Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 4,765 unique cyber attackers who, collectively, were responsible for 20,376 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
France flag
91.231.89.6FranceIle-de-FranceMontreuilBha Conseil Sarl8103, 22059, 5222, 21329, 10008, 9977, 8848, 26925, 21238, 8281... (36 more)
Activity shows a focused approach on a handful of ports, such as 8103, 22059, 5222. The attacker appears to be leveraging a data center hideout.
United States flag
139.144.239.72United StatesNew JerseyCedar KnollsAkamai Technologies Inc.5120, 1338, 15003, 1799, 4399, 2048, 27965, 41674, 5989, 8295... (1177 more)
System analysis reveals a focused approach on a handful of ports, such as 5120, 1338, 15003. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.133.44United StatesCaliforniaSanta ClaraPalo Alto Networks Inc9721, 8798, 8147, 7283, 8043, 9872, 9597, 9636, 1111, 21234... (1099 more)
Digital footprint reveals a focused approach on a handful of ports, such as 9721, 8798, 8147. The attacker appears to be leveraging a data center hideout.
India flag
117.201.95.129IndiaUttarakhandRishikeshBharat Sanchar Nigam Limited23
System analysis reveals a focused attack targeting Telnet.
United States flag
162.216.150.194United StatesSouth CarolinaNorth CharlestonGoogle LLC47004, 34431, 49305, 2523, 47295, 18085, 3738, 9099, 9767, 4322... (1740 more)
Activity shows a focused approach on a handful of ports, such as 47004, 34431, 49305. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.23United StatesCaliforniaSanta ClaraPalo Alto Networks Inc50053, 5906, 5900, 9444, 5443, 8899, 51007, 3306, 10255, 4332... (293 more)
Digital footprint reveals a focused approach targeting VNC, MySQL, and others. The attacker appears to be leveraging a data center hideout.
China flag
123.245.84.138ChinaLiaoningShenyangChinaNet Liaoning Province Network4506, 5061
System analysis reveals a selective approach on a handful of ports, such as 4506, 5061. The attacker appears to be leveraging a data center hideout.
Japan flag
47.74.46.108JapanTokyoTokyoAliCloud JP8845, 2525, 8743, 8580, 8436, 12314, 10084, 8520, 16102, 6036... (58 more)
Activity shows a focused approach on a handful of ports, such as 8845, 2525, 8743. The attacker appears to be leveraging a data center hideout.
United States flag
162.142.125.143United StatesMichiganAnn ArborCensys Inc.51385, 52972, 28629, 54068, 21877, 24668, 16045, 5603, 41409, 60703... (1423 more)
Network inspection reveals a focused approach on a handful of ports, such as 51385, 52972, 28629. The attacker is perhaps masquerading as a search engine bot?
United States flag
198.235.24.213United StatesCaliforniaSanta ClaraPalo Alto Networks Inc18245, 138, 38080, 30083, 30005, 118, 389, 5557, 1911, 12694... (241 more)
Network inspection reveals a focused approach on a handful of ports, such as 18245, 138, 38080. The attacker appears to be leveraging a data center hideout.
United States flag
206.168.35.133United StatesMichiganAnn ArborCensys Inc.9599, 9301, 2456, 50995, 11000, 2323, 1200, 2004, 102, 4839... (201 more)
Network inspection reveals a focused approach on a handful of ports, such as 9599, 9301, 2456. The attacker is perhaps masquerading as a search engine bot?
United States flag
147.185.133.228United StatesCaliforniaSanta ClaraPalo Alto Networks Inc9659, 49598, 33399, 202, 46947, 33306, 41000, 806, 9977, 53208... (1149 more)
Digital footprint reveals a focused approach on a handful of ports, such as 9659, 49598, 33399. The attacker appears to be leveraging a data center hideout.
Brazil flag
131.196.198.49BrazilSao PauloCotiaBedHosting BR - Datacenter no Brasil61136, 24076, 7407
System monitoring reveals a selective approach on a handful of ports, such as 61136, 24076, 7407. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.147United StatesSouth CarolinaNorth CharlestonGoogle LLC9520, 33389, 8032, 46131, 49724, 32508, 8096, 47758, 11551, 1081... (1760 more)
System analysis reveals a focused approach on a handful of ports, such as 9520, 33389, 8032. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.132.75United StatesCaliforniaSanta ClaraPalo Alto Networks Inc30303, 4001, 55918, 8887, 111, 4432, 49502, 9191, 5800, 60000... (193 more)
Digital footprint reveals a focused approach on a handful of ports, such as 30303, 4001, 55918. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.172United StatesSouth CarolinaNorth CharlestonGoogle LLC8109, 14875, 48290, 962, 46224, 3310, 9783, 8869, 10040, 2325... (1753 more)
Digital footprint reveals a focused approach on a handful of ports, such as 8109, 14875, 48290. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.79United StatesCaliforniaSanta ClaraPalo Alto Networks Inc943, 50997, 28016, 8991, 32569, 9080, 1112, 68, 3344, 50996... (248 more)
System monitoring reveals a focused approach on a handful of ports, such as 943, 50997, 28016. The attacker appears to be leveraging a data center hideout.
United States flag
20.127.224.63United StatesVirginiaWashingtonMicrosoft Corporation2375, 8082, 992, 1962, 5357, 18245, 6066, 1521, 9200
Activity shows a focused approach targeting Elasticsearch, and others. The attacker appears to be leveraging a data center hideout.
United States flag
206.168.35.83United StatesMichiganAnn ArborCensys Inc.2053, 20001, 5985, 2052, 22222, 8001, 7000, 10259, 20548, 2078... (213 more)
Digital footprint reveals a focused approach on a handful of ports, such as 2053, 20001, 5985. The attacker is perhaps masquerading as a search engine bot?
United States flag
147.185.132.206United StatesCaliforniaSanta ClaraPalo Alto Networks Inc45315, 9658, 50443, 49171, 9542, 48024, 9514, 45110, 9265, 4001... (1146 more)
Network inspection reveals a focused approach on a handful of ports, such as 45315, 9658, 50443. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.25United StatesSouth CarolinaNorth CharlestonGoogle LLC9809, 13137, 14911, 681, 46307, 65505, 45773, 3358, 631, 48113... (1763 more)
Activity shows a focused approach on a handful of ports, such as 9809, 13137, 14911. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.103United StatesSouth CarolinaNorth CharlestonGoogle LLC6335, 52059, 46525, 49095, 8852, 49930, 2506, 9193, 45971, 47596... (1744 more)
Digital footprint reveals a focused approach on a handful of ports, such as 6335, 52059, 46525. The attacker appears to be leveraging a data center hideout.
United States flag
20.40.208.55United StatesIowaDes MoinesMicrosoft Corporation8087, 5985, 8086, 8091, 5986, 179, 110, 4040, 1583, 161... (7 more)
Network inspection reveals a focused approach targeting POP3, and others. The attacker appears to be leveraging a data center hideout.
Nigeria flag
165.154.11.48NigeriaLagosLagosUCloud Information Technology (HK) Limite...10834, 6653, 32760, 2159, 5029, 2842, 10989, 9228, 11091, 2603... (240 more)
System analysis reveals a focused approach on a handful of ports, such as 10834, 6653, 32760. The attacker appears to be leveraging a data center hideout.
India flag
117.221.202.91IndiaUttarakhandKargiBharat Sanchar Nigam Limited23
Activity shows a focused attack targeting Telnet.