Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 3,750 unique cyber attackers who, collectively, were responsible for 28,124 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
United States flag
198.235.24.122United StatesCaliforniaSanta ClaraPalo Alto Networks Inc53631, 502, 8000, 139, 444, 2121, 1883, 5986, 8022, 9080... (74 more)
System analysis reveals a focused approach targeting NetBIOS, and others. The attacker appears to be leveraging a data center hideout.
United States flag
104.206.128.58United StatesNevadaLas VegasGDNP LLC8080, 7777, 20256
System analysis reveals a selective approach targeting HTTP, and others. The attacker appears to be leveraging a data center hideout.
United States flag
43.153.9.48United StatesCaliforniaSanta ClaraTencent Cloud Computing (Beijing) Co. Ltd...2052, 8006, 7011, 1966, 12505, 3060, 8791, 51315, 12219, 4463... (63 more)
Digital footprint reveals a focused approach on a handful of ports, such as 2052, 8006, 7011. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.153United StatesCaliforniaSanta ClaraPalo Alto Networks Inc4025, 9595, 8444, 9002, 52200, 808, 9042, 5061, 50001, 9000... (177 more)
Activity shows a focused approach on a handful of ports, such as 4025, 9595, 8444. The attacker appears to be leveraging a data center hideout.
Indonesia flag
43.129.43.85IndonesiaJakarta RayaJakartaTencent Cloud Computing (Beijing) Co. Ltd...8021, 8122, 5003, 7706, 9826, 12443, 60000, 8239, 8157, 2103... (46 more)
System analysis reveals a focused approach on a handful of ports, such as 8021, 8122, 5003. The attacker appears to be leveraging a data center hideout.
United States flag
192.241.231.48United StatesCaliforniaSan FranciscoDigitalOcean LLC8080, 7337, 8192, 427, 8032, 1604, 8089, 8091, 1930, 4567... (18 more)
System analysis reveals a focused approach targeting HTTP, and others. The attacker is behind the veil of a VPN.
United States flag
162.142.125.190United StatesMichiganAnn ArborCensys Inc.21443, 12232, 3105, 12389, 16054, 7999, 16044, 12191, 990, 12501... (1408 more)
System analysis reveals a focused approach on a handful of ports, such as 21443, 12232, 3105. The attacker is perhaps masquerading as a search engine bot?
United States flag
162.216.150.78United StatesSouth CarolinaNorth CharlestonGoogle LLC9986, 9303, 9858, 9930, 6003, 210, 9777, 48917, 636, 30321... (516 more)
System monitoring reveals a focused approach on a handful of ports, such as 9986, 9303, 9858. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.33United KingdomEnglandLondonGoogle LLC9416, 23460, 8142, 22765, 8587, 49904, 55022, 4719, 9027, 1688... (475 more)
Digital footprint reveals a focused approach on a handful of ports, such as 9416, 23460, 8142. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.151United StatesCaliforniaSanta ClaraPalo Alto Networks Inc4024, 5443, 50995, 7777, 8139, 51401, 138, 9443, 8333, 50067... (164 more)
Activity shows a focused approach on a handful of ports, such as 4024, 5443, 50995. The attacker appears to be leveraging a data center hideout.
Netherlands flag
185.224.128.17NetherlandsNoord-HollandAmsterdamAlsycon B.V.9514, 9152, 8020, 8084, 5566, 20086, 1888, 5678, 8154, 9003... (93 more)
Network inspection reveals a focused approach on a handful of ports, such as 9514, 9152, 8020. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.198United StatesSouth CarolinaNorth CharlestonGoogle LLC8093, 46894, 1157, 61869, 9395, 9596, 43999, 330, 55920, 8117... (453 more)
Activity shows a focused approach on a handful of ports, such as 8093, 46894, 1157. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.55United KingdomEnglandLondonGoogle LLC853, 23905, 9609, 50921, 27232, 28880, 47020, 6445, 8040, 49241... (440 more)
Activity shows a focused approach on a handful of ports, such as 853, 23905, 9609. The attacker appears to be leveraging a data center hideout.
United States flag
23.92.27.206United StatesCaliforniaFremontAkamai Technologies Inc.65527, 7004, 5700, 8106, 49175, 9848, 31409, 29843, 3002, 8022... (568 more)
Digital footprint reveals a focused approach on a handful of ports, such as 65527, 7004, 5700. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.140United StatesCaliforniaSanta ClaraPalo Alto Networks Inc8887, 2222, 21242, 4911, 18080, 1000, 8085, 8880, 5555, 5906... (164 more)
System analysis reveals a focused approach on a handful of ports, such as 8887, 2222, 21242. The attacker appears to be leveraging a data center hideout.
China flag
112.74.113.120ChinaGuangdongShenzhenAliyun Computing Co. Ltd23
Network inspection reveals a focused attack targeting Telnet. The attacker appears to be leveraging a data center hideout.
Russian Federation flag
194.26.135.129Russian FederationMoskvaMoscowMegaspace Ltd5556, 2011, 8933, 54320, 4007, 41011, 3491, 3513, 51007, 3506... (750 more)
Activity shows a focused approach on a handful of ports, such as 5556, 2011, 8933. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.145United StatesSouth CarolinaNorth CharlestonGoogle LLC15588, 8176, 55837, 3309, 52005, 47833, 9022, 3199, 8058, 19918... (501 more)
System monitoring reveals a focused approach on a handful of ports, such as 15588, 8176, 55837. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.23United StatesCaliforniaSanta ClaraPalo Alto Networks Inc32569, 8000, 2078, 30303, 50001, 9997, 44344, 5443, 4002, 4022... (169 more)
System monitoring reveals a focused approach on a handful of ports, such as 32569, 8000, 2078. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.60United StatesSouth CarolinaNorth CharlestonGoogle LLC1012, 31572, 48645, 9982, 994, 59910, 28500, 17237, 9173, 8432... (472 more)
Network inspection reveals a focused approach on a handful of ports, such as 1012, 31572, 48645. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.51United KingdomEnglandLondonGoogle LLC20022, 9975, 9769, 24523, 2521, 34873, 49181, 46338, 12266, 62333... (441 more)
Activity shows a focused approach on a handful of ports, such as 20022, 9975, 9769. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.95United StatesSouth CarolinaNorth CharlestonGoogle LLC31290, 29842, 86, 23023, 26, 45995, 60013, 33000, 2111, 9787... (488 more)
Digital footprint reveals a focused approach on a handful of ports, such as 31290, 29842, 86. The attacker appears to be leveraging a data center hideout.
France flag
37.44.238.144FranceProvence-Alpes-Cote-d'AzurManosqueHarmony Hosting Sarl8728
System analysis reveals a focused attack on port 8728. The attacker appears to be leveraging a data center hideout.
United States flag
167.248.133.135United StatesMichiganAnn ArborCensys Inc.11970, 60912, 55094, 52265, 44843, 46212, 60254, 58559, 3478, 59534... (251 more)
System analysis reveals a focused approach on a handful of ports, such as 11970, 60912, 55094. The attacker is perhaps masquerading as a search engine bot?
United States flag
162.216.150.17United StatesSouth CarolinaNorth CharlestonGoogle LLC47148, 8046, 50221, 4341, 48810, 43080, 15938, 13128, 9215, 38888... (485 more)
System analysis reveals a focused approach on a handful of ports, such as 47148, 8046, 50221. The attacker appears to be leveraging a data center hideout.