Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 4,899 unique cyber attackers who, collectively, were responsible for 19,621 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
United States flag
167.94.146.69United StatesMichiganAnn ArborCensys Inc.31154, 4453, 30754, 48389, 12319, 61135, 24014, 61269, 21334, 1218... (484 more)
System monitoring reveals a focused approach on a handful of ports, such as 31154, 4453, 30754. The attacker is perhaps masquerading as a search engine bot?
Korea (Republic of) flag
110.10.168.140Korea (Republic of)Seoul-teukbyeolsiSeoulSK Broadband Co Ltd22
Digital footprint reveals a focused attack targeting SSH.
United States flag
162.216.149.103United StatesSouth CarolinaNorth CharlestonGoogle LLC24343, 9636, 30278, 9982, 6745, 34464, 10540, 48868, 30000, 49592... (1444 more)
System analysis reveals a focused approach on a handful of ports, such as 24343, 9636, 30278. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.222United StatesCaliforniaSanta ClaraPalo Alto Networks Inc61616, 4025, 20123, 8899, 51401, 2484, 5432, 623, 2525, 4016... (207 more)
System analysis reveals a focused approach targeting PostgreSQL, and others. The attacker appears to be leveraging a data center hideout.
Singapore flag
124.156.196.176SingaporeSingaporeSingaporeAceville Pte.Ltd.22
Digital footprint reveals a focused attack targeting SSH. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.147United StatesCaliforniaSanta ClaraPalo Alto Networks Inc53524, 2379, 54041, 7093, 1911, 9997, 12694, 50003, 32569, 8008... (287 more)
Activity shows a focused approach on a handful of ports, such as 53524, 2379, 54041. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.205United KingdomEnglandLondonGoogle LLC55528, 28887, 29091, 48620, 46543, 27, 1000, 9192, 8834, 9062... (1460 more)
System analysis reveals a focused approach on a handful of ports, such as 55528, 28887, 29091. The attacker appears to be leveraging a data center hideout.
United States flag
128.14.237.130United StatesCaliforniaDiamond BarZenlayer Inc52229, 33334, 33131, 24844, 8010, 3725, 3726, 3585, 3517, 3233... (69 more)
Network inspection reveals a focused approach on a handful of ports, such as 52229, 33334, 33131. The attacker appears to be leveraging a data center hideout.
United States flag
206.168.35.99United StatesMichiganAnn ArborCensys Inc.4444, 9601, 11101, 10260, 7443, 9600, 101, 6007, 3000, 1201... (171 more)
Activity shows a focused approach on a handful of ports, such as 4444, 9601, 11101. The attacker is perhaps masquerading as a search engine bot?
United States flag
167.94.138.194United StatesMichiganAnn ArborCensys Inc.9595, 3000, 50051, 993, 21, 50212, 143, 18765, 5432, 8611
Activity shows a focused approach targeting FTP, IMAP, PostgreSQL, and others. The attacker is perhaps masquerading as a search engine bot?
Taiwan, Province of China flag
220.132.107.47Taiwan, Province of ChinaTaipeiTaipeiChunghwa Telecom Co. Ltd.23, 26
System analysis reveals a selective approach targeting Telnet, and others.
China flag
218.245.63.23ChinaBeijingBeijingBeijing Topnew Info & Tech Co. Ltd22
Digital footprint reveals a focused attack targeting SSH.
Russian Federation flag
188.234.108.152Russian FederationSverdlovskaya oblast'YekaterinburgJSC ER-Telecom Holding23
Digital footprint reveals a focused attack targeting Telnet.
Japan flag
34.84.82.194JapanTokyoTokyoGoogle LLC22
Network inspection reveals a focused attack targeting SSH. The attacker appears to be leveraging a data center hideout.
Korea (Republic of) flag
121.144.52.106Korea (Republic of)Gyeonggi-doSeongnamKT Corporation23
Activity shows a focused attack targeting Telnet.
United States flag
34.23.199.152United StatesSouth CarolinaNorth CharlestonGoogle LLC445
System monitoring reveals a focused attack targeting SMB. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.133.187United StatesCaliforniaSanta ClaraPalo Alto Networks Inc9608, 9539, 9352, 1114, 47522, 9478, 9333, 54500, 46024, 45076... (817 more)
System analysis reveals a focused approach on a handful of ports, such as 9608, 9539, 9352. The attacker appears to be leveraging a data center hideout.
United States flag
172.168.159.43United StatesIowaDes MoinesMicrosoft Limited8222, 20547, 60001, 10443, 123, 3479, 4369, 5903, 4840, 179... (40 more)
Activity shows a focused approach on a handful of ports, such as 8222, 20547, 60001. The attacker appears to be leveraging a data center hideout.
China flag
219.147.74.48ChinaHeilongjiangDaqingHeilongjiang Telecom Corporation22
Activity shows a focused attack targeting SSH.
India flag
112.133.242.45IndiaMaharashtraMumbaiRailwire Kanpur22
System monitoring reveals a focused attack targeting SSH.
United Kingdom flag
35.203.210.179United KingdomEnglandLondonGoogle LLC9501, 43713, 9812, 8151, 2796, 34477, 54796, 12300, 3525, 9487... (1452 more)
System analysis reveals a focused approach on a handful of ports, such as 9501, 43713, 9812. The attacker appears to be leveraging a data center hideout.
China flag
223.199.165.222ChinaHainanHaikouChinaNet Hainan Province Network1883
System monitoring reveals a focused attack on port 1883.
United States flag
172.202.158.92United StatesTexasSan AntonioMicrosoft Limited5061, 5269, 2455, 179, 49152, 1527, 1400, 4911, 9000, 118... (35 more)
System analysis reveals a focused approach on a handful of ports, such as 5061, 5269, 2455. The attacker appears to be leveraging a data center hideout.
United States flag
167.94.146.71United StatesMichiganAnn ArborCensys Inc.28640, 10701, 18286, 49456, 23194, 46967, 63748, 38918, 2862, 26573... (554 more)
Activity shows a focused approach on a handful of ports, such as 28640, 10701, 18286. The attacker is perhaps masquerading as a search engine bot?
Germany flag
8.211.51.235GermanyHessenFrankfurt am MainAlibaba.com Singapore E-Commerce Private ...9033, 10170, 9015, 81, 12446, 16062, 445, 8118, 2121, 10008... (47 more)
Digital footprint reveals a focused approach targeting SMB, and others. The attacker appears to be leveraging a data center hideout.