In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.
Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.
The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.
Detected a total of 4,491 unique cyber attackers who, collectively, were responsible for 23,232 breach attempts.
(Each attacker is recorded once per day, regardless of the number of attempts)
To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.
It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.
This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.
This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.
The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.
This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.
| IP | Country | Region | City | ISP | Ports | ||
|---|---|---|---|---|---|---|---|
 | 198.235.24.128 | United States | California | Santa Clara | Palo Alto Networks Inc | 8333, 50003, 50100, 1433, 50052, 9983, 64719, 2455, 3975, 5916... (288 more) | Activity shows a focused approach on a handful of ports, such as 8333, 50003, 50100. The attacker appears to be leveraging a data center hideout. |
 | 191.8.182.125 | Brazil | Sao Paulo | Campinas | Telefonica Brasil S.A | 1433 | Activity shows a focused attack on port 1433. |
 | 195.184.76.114 | France | - | - | Visteria LLC | 13104, 11264, 10233, 18080, 16764, 13437, 15051 | System analysis reveals a focused approach on a handful of ports, such as 13104, 11264, 10233. The attacker appears to be leveraging a data center hideout. |
| 162.216.150.96 | United States | South Carolina | North Charleston | Google LLC | 5688, 31006, 557, 37516, 34421, 49929, 8790, 3082, 4043, 3014... (1589 more) | System monitoring reveals a focused approach on a handful of ports, such as 5688, 31006, 557. The attacker appears to be leveraging a data center hideout. |
| 162.216.149.9 | United States | South Carolina | North Charleston | Google LLC | 58888, 26789, 636, 18505, 50173, 9452, 9678, 467, 49012, 54921... (1543 more) | Activity shows a focused approach on a handful of ports, such as 58888, 26789, 636. The attacker appears to be leveraging a data center hideout. |
 | 80.82.77.139 | Netherlands | Noord-Holland | Amsterdam | FiberXpress BV | 63260, 541, 8545, 8728, 18081, 37, 902, 9530, 11112, 22556... (342 more) | System monitoring reveals a focused approach on a handful of ports, such as 63260, 541, 8545. The attacker appears to be leveraging a data center hideout. |
| 147.185.132.237 | United States | California | Santa Clara | Palo Alto Networks Inc | 5001, 26900, 42713, 993, 4024, 8883, 8991, 554, 10250, 943... (158 more) | Digital footprint reveals a focused approach on a handful of ports, such as 5001, 26900, 42713. The attacker appears to be leveraging a data center hideout. |
| 206.168.34.137 | United States | Michigan | Ann Arbor | Censys Inc. | 14026, 41451, 57116, 2057, 27196, 47353, 22782, 7300, 21146, 7776... (850 more) | Activity shows a focused approach on a handful of ports, such as 14026, 41451, 57116. The attacker is perhaps masquerading as a search engine bot? |
 | 195.230.103.248 | Germany | Nordrhein-Westfalen | Koeln | SecurityTrails LLC | 513, 9999, 8080, 138, 13, 10000, 8443, 3986, 139, 119... (100 more) | System analysis reveals a focused approach targeting HTTP, HTTPS, NetBIOS, and others. The attacker appears to be leveraging a data center hideout. |
 | 118.26.104.212 | United Kingdom | England | London | UCloud Information Technology (HK) Limite... | 13400, 517, 1173, 1684, 5364, 3539, 22370, 13721, 38000, 11112... (174 more) | System monitoring reveals a focused approach on a handful of ports, such as 13400, 517, 1173. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.87 | United States | California | Santa Clara | Palo Alto Networks Inc | 8100, 7878, 685, 9600, 59189, 556, 48453, 4329, 8547, 45452... (890 more) | System monitoring reveals a focused approach on a handful of ports, such as 8100, 7878, 685. The attacker appears to be leveraging a data center hideout. |
| 172.178.73.64 | United States | Virginia | Washington | Microsoft Limited | 115, 520 | Activity shows a selective approach on a handful of ports, such as 115, 520. The attacker appears to be leveraging a data center hideout. |
| 147.185.132.13 | United States | California | Santa Clara | Palo Alto Networks Inc | 6443, 8800, 2080, 17516, 8159, 1080, 25789, 22460, 5910, 49502... (155 more) | System analysis reveals a focused approach on a handful of ports, such as 6443, 8800, 2080. The attacker appears to be leveraging a data center hideout. |
| 147.185.132.139 | United States | California | Santa Clara | Palo Alto Networks Inc | 10008, 60731, 20202, 9981, 20845, 15905, 32181, 1022, 34473, 6066... (847 more) | System monitoring reveals a focused approach on a handful of ports, such as 10008, 60731, 20202. The attacker appears to be leveraging a data center hideout. |
| 167.94.138.135 | United States | Michigan | Ann Arbor | Censys Inc. | 18246, 3299, 2403, 501, 8808, 1961, 10259, 1201, 2405, 10002... (232 more) | Activity shows a focused approach on a handful of ports, such as 18246, 3299, 2403. The attacker is perhaps masquerading as a search engine bot? |
| 198.235.24.200 | United States | California | Santa Clara | Palo Alto Networks Inc | 20123, 4430, 8887, 2300, 3909, 990, 50053, 27017, 53524, 64719... (208 more) | System monitoring reveals a focused approach targeting MongoDB, and others. The attacker appears to be leveraging a data center hideout. |
 | 91.238.24.55 | Russian Federation | Tverskaya oblast' | Bezhetsk | Bezheckaya Internet Company Ltd. | 23 | System analysis reveals a focused attack targeting Telnet. |
| 147.185.132.192 | United States | California | Santa Clara | Palo Alto Networks Inc | 51007, 12694, 5908, 30005, 54041, 44344, 8010, 50001, 1911, 8444... (155 more) | System monitoring reveals a focused approach on a handful of ports, such as 51007, 12694, 5908. The attacker appears to be leveraging a data center hideout. |
| 162.142.125.228 | United States | Michigan | Ann Arbor | Censys Inc. | 57233, 17899, 23938, 13519, 59531, 17282, 11507, 48459, 31993, 28934... (1248 more) | Digital footprint reveals a focused approach on a handful of ports, such as 57233, 17899, 23938. The attacker is perhaps masquerading as a search engine bot? |
| 35.203.211.138 | United Kingdom | England | London | Google LLC | 409, 64629, 45785, 9792, 45039, 60013, 9487, 52212, 30443, 9442... (1521 more) | System monitoring reveals a focused approach on a handful of ports, such as 409, 64629, 45785. The attacker appears to be leveraging a data center hideout. |
 | 101.36.112.101 | Hong Kong | Hong Kong | Hong Kong | UCloud Information Technology (HK) Limite... | 182, 10609, 30078, 1152, 3979, 58603, 10219, 16922, 17586, 5188... (28 more) | Activity shows a focused approach on a handful of ports, such as 182, 10609, 30078. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.237 | United States | California | Santa Clara | Palo Alto Networks Inc | 23, 47915, 8139, 61873, 50121, 1982, 47694, 54500, 5985, 48087... (887 more) | System monitoring reveals a focused approach targeting Telnet, and others. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.128 | United States | California | Santa Clara | Palo Alto Networks Inc | 2228, 40002, 9765, 52669, 60209, 8144, 2290, 7545, 34912, 9709... (929 more) | System analysis reveals a focused approach on a handful of ports, such as 2228, 40002, 9765. The attacker appears to be leveraging a data center hideout. |
| 88.202.190.139 | United States | Kentucky | London | UK-2 Limited | 8983, 7077, 60000, 8010, 3391, 10001, 7002, 18080, 44443, 139... (21 more) | Digital footprint reveals a focused approach targeting NetBIOS, and others. The attacker appears to be leveraging a data center hideout. |
| 35.203.211.101 | United Kingdom | England | London | Google LLC | 46999, 1922, 34487, 47687, 9816, 60885, 65531, 33741, 8077, 9086... (1556 more) | Network inspection reveals a focused approach on a handful of ports, such as 46999, 1922, 34487. The attacker appears to be leveraging a data center hideout. |