Is Crowdsec inflating their numbers, or is my site just very exposed? (2024 wrap up numbers)

So This is the first year in 2-3 of self hosting a public domain where I setup crowdsec bouncer with traefik. I signed up for the free service, and added in a a few of the more popular block lists.

This year's review says...

You reported 3053 attacks, placing you in the top 19% of active organizations. You're on top of things.

You identified 430 distinct IPs, ranking you in the top 30% for unique attackers met.

Your most eventful day was the 9th of November , with 21 unique attackers, ranking you in the top 23% most targeted organizations for this specific day.

Most of your reports were about HTTP Exploit , accounting for 74.88% of attacks and placing you in the top 15% defenders against this behavior.

This looks... insane? My site is 'private' as in I don't post the URL online, only shared with friends to do plex requests and automatic inviting, and family to share bitwarden (behind aethalia)

Are the numbers somehow inflated, or is crowdsec just not used that much so even the 1000s of sites make the %s look larger than they actually are? I also have country blocking enabled on Cloudflare, so theoretically many things are blocked at a DNS level as well.