Starting 12-JUL-2018 the number of DShield participants reporting probes for port 15454 started to rise.  It popped up on the experimental trends report (https://isc.sans.edu/trends.html) yesterday.  Fellow handler Richard Porter thought it sounded like a "debugger port for an App" and after a quick jaunt to The Googles he returned with an old report that this port opens up when the Clound9 IDE is doing its thing. (Source: https://stackoverflow.com/questions/39007572/cloud9-debugger-listening-on-port-15454)

We're curious if that initial guess is correct or not.  Are you seeing this as well?  Any pattern to the source or interesting tool marks.  Or better yet: Got Packets?

If so, hits us up on the contact form: https://isc.sans.edu/contact

UPDATE:

Looking at my own sensors, I see one source 185.208.208.198.  It was looking for ports in the 15000 range.  So looking at the DSHield logs for port 15453 port 15455  port 15456 around 15454 you see a similar uptick.  IN additon to the 15000 ports it was also hitting 22.