Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 4,284 unique cyber attackers who, collectively, were responsible for 18,601 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
United States flag
45.79.82.114United StatesCaliforniaFremontAkamai Technologies Inc.57891, 8292, 1195, 5400, 5091, 10003, 9191, 1514, 49669, 49693... (971 more)
Digital footprint reveals a focused approach on a handful of ports, such as 57891, 8292, 1195. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.206United StatesSouth CarolinaNorth CharlestonGoogle LLC5540, 9447, 8605, 2006, 40057, 59630, 6022, 9119, 29080, 9258... (1137 more)
Network inspection reveals a focused approach on a handful of ports, such as 5540, 9447, 8605. The attacker appears to be leveraging a data center hideout.
United States flag
47.251.92.46United StatesCaliforniaLos AngelesAliCloud50005, 3107, 12492, 10444, 8189, 8380, 8006, 8007, 8912, 6443... (11 more)
Network inspection reveals a focused approach on a handful of ports, such as 50005, 3107, 12492. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.103United StatesCaliforniaSanta ClaraPalo Alto Networks Inc38080, 31337, 52200, 2379, 47001, 2001, 50996, 2002, 118, 143... (164 more)
System analysis reveals a focused approach targeting IMAP, and others. The attacker appears to be leveraging a data center hideout.
United States flag
208.80.248.26United StatesCaliforniaDiamond BarCDNetworks Inc8020, 4890, 59666, 13374, 16509, 8436, 4389, 6900, 37777, 1723... (23 more)
System monitoring reveals a focused approach on a handful of ports, such as 8020, 4890, 59666. The attacker appears to be leveraging a data center hideout.
United States flag
167.94.145.108United StatesMichiganAnn ArborCensys Inc.15020, 15040, 26080, 8080, 51080, 8690, 143, 8620, 33049, 30000... (41 more)
Activity shows a focused approach targeting HTTP, IMAP, and others. The attacker is perhaps masquerading as a search engine bot?
United States flag
147.185.133.153United StatesCaliforniaSanta ClaraPalo Alto Networks Inc2004, 45315, 46073, 4433, 47394, 2350, 8501, 49167, 1427, 8185... (325 more)
Network inspection reveals a focused approach on a handful of ports, such as 2004, 45315, 46073. The attacker appears to be leveraging a data center hideout.
China flag
8.134.174.114ChinaGuangdongGuangzhouAliyun Computing Co. Ltd23
System analysis reveals a focused attack targeting Telnet. The attacker appears to be leveraging a data center hideout.
United States flag
199.45.154.184United StatesMichiganAnn ArborCensys Inc.2077, 2083, 104, 41795, 4444, 3390, 102, 2323, 7001, 2404... (174 more)
System monitoring reveals a focused approach on a handful of ports, such as 2077, 2083, 104. The attacker is perhaps masquerading as a search engine bot?
United Kingdom flag
35.203.210.35United KingdomEnglandLondonGoogle LLC48501, 46658, 8006, 9376, 46724, 59765, 9867, 9018, 6001, 21279... (1102 more)
System analysis reveals a focused approach on a handful of ports, such as 48501, 46658, 8006. The attacker appears to be leveraging a data center hideout.
United States flag
162.142.125.229United StatesMichiganAnn ArborCensys Inc.18525, 56546, 56881, 64583, 8597, 39555, 59745, 24895, 11747, 19988... (757 more)
Activity shows a focused approach on a handful of ports, such as 18525, 56546, 56881. The attacker is perhaps masquerading as a search engine bot?
United Kingdom flag
35.203.210.222United KingdomEnglandLondonGoogle LLC13128, 6004, 49355, 9107, 27577, 8844, 9945, 8172, 5911, 5090... (1109 more)
Activity shows a focused approach on a handful of ports, such as 13128, 6004, 49355. The attacker appears to be leveraging a data center hideout.
China flag
123.235.152.228ChinaShandongQingdaoChina Unicom Shandong Province Network23
Digital footprint reveals a focused attack targeting Telnet.
United Kingdom flag
35.203.211.220United KingdomEnglandLondonGoogle LLC3919, 47935, 7002, 50921, 3977, 9996, 47982, 34465, 50998, 1139... (1113 more)
System monitoring reveals a focused approach on a handful of ports, such as 3919, 47935, 7002. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.132.177United StatesCaliforniaSanta ClaraPalo Alto Networks Inc1911, 2001, 2525, 8899, 4911, 3389, 7093, 21, 10259, 102... (79 more)
System monitoring reveals a focused approach targeting RDP, FTP, and others. The attacker appears to be leveraging a data center hideout.
United States flag
170.187.165.218United StatesNew JerseyCedar KnollsAkamai Technologies Inc.7071, 51005, 37215, 9785, 8401, 8881, 37, 49186, 60002, 501... (967 more)
Network inspection reveals a focused approach on a handful of ports, such as 7071, 51005, 37215. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.145United KingdomEnglandLondonGoogle LLC8002, 9289, 49578, 18061, 21025, 30000, 46111, 8109, 9563, 29403... (1095 more)
System analysis reveals a focused approach on a handful of ports, such as 8002, 9289, 49578. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.21United KingdomEnglandLondonGoogle LLC2465, 4341, 8138, 20205, 47148, 20002, 32001, 9540, 21328, 48486... (1091 more)
Digital footprint reveals a focused approach on a handful of ports, such as 2465, 4341, 8138. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.162United KingdomEnglandLondonGoogle LLC9607, 9987, 45914, 49999, 8878, 9466, 47838, 962, 30278, 8174... (1068 more)
System monitoring reveals a focused approach on a handful of ports, such as 9607, 9987, 45914. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.63United KingdomEnglandLondonGoogle LLC45206, 54922, 22000, 10548, 48453, 9502, 48197, 4389, 47691, 59603... (1086 more)
Network inspection reveals a focused approach on a handful of ports, such as 45206, 54922, 22000. The attacker appears to be leveraging a data center hideout.
Netherlands flag
185.224.128.83NetherlandsNoord-HollandAmsterdamAlsycon B.V.5501, 5500, 8088, 8888, 8081, 8080, 81, 2345, 60001, 4719... (1 more)
System analysis reveals a focused approach targeting HTTP, and others. The attacker appears to be leveraging a data center hideout.
United States flag
104.209.33.87United StatesCaliforniaSan FranciscoMicrosoft Corporation3389, 2375, 22, 30001, 1433, 47808, 1962, 10001
System analysis reveals a focused approach targeting RDP, SSH, and others. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.133.191United StatesCaliforniaSanta ClaraPalo Alto Networks Inc183, 4566, 32, 58605, 18880, 21194, 37405, 86, 9433, 48158... (318 more)
System analysis reveals a focused approach on a handful of ports, such as 183, 4566, 32. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.248United StatesSouth CarolinaNorth CharlestonGoogle LLC45283, 12021, 34463, 9691, 9053, 8046, 6335, 9136, 48241, 8741... (1118 more)
Network inspection reveals a focused approach on a handful of ports, such as 45283, 12021, 34463. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.133.107United StatesCaliforniaSanta ClaraPalo Alto Networks Inc28282, 21329, 9859, 48703, 48132, 2076, 36781, 33061, 47675, 8823... (336 more)
Network inspection reveals a focused approach on a handful of ports, such as 28282, 21329, 9859. The attacker appears to be leveraging a data center hideout.