Tools

Security tools are a core part of any organisation’s cyber security policy and should not be treated as optional. They support early detection of suspicious activity, investigation of security events, and fast triage of risk indicators such as IP addresses, domains and service exposure. In today’s environment of continuous automated scanning and credential‑stuffing, having reliable, repeatable tooling and clear telemetry is critical for both prevention and incident response.

IP / Domain Check

IP adress (IPv4) Domain

Security overview

A concise overview of aggregated insights derived from internal telemetry. The tools available on this page are based on real-world data collected from the operation of network infrastructure and are intended to support informed decision-making, not to replace a comprehensive security solution. Their purpose is to provide a rapid view of potential threats and to highlight situations that warrant closer investigation.

25 185 Total events

13 355 Unique IPs (all time)

3 266 Events (last 24h)

13 355 Unique IPs (last 30 days)

157 Source countries (30d)

Top services (last 30 days)

smb (41,8 %) ssh (28,7 %) telnet (19,4 %) rdp (7,9 %) ntp (2,2 %)

Updated (UTC)

2026-01-23 12:15:01

Note: The metrics below are aggregated from an internal database built from passive telemetry across monitored network edges. CYNERA does not perform active scanning of third‑party systems.

Internal feed: suspicious IPs observed in network telemetry

One output of our passive network monitoring is the detection of unauthorised access attempts and login probes. We continuously observe and classify these events by target service (for example SSH, RDP, SMB, Telnet). The dataset below shows the Top 5 patterns from the last 24 hours. Percentages indicate on how many monitored network elements the same activity was observed (coverage), not the absolute event count.

IP	Coverage	Port	Service	First seen	Last seen
79.124.49.102	88%	3380-3399	rdp	2025-12-30 18:15:01	2026-01-23 12:15:01
92.63.197.236	88%	3380-3399	rdp	2025-12-30 13:41:33	2026-01-23 12:15:01
78.128.114.130	88%	3380-3399	rdp	2025-12-30 13:41:33	2026-01-23 12:15:01
78.128.114.126	84%	3380-3399	rdp	2025-12-30 13:41:33	2026-01-23 12:15:01
3.130.96.91	80%	22	ssh	2026-01-01 18:15:01	2026-01-23 12:15:01

Internal feed: unsolicited services and top source countries

This view summarises unsolicited activity by service (for example L2TP, NTP, RDP, SMB, SSH, Telnet) and highlights the most common source countries. For each service we list the five most frequent countries observed in our telemetry. Percentages represent the country’s share within that specific service (service‑level distribution), not the overall share across all services. This helps identify regional characteristics and distinguish broad campaigns from local anomalies.

Service	Top 5 countries
ssh	The Netherlands (29%), United States (25%), China (10%), Hong Kong (8%), Vietnam (7%)
telnet	United States (12%), China (12%), Ukraine (6%), Brazil (5%), Pakistan (5%)
rdp	United States (24%), Bulgaria (11%), The Netherlands (11%), Hong Kong (9%), Germany (8%)
smb	Indonesia (24%), India (8%), Russia (7%), Vietnam (7%), China (6%)
ntp	United States (41%), The Netherlands (12%), France (5%), Germany (4%), Hong Kong (3%)

The lists (feeds) presented here should not be interpreted as a blacklist.
They represent operational telemetry only, such as repeated login attempts or other forms of observed unsolicited activity.