This command will show all connections (including IP address) to port 80. You are able to change this port if your web server does not run on this by changing the |grep :80| section in the command below
Show static view of connections to port 80:

 netstat -punt | grep ':80.*ESTAB' | awk '{ print $5}' | cut -d':' -f4 | sort | uniq -c | sort -rn | while read i; do echo -n "$i "; curl -s http://ip-api.com/csv/$(echo "$i" | awk '{ print $2 }') | cut -d',' -f2; sleep 1; done

6 x.x.x.x "United States"
5 x.x.x.x Ireland
2 x.x.x.x "United Kingdom"
2 x.x.x.x "South Africa"
2 x.x.x.x China
1 x.x.x.x "United Kingdom"
1 x.x.x.x "Czech Republic"

netstat -nap | awk '$4~/:80$/{print$5}' | awk -F: '{print$(NF-1)}' | sort | uniq -c | sort -nr | head -20

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

netstat -ant | egrep ":80|:443" | egrep "ESTABLISHED|SYN_RECV" | awk '{ print $5 }' | sed -e 's/\:\:ffff\://g' | awk -F: '{print $1}' | sort | uniq -c | sort -nr |awk '{print $1 " "$2}'

while x=0; do clear;date;echo "";echo "  [Count] | [IP ADDR]";echo "-------------------";netstat -np|grep :80|grep -v LISTEN|awk '{print $5}'|cut -d: -f1|uniq -c; sleep 5;done

Once you have this output you may want to toubleshoot the location. Is this a ddos? an dos?

whois x.x.x.x | grep 'country\|address'

whois x.x.x.x | egrep 'role:|address:|abuse-mailbox:'