Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 4,680 unique cyber attackers who, collectively, were responsible for 20,630 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
China flag
116.147.40.93ChinaBeijingBeijingChina United Network Communications Corpo...22
System analysis reveals a focused attack targeting SSH.
United Kingdom flag
87.236.176.171United KingdomEnglandLondonConstantine Cybersecurity Ltd.22, 9000
Digital footprint reveals a selective approach targeting SSH, and others. The attacker appears to be leveraging a data center hideout.
United States flag
162.142.125.228United StatesMichiganAnn ArborCensys Inc.35045, 1587, 5390, 57547, 7094, 35415, 11095, 43594, 12688, 30694... (1260 more)
Network inspection reveals a focused approach on a handful of ports, such as 35045, 1587, 5390. The attacker is perhaps masquerading as a search engine bot?
Korea (Republic of) flag
222.104.10.148Korea (Republic of)Gyeonggi-doSeongnamKT Corporation23
Network inspection reveals a focused attack targeting Telnet.
United States flag
47.251.32.124United StatesCaliforniaLos AngelesAliCloud91, 15504, 8641, 12442, 61619, 8873, 8437, 12451, 8686, 8250... (61 more)
System monitoring reveals a focused approach on a handful of ports, such as 91, 15504, 8641. The attacker appears to be leveraging a data center hideout.
France flag
195.184.76.23France--Visteria LLC10256, 18082, 13291, 17461, 17076, 11589, 13446, 11645, 10280, 18245... (4 more)
Activity shows a focused approach on a handful of ports, such as 10256, 18082, 13291. The attacker appears to be leveraging a data center hideout.
United States flag
20.98.142.97United StatesIowaDes MoinesMicrosoft Corporation30001, 5800, 5094, 512, 4443, 137
System monitoring reveals a focused approach on a handful of ports, such as 30001, 5800, 5094. The attacker appears to be leveraging a data center hideout.
Taiwan, Province of China flag
114.33.31.30Taiwan, Province of ChinaTaipeiTaipeiChunghwa Telecom Co. Ltd.70, 83, 5000, 23
System monitoring reveals a selective approach targeting Telnet, and others.
United Kingdom flag
35.203.210.224United KingdomEnglandLondonGoogle LLC89, 9159, 8423, 9408, 9555, 333, 9256, 33669, 4442, 33889... (1552 more)
System analysis reveals a focused approach on a handful of ports, such as 89, 9159, 8423. The attacker appears to be leveraging a data center hideout.
United States flag
45.79.109.193United StatesCaliforniaFremontAkamai Technologies Inc.13333, 853, 13785, 8388, 59001, 631, 8062, 3790, 10397, 10549... (1075 more)
Activity shows a focused approach on a handful of ports, such as 13333, 853, 13785. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
185.165.191.27United KingdomEnglandLondonBlackHOST Ltd.389, 175, 4433, 102, 1443, 8139, 1099, 11434, 7547, 8800... (326 more)
Digital footprint reveals a focused approach on a handful of ports, such as 389, 175, 4433. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.106United StatesSouth CarolinaNorth CharlestonGoogle LLC46660, 49142, 10444, 45136, 47790, 21234, 51399, 43080, 48087, 9684... (1586 more)
Network inspection reveals a focused approach on a handful of ports, such as 46660, 49142, 10444. The attacker appears to be leveraging a data center hideout.
Belgium flag
45.156.128.128BelgiumBrussels Hoofdstedelijk GewestBrusselsNSEC - Sistemas Informaticos S.A.4840, 17, 5000, 9306, 32400, 7777, 8443, 60112, 60129, 60137... (10 more)
Activity shows a focused approach targeting HTTPS, and others. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.240United KingdomEnglandLondonGoogle LLC61718, 9154, 9115, 9776, 9720, 9388, 8061, 47804, 46616, 8830... (1563 more)
Network inspection reveals a focused approach on a handful of ports, such as 61718, 9154, 9115. The attacker appears to be leveraging a data center hideout.
United States flag
47.251.91.113United StatesCaliforniaLos AngelesAliCloud7776, 9209, 8640, 8850, 10033, 16403, 8886, 7681, 49501, 10011... (53 more)
Activity shows a focused approach on a handful of ports, such as 7776, 9209, 8640. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.140United KingdomEnglandLondonGoogle LLC9292, 9343, 27001, 47783, 9605, 3192, 45343, 47131, 9955, 9905... (1561 more)
Network inspection reveals a focused approach on a handful of ports, such as 9292, 9343, 27001. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.37United KingdomEnglandLondonGoogle LLC9775, 5900, 49242, 9392, 60230, 4366, 10017, 9748, 9462, 49751... (1530 more)
Digital footprint reveals a focused approach targeting VNC, and others. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.132.116United StatesCaliforniaSanta ClaraPalo Alto Networks Inc3392, 31246, 30331, 49085, 8035, 49018, 45818, 2911, 8870, 49830... (896 more)
System analysis reveals a focused approach on a handful of ports, such as 3392, 31246, 30331. The attacker appears to be leveraging a data center hideout.
Taiwan, Province of China flag
125.229.4.249Taiwan, Province of ChinaTaipeiTaipeiChunghwa Telecom Co. Ltd.50100, 8081, 81, 84, 8000, 79, 9001, 8888, 6700, 23... (5 more)
Digital footprint reveals a focused approach targeting Telnet, and others.
United Kingdom flag
35.203.210.220United KingdomEnglandLondonGoogle LLC9229, 36510, 9345, 9267, 9917, 3388, 8097, 9405, 9601, 9680... (1561 more)
System monitoring reveals a focused approach on a handful of ports, such as 9229, 36510, 9345. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.75United KingdomEnglandLondonGoogle LLC9566, 25370, 6555, 47638, 1012, 9150, 2135, 45344, 27232, 50014... (1510 more)
System analysis reveals a focused approach on a handful of ports, such as 9566, 25370, 6555. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.208United StatesSouth CarolinaNorth CharlestonGoogle LLC8808, 9476, 9427, 54445, 2382, 45812, 17777, 42715, 34487, 366... (1621 more)
Activity shows a focused approach on a handful of ports, such as 8808, 9476, 9427. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.50United KingdomEnglandLondonGoogle LLC1866, 41800, 13345, 9028, 666, 8009, 47624, 9210, 51000, 9862... (1557 more)
System analysis reveals a focused approach on a handful of ports, such as 1866, 41800, 13345. The attacker appears to be leveraging a data center hideout.
China flag
106.60.69.136ChinaYunnanLijiangChinaNet Yunnan Province Network22
System monitoring reveals a focused attack targeting SSH.
United States flag
206.168.34.130United StatesMichiganAnn ArborCensys Inc.1605, 55702, 60915, 44606, 25722, 27972, 10547, 12222, 23719, 60389... (946 more)
System analysis reveals a focused approach on a handful of ports, such as 1605, 55702, 60915. The attacker is perhaps masquerading as a search engine bot?