Attack statistics

Attacking devices

About this data

Information about the attacking devices is obtained through our IoT device fingerprinting scans. When an IP is then seen attacking our honeypot sensors or darknet (aka. "network telescope") systems we check it against the latest scan results for that IP and infer the device make-and-model. Please note that this assessment is not necessarily 100% accurate due to device churn and port forwarding (multiple device types responding on different ports). It may also be a device behind that device IP that is actually infected or used for attacks (NAT).

IoT device fingerprinting and honeypot attack statistics co-financed by the Connecting Europe Facility of the EU.

Development of the Shadowserver Dashboard was funded by the UK FCDO. IoT device fingerprinting statistics and honeypot attack statistics co-financed by the Connecting Europe Facility of the European Union (EU CEF VARIoT project).

We would like to thank all our partners that kindly contribute towards data used in the Shadowserver Dashboard, including (alphabetically) APNIC Community Feeds, CISPA, if-is.net, Kryptos Logic, SecurityScorecard, Yokohama National University and all those who chose to remain anonymous.

Shadowserver uses cookies to gather analytics. This allows us to measure how the site is used and improve the experience for our users. For more information about cookies and how Shadowserver uses them, see our privacy policy. We need your consent to use cookies in this way on your device.