 23
1 103.79.143.231 22
1 103.79.143.232 22
[ ^^ Typo or looking for 22 (SSH) ]
1 106.111.110.147 23
1 110.17.165.146 1433
1 110.8.84.206 1433
1 111.40.166.130 22
1 111.51.27.231 23
1 111.9.180.188 1433
1 111.91.144.95 1900
1 111.91.148.45 1900
[ ^^ Looking for 1900 ~ popular in Asia]
1 112.53.235.40 23
1 113.128.64.128 23
1 113.224.152.95 23
1 113.235.19.185 23
1 113.30.60.166 1900
1 114.199.214.140 1900
1 114.219.158.32 23
1 115.72.154.122 23 122.154.72.115.in-addr.arpa. 80342 IN PTR adsl.viettel.vn.
1 116.232.85.239 23
1 116.97.239.78 81
1 117.199.230.116 23
1 117.222.180.30 445
1 117.34.72.18 23
1 118.69.197.149 1433
1 119.57.141.165 23
1 120.142.132.198 1900
1 120.210.134.26 23
1 121.199.4.219 1433
1 121.250.100.7 1433
1 121.254.246.12 1433
[ ^^ Looking for 1433 (SQL Server)]
1 122.114.169.198 1433
1 122.114.169.198 23
1 122.114.182.100 1433
1 122.114.182.230 1433
1 122.114.39.80 23
1 122.114.46.62 1433
1 122.114.49.115 23
[ ^^ Likely a bad network looking to exploit port 23 (telnet) and 1433 (SQL Server)]
1 122.116.159.107 32761 107.159.116.122.in-addr.arpa. 38775 IN PTR 122-116-159-107.HINET-IP.hinet.net.
1 122.128.249.38 1900
1 122.194.229.10 8080
1 123.100.168.114 1900
1 123.133.65.58 993
1 123.207.111.120 23
1 123.207.126.103 23
1 123.207.159.29 1433
1 124.195.171.85 1900
1 125.211.221.233 1433
1 128.114.234.201 3389 201.234.114.128.in-addr.arpa. 24617 IN PTR dhcp-234-201.ucsc.edu.
1 14.118.251.235 23
1 14.210.166.26 23
1 180.106.225.30 22
1 180.112.96.16 23
1 180.114.97.146 23
1 182.100.67.118 22
1 182.130.183.118 23
1 182.69.57.241 23 241.57.69.182.in-addr.arpa. 81981 IN PTR abts-north-dynamic-241.57.69.182.airtelbroadband.in.
1 183.93.223.235 2222
1 202.65.220.205 1433 205.220.65.202.in-addr.arpa. 82060 IN PTR static-ip-205-220-65-202.rev.dyxnet.com.
1 203.189.83.131 23 131.83.189.203.in-addr.arpa. 3600 IN PTR 203-189-83-131.dynamic.acenet.com.au.
1 203.195.147.204 1433
1 203.50.80.157 0 157.80.50.203.in-addr.arpa. 82094 IN PTR gigabitethernet0-1.win17.melbourne.telstra.net.
1 210.48.154.99 52306 99.154.48.210.in-addr.arpa. 3216 IN PTR quid.centralmalaysia.com.
1 210.48.154.99 57845 99.154.48.210.in-addr.arpa. 3211 IN PTR quid.centralmalaysia.com.
1 210.48.154.99 65439 99.154.48.210.in-addr.arpa. 3206 IN PTR quid.centralmalaysia.com.
1 211.143.111.235 23
1 211.159.172.178 23
1 211.176.166.179 1900
1 218.60.136.106 22 106.136.60.218.in-addr.arpa. 139 IN PTR cncln.online.ln.cn.
1 218.62.97.247 23 247.97.62.218.in-addr.arpa. 82769 IN PTR 247.97.62.218.adsl-pool.jlccptt.net.cn.
1 219.153.18.157 22
1 220.85.169.58 23
1 222.186.134.8 808
1 222.186.39.41 2433
1 222.186.39.61 1433
1 222.186.58.161 9200
1 222.186.58.172 1533
1 222.220.92.86 23
1 222.34.18.27 0
1 222.81.144.20 23
1 223.3.39.9 22
1 223.3.39.9 2222
1 23.235.162.41 3389
1 27.153.124.59 23 59.124.153.27.in-addr.arpa. 82294 IN PTR 59.124.153.27.broad.qz.fj.dynamic.163data.com.cn.
1 27.3.89.163 23
1 36.110.169.36 1433
1 39.32.197.63 81
1 42.2.40.118 22 118.40.2.42.in-addr.arpa. 81624 IN PTR 42-2-40-118.static.netvigator.com.
1 42.51.16.5 3306 5.16.51.42.in-addr.arpa. 300 IN PTR htuidc.bgp.ip.
1 43.230.114.115 2433
1 43.240.245.45 23
1 43.240.245.88 23
1 49.81.19.231 0
1 59.110.136.70 3306
[ ^^ Trying to connect to MySQL]
1 59.45.175.192 22
1 60.190.67.253 0
[ ^^ 0 is an invalid port ]
1 60.191.38.77 1962
1 58.143.3.75 3389
3 210.6.141.217 23 217.141.6.210.in-addr.arpa. 80908 IN PTR 210006141217.ctinets.com.1 43.240.245.45 23
1 43.240.245.88 23
1 49.81.19.231 0
1 59.110.136.70 3306
[ ^^ Trying to connect to MySQL]
1 60.190.67.253 0
[ ^^ 0 is an invalid port ]
1 58.143.3.75 3389
1 107.150.2.67 3306 67.2.150.107.in-addr.arpa. 83460 IN PTR 107.150.2.67.static.quadranet.com.
1 108.176.247.184 445 184.247.176.108.in-addr.arpa. 83551 IN PTR cpe-108-176-247-184.twcny.res.rr.com.
[ ^^ 445 - block it! Or pay the price...]
1 141.212.122.17 1900 17.122.212.141.in-addr.arpa. 900 IN PTR researchscan272.eecs.umich.edu.
1 184.0.91.60 0 60.91.0.184.in-addr.arpa. 81985 IN PTR nv-184-0-91-60.dhcp.embarqhsd.net.
1 184.105.139.76 123 76.139.105.184.in-addr.arpa. 86357 IN CNAME 76.64-26.139.105.184.in-addr.arpa. 76.64-26.139.105.184.in-addr.arpa. 86357 IN PTR scan-02b.shadowserver.org.
1 184.105.139.82 69 82.139.105.184.in-addr.arpa. 86400 IN CNAME 82.64-26.139.105.184.in-addr.arpa. 82.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-04c.shadowserver.org.
1 184.105.139.85 177 85.139.105.184.in-addr.arpa. 86400 IN CNAME 85.64-26.139.105.184.in-addr.arpa. 85.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-03c.shadowserver.org.
1 184.105.247.198 623 198.247.105.184.in-addr.arpa. 85518 IN CNAME 198.192-26.247.105.184.in-addr.arpa. 198.192-26.247.105.184.in-addr.arpa. 85518 IN PTR scan-13a.shadowserver.org.
1 184.105.247.220 53413 220.247.105.184.in-addr.arpa. 86400 IN CNAME 220.192-26.247.105.184.in-addr.arpa. 220.192-26.247.105.184.in-addr.arpa. 86400 IN PTR scan-15f.shadowserver.org.
1 208.84.200.21 445
1 209.126.136.5 23
1 216.218.206.111 137 111.206.218.216.in-addr.arpa. 85980 IN CNAME 111.64-26.206.218.216.in-addr.arpa. 111.64-26.206.218.216.in-addr.arpa. 85980 IN PTR scan-06k.shadowserver.org.
1 216.218.206.94 500 94.206.218.216.in-addr.arpa. 86400 IN CNAME 94.64-26.206.218.216.in-
1 23.254.130.88 1433 88.130.254.23.in-addr.arpa. 10154 IN PTR client-23-254-130-88.hostwindsdns.com.
1 184.105.139.76 123 76.139.105.184.in-addr.arpa. 86357 IN CNAME 76.64-26.139.105.184.in-addr.arpa. 76.64-26.139.105.184.in-addr.arpa. 86357 IN PTR scan-02b.shadowserver.org.
1 184.105.139.82 69 82.139.105.184.in-addr.arpa. 86400 IN CNAME 82.64-26.139.105.184.in-addr.arpa. 82.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-04c.shadowserver.org.
1 184.105.139.85 177 85.139.105.184.in-addr.arpa. 86400 IN CNAME 85.64-26.139.105.184.in-addr.arpa. 85.64-26.139.105.184.in-addr.arpa. 86400 IN PTR scan-03c.shadowserver.org.
1 184.105.247.198 623 198.247.105.184.in-addr.arpa. 85518 IN CNAME 198.192-26.247.105.184.in-addr.arpa. 198.192-26.247.105.184.in-addr.arpa. 85518 IN PTR scan-13a.shadowserver.org.
1 184.105.247.220 53413 220.247.105.184.in-addr.arpa. 86400 IN CNAME 220.192-26.247.105.184.in-addr.arpa. 220.192-26.247.105.184.in-addr.arpa. 86400 IN PTR scan-15f.shadowserver.org.
1 208.84.200.21 445
1 209.126.136.5 23
1 216.218.206.111 137 111.206.218.216.in-addr.arpa. 85980 IN CNAME 111.64-26.206.218.216.in-addr.arpa. 111.64-26.206.218.216.in-addr.arpa. 85980 IN PTR scan-06k.shadowserver.org.
1 216.218.206.94 500 94.206.218.216.in-addr.arpa. 86400 IN CNAME 94.64-26.206.218.216.in-
1 23.254.130.88 1433 88.130.254.23.in-addr.arpa. 10154 IN PTR client-23-254-130-88.hostwindsdns.com.
1 45.32.216.149 445 149.216.32.45.in-addr.arpa. 3600 IN PTR 45.32.216.149.vultr.com.
1 45.55.10.21 110 21.10.55.45.in-addr.arpa. 1800 IN PTR worker-4-27b-8.stretchoid.com.
1 45.58.136.98 80 98.136.58.45.in-addr.arpa. 22432 IN PTR nookrie-yet.ringlooks.net.
1 46.101.118.25 7991 25.118.101.46.in-addr.arpa. 1800 IN PTR min-extra-scan-12-de-do-dev.binaryedge.ninja.
1 64.184.116.177 81 177.116.184.64.in-addr.arpa. 3600 IN PTR ip-64-184-116-177.ligtel.com.
1 67.210.208.133 20366 133.208.210.67.in-addr.arpa. 6729 IN PTR 133.208.210-67.q9.net.
1 67.210.208.133 59108 133.208.210.67.in-addr.arpa. 6724 IN PTR 133.208.210-67.q9.net.
1 71.234.215.22 8080 22.215.234.71.in-addr.arpa. 1975 IN PTR c-71-234-215-22.hsd1.ct.comcast.net.
1 71.6.158.166 3689 166.158.6.71.in-addr.arpa. 37130 IN PTR ninja.census.shodan.io.
1 71.6.158.166 4070 166.158.6.71.in-addr.arpa. 37125 IN PTR ninja.census.shodan.io.
1 71.6.158.166 5985 166.158.6.71.in-addr.arpa. 37120 IN PTR ninja.census.shodan.io.
1 74.123.18.142 49867
1 74.82.47.34 53 34.47.82.74.in-addr.arpa. 86400 IN CNAME 34.0-26.47.82.74.in-addr.arpa. 34.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-09h.shadowserver.org.
1 74.82.47.48 523 48.47.82.74.in-addr.arpa. 86400 IN CNAME 48.0-26.47.82.74.in-addr.arpa. 48.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-11k.shadowserver.org.
1 75.102.21.12 32175 12.21.102.75.in-addr.arpa. 3600 IN PTR mail.sarangak.com.
[ ^^ Hmm. A mail server...]
1 99.67.126.150 717 150.126.67.99.in-addr.arpa. 1714 IN PTR adsl-99-67-126-150.dsl.covlil.sbcglobal.net.
2 209.49.192.54 3389
2 52.31.147.77 3389 77.147.31.52.in-addr.arpa. 300 IN PTR ec2-52-31-147-77.eu-west-1.compute.amazonaws.com.
1 45.55.10.21 110 21.10.55.45.in-addr.arpa. 1800 IN PTR worker-4-27b-8.stretchoid.com.
1 45.58.136.98 80 98.136.58.45.in-addr.arpa. 22432 IN PTR nookrie-yet.ringlooks.net.
1 46.101.118.25 7991 25.118.101.46.in-addr.arpa. 1800 IN PTR min-extra-scan-12-de-do-dev.binaryedge.ninja.
1 64.184.116.177 81 177.116.184.64.in-addr.arpa. 3600 IN PTR ip-64-184-116-177.ligtel.com.
1 67.210.208.133 20366 133.208.210.67.in-addr.arpa. 6729 IN PTR 133.208.210-67.q9.net.
1 67.210.208.133 59108 133.208.210.67.in-addr.arpa. 6724 IN PTR 133.208.210-67.q9.net.
1 71.234.215.22 8080 22.215.234.71.in-addr.arpa. 1975 IN PTR c-71-234-215-22.hsd1.ct.comcast.net.
1 71.6.158.166 3689 166.158.6.71.in-addr.arpa. 37130 IN PTR ninja.census.shodan.io.
1 71.6.158.166 4070 166.158.6.71.in-addr.arpa. 37125 IN PTR ninja.census.shodan.io.
1 71.6.158.166 5985 166.158.6.71.in-addr.arpa. 37120 IN PTR ninja.census.shodan.io.
1 74.123.18.142 49867
1 74.82.47.34 53 34.47.82.74.in-addr.arpa. 86400 IN CNAME 34.0-26.47.82.74.in-addr.arpa. 34.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-09h.shadowserver.org.
1 74.82.47.48 523 48.47.82.74.in-addr.arpa. 86400 IN CNAME 48.0-26.47.82.74.in-addr.arpa. 48.0-26.47.82.74.in-addr.arpa. 86400 IN PTR scan-11k.shadowserver.org.
1 75.102.21.12 32175 12.21.102.75.in-addr.arpa. 3600 IN PTR mail.sarangak.com.
[ ^^ Hmm. A mail server...]
2 209.49.192.54 3389
2 52.31.147.77 3389 77.147.31.52.in-addr.arpa. 300 IN PTR ec2-52-31-147-77.eu-west-1.compute.amazonaws.com.
[ ^^ Could be typo - someone's EC2 instance IP address changed...or not.]
1 151.236.52.243 1433 243.52.236.151.in-addr.arpa. 81857 IN PTR vps.tessyacconciature.it.
1 151.250.37.89 23 89.37.250.151.in-addr.arpa. 122 IN PTR host-151-250-37-89.reverse.superonline.net.
1 163.172.167.164 1020 164.167.172.163.in-addr.arpa. 60 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
1 163.172.167.164 1021 164.167.172.163.in-addr.arpa. 55 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
1 163.172.167.164 1022 164.167.172.163.in-addr.arpa. 50 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
[ ^^ Port Scan ]
1 146.0.77.108 49431
1 139.162.120.76 81 76.120.162.139.in-addr.arpa. 82757 IN PTR li1604-76.members.linode.com.
1 178.137.51.246 23 246.51.137.178.in-addr.arpa. 82895 IN PTR 178-137-51-246.broadband.kyivstar.net.
1 178.159.36.60 3389
1 178.47.176.130 23
1 185.128.40.110 1900
1 185.35.62.122 1883
1 185.35.62.135 47808
1 185.35.62.194 502
1 185.56.82.54 5901
1 185.56.82.74 3401
[^^Port scan mixing up the IPs?]
1 185.94.111.1 137
1 163.172.167.164 1021 164.167.172.163.in-addr.arpa. 55 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
1 163.172.167.164 1022 164.167.172.163.in-addr.arpa. 50 IN PTR 164-167-172-163.rev.cloud.scaleway.com.
[ ^^ Port Scan ]
1 139.162.120.76 81 76.120.162.139.in-addr.arpa. 82757 IN PTR li1604-76.members.linode.com.
1 169.54.233.124 5060 124.233.54.169.in-addr.arpa. 81594 IN PTR 7c.e9.36a9.ip4.static.sl-reverse.com.
1 169.54.244.89 17185 89.244.54.169.in-addr.arpa. 82750 IN PTR 59.f4.36a9.ip4.static.sl-reverse.com.
1 169.54.244.93 44818 93.244.54.169.in-addr.arpa. 82779 IN PTR 5d.f4.36a9.ip4.static.sl-reverse.com.
1 170.231.114.47 23
1 171.248.157.193 23
1 171.25.193.131 443 131.193.25.171.in-addr.arpa. 82490 IN PTR tor-exit7-readme.dfri.se.
1 172.82.180.58 1900
1 173.215.141.54 445 54.141.215.173.in-addr.arpa. 169766 IN PTR static-173-215-141-54.prtc.net.
1 176.122.251.15 23
1 176.8.128.19 23 19.128.8.176.in-addr.arpa. 82559 IN PTR 176-8-128-19.broadband.kyivstar.net.
1 178.137.212.9 23 9.212.137.178.in-addr.arpa. 82599 IN PTR 178-137-212-9.broadband.kyivstar.net.1 169.54.244.89 17185 89.244.54.169.in-addr.arpa. 82750 IN PTR 59.f4.36a9.ip4.static.sl-reverse.com.
1 169.54.244.93 44818 93.244.54.169.in-addr.arpa. 82779 IN PTR 5d.f4.36a9.ip4.static.sl-reverse.com.
1 170.231.114.47 23
1 171.248.157.193 23
1 171.25.193.131 443 131.193.25.171.in-addr.arpa. 82490 IN PTR tor-exit7-readme.dfri.se.
1 172.82.180.58 1900
1 173.215.141.54 445 54.141.215.173.in-addr.arpa. 169766 IN PTR static-173-215-141-54.prtc.net.
1 176.122.251.15 23
1 176.8.128.19 23 19.128.8.176.in-addr.arpa. 82559 IN PTR 176-8-128-19.broadband.kyivstar.net.
1 178.137.51.246 23 246.51.137.178.in-addr.arpa. 82895 IN PTR 178-137-51-246.broadband.kyivstar.net.
1 178.159.36.60 3389
1 178.47.176.130 23
1 185.128.40.110 1900
1 185.35.62.122 1883
1 185.35.62.135 47808
1 185.35.62.194 502
1 185.56.82.54 5901
1 185.56.82.74 3401
[^^Port scan mixing up the IPs?]
1 185.94.111.1 137
1 195.46.112.154 22
1 212.129.1.60 5060 60.1.129.212.in-addr.arpa. 81939 IN PTR 212-129-1-60.rev.poneytelecom.eu.
1 212.83.157.201 5060 201.157.83.212.in-addr.arpa. 82398 IN PTR 212-83-157-201.rev.poneytelecom.eu.
addr.arpa. 94.64-26.206.218.216.in-addr.arpa. 86400 IN PTR scan-05g.shadowserver.org.
1 217.160.0.34 63393 34.0.160.217.in-addr.arpa. 81832 IN PTR 217-160-0-34.elastic-ssl.ui-r.com.
1 217.65.176.70 23
1 31.207.47.86 3389
1 37.55.197.31 717 31.197.55.37.in-addr.arpa. 82306 IN PTR 31-197-55-37.pool.ukrtel.net.
1 37.115.57.53 23 53.57.115.37.in-addr.arpa. 82201 IN PTR 37-115-57-53.broadband.kyivstar.net.
1 37.229.14.140 23 140.14.229.37.in-addr.arpa. 81539 IN PTR 37-229-14-140.broadband.kyivstar.net.
1 46.118.174.39 23 39.174.118.46.in-addr.arpa. 81709 IN PTR 46-118-174-39.broadband.kyivstar.net.
1 46.118.62.107 23 107.62.118.46.in-addr.arpa. 82099 IN PTR 46-118-62-107.broadband.kyivstar.net.
1 46.118.76.7 23 7.76.118.46.in-addr.arpa. 82660 IN PTR 46-118-76-7.broadband.kyivstar.net.
1 46.118.96.191 23 191.96.118.46.in-addr.arpa. 81153 IN PTR 46-118-96-191.broadband.kyivstar.net.
1 46.119.195.200 23 200.195.119.46.in-addr.arpa. 82159 IN PTR 46-119-195-200.broadband.kyivstar.net.
[^^Lots of port 23 from kyivstar.net]
1 46.139.103.246 445 246.103.139.46.in-addr.arpa. 81864 IN PTR 2E8B67F6.catv.pool.telekom.hu.
1 46.249.74.180 2323 180.74.249.46.in-addr.arpa. 17044 IN PTR 46-249-74-180.net1.bg.
1 212.83.157.201 5060 201.157.83.212.in-addr.arpa. 82398 IN PTR 212-83-157-201.rev.poneytelecom.eu.
addr.arpa. 94.64-26.206.218.216.in-addr.arpa. 86400 IN PTR scan-05g.shadowserver.org.
1 217.160.0.34 63393 34.0.160.217.in-addr.arpa. 81832 IN PTR 217-160-0-34.elastic-ssl.ui-r.com.
1 217.65.176.70 23
1 31.207.47.86 3389
1 37.55.197.31 717 31.197.55.37.in-addr.arpa. 82306 IN PTR 31-197-55-37.pool.ukrtel.net.
1 37.115.57.53 23 53.57.115.37.in-addr.arpa. 82201 IN PTR 37-115-57-53.broadband.kyivstar.net.
1 37.229.14.140 23 140.14.229.37.in-addr.arpa. 81539 IN PTR 37-229-14-140.broadband.kyivstar.net.
1 46.118.174.39 23 39.174.118.46.in-addr.arpa. 81709 IN PTR 46-118-174-39.broadband.kyivstar.net.
1 46.118.62.107 23 107.62.118.46.in-addr.arpa. 82099 IN PTR 46-118-62-107.broadband.kyivstar.net.
1 46.118.76.7 23 7.76.118.46.in-addr.arpa. 82660 IN PTR 46-118-76-7.broadband.kyivstar.net.
1 46.118.96.191 23 191.96.118.46.in-addr.arpa. 81153 IN PTR 46-118-96-191.broadband.kyivstar.net.
1 46.119.195.200 23 200.195.119.46.in-addr.arpa. 82159 IN PTR 46-119-195-200.broadband.kyivstar.net.
[^^Lots of port 23 from kyivstar.net]
1 46.139.103.246 445 246.103.139.46.in-addr.arpa. 81864 IN PTR 2E8B67F6.catv.pool.telekom.hu.
1 46.249.74.180 2323 180.74.249.46.in-addr.arpa. 17044 IN PTR 46-249-74-180.net1.bg.
1 5.161.20.26 81
1 5.188.11.10 3389
1 5.188.11.10 3390
1 5.237.151.150 81
1 5.8.50.130 3357
1 5.188.11.10 3389
1 5.188.11.10 3390
1 5.237.151.150 81
1 5.8.50.130 3357
1 51.15.142.103 8080 103.142.15.51.in-addr.arpa. 60 IN PTR probe2.sisyphe.io.
1 51.15.67.132 8443 132.67.15.51.in-addr.arpa. 60 IN PTR 132-67-15-51.rev.cloud.scaleway.com.
1 51.15.67.132 8443 132.67.15.51.in-addr.arpa. 60 IN PTR 132-67-15-51.rev.cloud.scaleway.com.
1 62.138.14.135 5060 135.14.138.62.in-addr.arpa. 82280 IN PTR loft24103.serverprofi24.eu.
1 77.159.71.216 23 216.71.159.77.in-addr.arpa. 38416 IN PTR 216.71.159.77.rev.sfr.net.
1 78.189.28.120 23 120.28.189.78.in-addr.arpa. 37933 IN PTR 78.189.28.120.dynamic.ttnet.com.tr.
1 79.135.228.161 49867 161.228.135.79.in-addr.arpa. 3600 IN PTR 161.228.135.79.in-addr.arpa.
1 79.2.183.59 23 59.183.2.79.in-addr.arpa. 37903 IN PTR host59-183-static.2-79-b.business.telecomitalia.it.
1 80.24.113.183 23 183.113.24.80.in-addr.arpa. 168532 IN PTR 183.red-80-24-113.staticip.rima-tde.net.
1 80.82.70.26 23 26.70.82.80.in-addr.arpa. 3600 IN PTR vicnovo7x026.securolytics.io.
1 80.82.77.139 12345 139.77.82.80.in-addr.arpa. 2052 IN PTR dojo.census.shodan.io.
1 80.82.77.139 5986 139.77.82.80.in-addr.arpa. 2047 IN PTR dojo.census.shodan.io.
1 80.82.77.33 1099 33.77.82.80.in-addr.arpa. 2790 IN PTR sky.census.shodan.io.
1 80.82.77.33 1962 33.77.82.80.in-addr.arpa. 2785 IN PTR sky.census.shodan.io.
1 80.82.77.33 4040 33.77.82.80.in-addr.arpa. 2780 IN PTR sky.census.shodan.io.
[I don't think I like this shodan IOT thing ^^]
1 81.183.253.3 23 3.253.183.81.in-addr.arpa. 80843 IN PTR dsl51B7FD03.fixip.t-online.hu.
1 81.214.70.186 23 186.70.214.81.in-addr.arpa. 38549 IN PTR 81.214.70.186.dynamic.ttnet.com.tr.
1 83.6.205.173 23 173.205.6.83.in-addr.arpa. 82396 IN PTR abbp173.neoplus.adsl.tpnet.pl.
1 84.94.192.94 23 94.192.94.84.in-addr.arpa. 3600 IN PTR 84.94.192.94.cable.012.net.il.
1 85.101.145.154 23 154.145.101.85.in-addr.arpa. 38445 IN PTR 85.101.145.154.dynamic.ttnet.com.tr.
1 85.109.190.94 23 94.190.109.85.in-addr.arpa. 37842 IN PTR 85.109.190.94.dynamic.ttnet.com.tr.
1 87.106.1.241 16868 241.1.106.87.in-addr.arpa. 2533 IN PTR s527594248.mialojamiento.es.
1 87.13.44.37 81 37.44.13.87.in-addr.arpa. 38279 IN PTR host37-44-dynamic.13-87-r.retail.telecomitalia.it.
1 88.228.97.154 23 154.97.228.88.in-addr.arpa. 37977 IN PTR 88.228.97.154.dynamic.ttnet.com.tr.
1 88.235.30.54 23 54.30.235.88.in-addr.arpa. 37841 IN PTR 88.235.30.54.dynamic.ttnet.com.tr.
1 89.163.157.162 0
1 89.163.251.151 5060 151.251.163.89.in-addr.arpa. 81703 IN PTR ve782.venus.fastwebserver.de.
1 89.248.171.2 443 2.171.248.89.in-addr.arpa. 3131 IN PTR 89.248.171.2.static-nl.cryptolayer.com.
1 91.122.40.86 22 86.40.122.91.in-addr.arpa. 3600 IN PTR ppp91-122-40-86.pppoe.avangarddsl.ru.
1 91.211.2.106 338 106.2.211.91.in-addr.arpa. 78740 IN PTR hostby.chnet.se.
1 91.211.2.106 666 106.2.211.91.in-addr.arpa. 78735 IN PTR hostby.chnet.se.
1 91.211.2.108 3390 108.2.211.91.in-addr.arpa. 56583 IN PTR hostby.chnet.se.
1 91.211.2.108 3392 108.2.211.91.in-addr.arpa. 56578 IN PTR hostby.chnet.se.
1 91.211.2.108 3393 108.2.211.91.in-addr.arpa. 56573 IN PTR hostby.chnet.se.
1 91.211.2.108 3394 108.2.211.91.in-addr.arpa. 56568 IN PTR hostby.chnet.se.
1 91.211.2.108 3395 108.2.211.91.in-addr.arpa. 56563 IN PTR hostby.chnet.se.
1 91.211.2.108 3396 108.2.211.91.in-addr.arpa. 56558 IN PTR hostby.chnet.se.
1 91.211.2.108 4444 108.2.211.91.in-addr.arpa. 56553 IN PTR hostby.chnet.se.
1 91.211.2.108 6666 108.2.211.91.in-addr.arpa. 56548 IN PTR hostby.chnet.se.
[Yeah, that's a port scan ^^]
1 91.230.121.168 123
1 91.98.76.50 445 50.76.98.91.in-addr.arpa. 81378 IN PTR 91.98.76.50.pol.ir.
1 93.174.93.136 3128 136.93.174.93.in-addr.arpa. 3228 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 3333 136.93.174.93.in-addr.arpa. 3223 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 7777 136.93.174.93.in-addr.arpa. 3218 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8000 136.93.174.93.in-addr.arpa. 3213 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 808 136.93.174.93.in-addr.arpa. 3208 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8887 136.93.174.93.in-addr.arpa. 3203 IN PTR no-reverse-dns-configured.com.
[Another port scan ^^]
1 94.23.252.163 19 163.252.23.94.in-addr.arpa. 80761 IN PTR ns380322.ip-94-23-252.eu.
1 94.76.206.197 445 197.206.76.94.in-addr.arpa. 81066 IN PTR www.eventogioco.com.
1 95.102.92.146 23 146.92.102.95.in-addr.arpa. 82154 IN PTR adsl-dyn-146.95-102-92.t-com.sk.
1 95.231.117.83 23 83.117.231.95.in-addr.arpa. 38362 IN PTR host83-117-static.231-95-b.business.telecomitalia.it.
1 95.47.132.36 23
2 46.48.215.149 21
5 195.154.241.198 5060 198.241.154.195.in-addr.arpa. 80630 IN PTR 195-154-241-198.rev.poneytelecom.eu.
5 51.15.8.65 5060 65.8.15.51.in-addr.arpa. 80893 IN PTR 51-15-8-65.rev.poneytelecom.eu.
1 78.189.28.120 23 120.28.189.78.in-addr.arpa. 37933 IN PTR 78.189.28.120.dynamic.ttnet.com.tr.
1 79.135.228.161 49867 161.228.135.79.in-addr.arpa. 3600 IN PTR 161.228.135.79.in-addr.arpa.
1 79.2.183.59 23 59.183.2.79.in-addr.arpa. 37903 IN PTR host59-183-static.2-79-b.business.telecomitalia.it.
1 80.24.113.183 23 183.113.24.80.in-addr.arpa. 168532 IN PTR 183.red-80-24-113.staticip.rima-tde.net.
1 80.82.70.26 23 26.70.82.80.in-addr.arpa. 3600 IN PTR vicnovo7x026.securolytics.io.
1 80.82.77.139 12345 139.77.82.80.in-addr.arpa. 2052 IN PTR dojo.census.shodan.io.
1 80.82.77.139 5986 139.77.82.80.in-addr.arpa. 2047 IN PTR dojo.census.shodan.io.
1 80.82.77.33 1099 33.77.82.80.in-addr.arpa. 2790 IN PTR sky.census.shodan.io.
1 80.82.77.33 1962 33.77.82.80.in-addr.arpa. 2785 IN PTR sky.census.shodan.io.
1 80.82.77.33 4040 33.77.82.80.in-addr.arpa. 2780 IN PTR sky.census.shodan.io.
[I don't think I like this shodan IOT thing ^^]
1 81.183.253.3 23 3.253.183.81.in-addr.arpa. 80843 IN PTR dsl51B7FD03.fixip.t-online.hu.
1 81.214.70.186 23 186.70.214.81.in-addr.arpa. 38549 IN PTR 81.214.70.186.dynamic.ttnet.com.tr.
1 83.6.205.173 23 173.205.6.83.in-addr.arpa. 82396 IN PTR abbp173.neoplus.adsl.tpnet.pl.
1 84.94.192.94 23 94.192.94.84.in-addr.arpa. 3600 IN PTR 84.94.192.94.cable.012.net.il.
1 85.101.145.154 23 154.145.101.85.in-addr.arpa. 38445 IN PTR 85.101.145.154.dynamic.ttnet.com.tr.
1 85.109.190.94 23 94.190.109.85.in-addr.arpa. 37842 IN PTR 85.109.190.94.dynamic.ttnet.com.tr.
1 87.106.1.241 16868 241.1.106.87.in-addr.arpa. 2533 IN PTR s527594248.mialojamiento.es.
1 87.13.44.37 81 37.44.13.87.in-addr.arpa. 38279 IN PTR host37-44-dynamic.13-87-r.retail.telecomitalia.it.
1 88.228.97.154 23 154.97.228.88.in-addr.arpa. 37977 IN PTR 88.228.97.154.dynamic.ttnet.com.tr.
1 88.235.30.54 23 54.30.235.88.in-addr.arpa. 37841 IN PTR 88.235.30.54.dynamic.ttnet.com.tr.
1 89.163.157.162 0
1 89.163.251.151 5060 151.251.163.89.in-addr.arpa. 81703 IN PTR ve782.venus.fastwebserver.de.
1 89.248.171.2 443 2.171.248.89.in-addr.arpa. 3131 IN PTR 89.248.171.2.static-nl.cryptolayer.com.
1 91.122.40.86 22 86.40.122.91.in-addr.arpa. 3600 IN PTR ppp91-122-40-86.pppoe.avangarddsl.ru.
1 91.211.2.106 338 106.2.211.91.in-addr.arpa. 78740 IN PTR hostby.chnet.se.
1 91.211.2.106 666 106.2.211.91.in-addr.arpa. 78735 IN PTR hostby.chnet.se.
1 91.211.2.108 3390 108.2.211.91.in-addr.arpa. 56583 IN PTR hostby.chnet.se.
1 91.211.2.108 3392 108.2.211.91.in-addr.arpa. 56578 IN PTR hostby.chnet.se.
1 91.211.2.108 3393 108.2.211.91.in-addr.arpa. 56573 IN PTR hostby.chnet.se.
1 91.211.2.108 3394 108.2.211.91.in-addr.arpa. 56568 IN PTR hostby.chnet.se.
1 91.211.2.108 3395 108.2.211.91.in-addr.arpa. 56563 IN PTR hostby.chnet.se.
1 91.211.2.108 3396 108.2.211.91.in-addr.arpa. 56558 IN PTR hostby.chnet.se.
1 91.211.2.108 4444 108.2.211.91.in-addr.arpa. 56553 IN PTR hostby.chnet.se.
1 91.211.2.108 6666 108.2.211.91.in-addr.arpa. 56548 IN PTR hostby.chnet.se.
[Yeah, that's a port scan ^^]
1 91.230.121.168 123
1 91.98.76.50 445 50.76.98.91.in-addr.arpa. 81378 IN PTR 91.98.76.50.pol.ir.
1 93.174.93.136 3128 136.93.174.93.in-addr.arpa. 3228 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 3333 136.93.174.93.in-addr.arpa. 3223 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 7777 136.93.174.93.in-addr.arpa. 3218 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8000 136.93.174.93.in-addr.arpa. 3213 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 808 136.93.174.93.in-addr.arpa. 3208 IN PTR no-reverse-dns-configured.com.
1 93.174.93.136 8887 136.93.174.93.in-addr.arpa. 3203 IN PTR no-reverse-dns-configured.com.
[Another port scan ^^]
1 94.23.252.163 19 163.252.23.94.in-addr.arpa. 80761 IN PTR ns380322.ip-94-23-252.eu.
1 94.76.206.197 445 197.206.76.94.in-addr.arpa. 81066 IN PTR www.eventogioco.com.
1 95.102.92.146 23 146.92.102.95.in-addr.arpa. 82154 IN PTR adsl-dyn-146.95-102-92.t-com.sk.
1 95.231.117.83 23 83.117.231.95.in-addr.arpa. 38362 IN PTR host83-117-static.231-95-b.business.telecomitalia.it.
1 95.47.132.36 23
2 46.48.215.149 21
5 195.154.241.198 5060 198.241.154.195.in-addr.arpa. 80630 IN PTR 195-154-241-198.rev.poneytelecom.eu.
5 51.15.8.65 5060 65.8.15.51.in-addr.arpa. 80893 IN PTR 51-15-8-65.rev.poneytelecom.eu.
1 134.249.93.92 23 92.93.249.134.in-addr.arpa. 82753 IN PTR 134-249-93-92.broadband.kyivstar.net.
LACNIC (South America)1 131.0.251.42 23
1 138.219.192.152 23 152.192.219.138.in-addr.arpa. 3600 IN PTR 138-219-192-152.brasilnett.com.br.
1 177.158.181.22 23 22.181.158.177.in-addr.arpa. 83366 IN PTR 177.158.181.22.dynamic.adsl.gvt.net.br.
1 177.221.104.97 22 97.104.221.177.in-addr.arpa. 80232 IN PTR bilink-97-bgp104.bilink.com.br.
1 177.246.184.146 5358 146.184.246.177.in-addr.arpa. 82679 IN PTR customer-COL-184-146.megared.net.mx.
1 179.183.255.131 23 131.255.183.179.in-addr.arpa. 83230 IN PTR 179.183.255.131.dynamic.adsl.gvt.net.br.
1 179.99.200.173 23 173.200.99.179.in-addr.arpa. 83015 IN PTR 179-99-200-173.dsl.telesp.net.br.
1 181.211.229.103 22 103.229.211.181.in-addr.arpa. 3332 IN PTR 103.229.211.181.static.pichincha.andinanet.net.
1 181.26.172.209 23 209.172.26.181.in-addr.arpa. 81925 IN PTR 181-26-172-209.speedy.com.ar.
1 186.119.100.44 23
1 186.178.182.170 23 170.182.178.186.in-addr.arpa. 3582 IN PTR 170.182.178.186.static.pichincha.andinanet.net.
1 186.178.189.236 23 236.189.178.186.in-addr.arpa. 2871 IN PTR 236.189.178.186.static.pichincha.andinanet.net.
1 186.56.147.223 23 223.147.56.186.in-addr.arpa. 82146 IN PTR 186-56-147-223.mrse.com.ar.
1 186.57.50.58 22 58.50.57.186.in-addr.arpa. 82932 IN PTR 186-57-50-58.speedy.com.ar.
1 187.108.150.123 445 123.150.108.187.in-addr.arpa. 3600 IN PTR 187.108.150.123.nqt.com.br.
1 187.123.88.199 23 199.88.123.187.in-addr.arpa. 3600 IN PTR bb7b58c7.virtua.com.br.
1 187.160.216.136 81 136.216.160.187.in-addr.arpa. 24941 IN PTR CableLink-187-160-216-136.PCs.InterCable.net.
1 187.160.217.103 23 103.217.160.187.in-addr.arpa. 24360 IN PTR CableLink-187-160-217-103.PCs.InterCable.net.
1 187.185.113.221 23 221.113.185.187.in-addr.arpa. 3600 IN PTR 187.185.113.221.cable.dyn.cableonline.com.mx.
1 187.87.205.87 23
1 188.49.86.245 23
1 189.219.19.113 23 113.19.219.189.in-addr.arpa. 3600 IN PTR CableLink-189-219-19-113.Hosts.InterCable.net.
1 190.235.230.162 23
1 190.39.93.7 445
1 190.48.228.199 23 199.228.48.190.in-addr.arpa. 83075 IN PTR 190-48-228-199.speedy.com.ar.
1 190.62.151.165 81
1 191.34.101.72 23 72.101.34.191.in-addr.arpa. 81928 IN PTR 191.34.101.72.dynamic.adsl.gvt.net.br.
1 191.82.116.85 22 85.116.82.191.in-addr.arpa. 81973 IN PTR 191-82-116-85.speedy.com.ar.
1 200.77.164.202 717 202.164.77.200.in-addr.arpa. 82571 IN PTR 200-77-164-202.cable.dyn.cablevision.net.mx.
1 200.8.152.168 23
1 200.92.180.72 81 72.180.92.200.in-addr.arpa. 81990 IN PTR customer-MZT-180-72.megared.net.mx.
1 201.10.181.136 23 136.181.10.201.in-addr.arpa. 81472 IN PTR 201-10-181-136.CPCE-MS-MAN-SWTL3-A03.dsl.brasiltelecom.net.br.
1 201.164.201.142 23 142.201.164.201.in-addr.arpa. 82274 IN PTR customer-COL-201-142.megared.net.mx.
1 201.24.92.8 23 8.92.24.201.in-addr.arpa. 81894 IN PTR 201-24-92-8.fnsce701.dsl.brasiltelecom.net.br.
1 201.252.134.197 23 197.134.252.201.in-addr.arpa. 81723 IN PTR host197.201-252-134.telecom.net.ar.
[^^Port 23 is all the rage in Latin America!]
1 196.41.221.58 445
1 197.50.71.27 23 27.71.50.197.in-addr.arpa. 81693 IN PTR host-197.50.71.27.tedata.net.
1 198.50.187.240 1755 240.187.50.198.in-addr.arpa. 81748 IN PTR ddos-protected-l7.198.50.187.240.heavyhost.net.
1 2.184.214.41 7547
1 200.6.170.133 23 133.170.6.200.in-addr.arpa. 82201 IN PTR static-BAFO-200-6-170-133.une.net.co.
1 49.117.21.122 23
1 49.73.95.238 23
1 49.81.146.42 23
1 41.41.84.204 23 204.84.41.41.in-addr.arpa. 81825 IN PTR host-41.41.84.204.tedata.net.
1 41.41.84.204 2323 204.84.41.41.in-addr.arpa. 81820 IN PTR host-41.41.84.204.tedata.net.[^^Africa is the most well-behaved continent today]
Hits | Port
107 23 [23 wins! Telnet, likely IOT. More hits than any other port]
19 1433 [Better not have your database on the Internet. Use layered security (networking)]
16 22 [Port 22 should be locked down to specific IPs]
15 5060 [SIP https://www.speedguide.net/port.php?port=5060]
12 1900 [Block from Internet, upgrade old systems]
11 445 [Block from Internet, upgrade old systems]
10 81 [Port 81?? https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/ Obsfucating traffic back to C2?]
10 3389 [Port 3389 should be locked down to specific IPs]
6 0 [Don't allow invalid ports on your network]
3 8080
3 717
3 3306
3 2323
2 808
2 49867
2 443
2 3390
2 2433
2 2222
2 21
2 1962
2 137
2 123
1 993
1 9200
1 8887
1 8880
1 8443
1 8000
1 80
1 7991
1 7777
1 7547
1 69
1 6666
1 666
1 65439
1 63393
1 623
1 5986
1 5985
1 59108
1 5901
1 57845
1 554
1 5358
1 53413
1 53
1 52306
1 523
1 502
1 500
1 49431
1 47808
1 44818
1 4444
1 4070
1 4040
1 3689
1 3401
1 3396
1 3395
1 3394
1 3393
1 3392
1 338
1 3357
1 3333
1 32761
1 32175
1 3128
1 20366
1 19
1 1883
1 177
1 1755
1 17185
1 16868
1 1533
1 12345
1 110
1 1099
1 1022
1 1021
1 1020