Realtime analytics output

  • Prepared with the aid of a Selenium automated testing system running containerized on the cluster.
  • Updated hourly.
  • There are two analytics clusters running which provide these reports.
    • OpenSearch cluster
    • ElasticSearch cluster. (shutdown - to be replaced by OpenSearch)
  • Reports (now @WhoIsScanningMe via )
  • Selenium Automated Testing (external link)

OpenSearch cluster Firewall Rejection analytics

What do these report graphs mean?

  • Vulnerability scans - Unsolicited Port scans. In these "attacks" the source address means where it's coming from. These are a form of, sometimes malicous, reconnaissance.
  • Reflection/Amplification DDoS attacks. Some interpretation is needed to explain the essential properties of this form of DDoS cyber attack. However, usually the source address listed is the victim (in these graphs the source address is anonymized for legal reasons).
  • Measurements by country of how likely source addresses can be spoofed at all. Updated at least daily.
  • Bot detection and tracking: 6fepxz21f - just google this to locate page replicas if any.