Tools

Security tools are a core part of any organisation’s cyber security policy and should not be treated as optional. They support early detection of suspicious activity, investigation of security events, and fast triage of risk indicators such as IP addresses, domains and service exposure. In today’s environment of continuous automated scanning and credential‑stuffing, having reliable, repeatable tooling and clear telemetry is critical for both prevention and incident response.

IP / Domain Check

IP adress (IPv4) Domain

Security overview

A concise overview of aggregated insights derived from internal telemetry. The tools available on this page are based on real-world data collected from the operation of network infrastructure and are intended to support informed decision-making, not to replace a comprehensive security solution. Their purpose is to provide a rapid view of potential threats and to highlight situations that warrant closer investigation.

79 997 Total events

38 275 Unique IPs (all time)

3 371 Events (last 24h)

21 148 Unique IPs (last 30 days)

153 Source countries (30d)

Top services (last 30 days)

smb (39,6 %) ssh (31,2 %) telnet (20,3 %) rdp (7,4 %) ntp (1,5 %)

Updated (UTC)

2026-03-09 23:15:01

Note: The metrics below are aggregated from an internal database built from passive telemetry across monitored network edges. CYNERA does not perform active scanning of third‑party systems.

Internal feed: suspicious IPs observed in network telemetry

One output of our passive network monitoring is the detection of unauthorised access attempts and login probes. We continuously observe and classify these events by target service (for example SSH, RDP, SMB, Telnet). The dataset below shows the Top 5 patterns from the last 24 hours. Percentages indicate on how many monitored network elements the same activity was observed (coverage), not the absolute event count.

IP	Coverage	Port	Service	First seen	Last seen
78.128.114.38	84%	3380-3399	rdp	2025-12-30 22:15:01	2026-03-09 23:15:01
103.61.122.90	80%	22	ssh	2026-03-09 22:15:01	2026-03-09 23:15:01
78.128.114.66	80%	3380-3399	rdp	2026-01-21 04:15:02	2026-03-09 14:15:01
80.94.95.115	72%	22	ssh	2026-01-01 22:15:01	2026-03-09 23:15:01
185.156.73.233	72%	22	ssh	2026-01-01 22:15:01	2026-03-09 23:15:01

Internal feed: unsolicited services and top source countries

This view summarises unsolicited activity by service (for example L2TP, NTP, RDP, SMB, SSH, Telnet) and highlights the most common source countries. For each service we list the five most frequent countries observed in our telemetry. Percentages represent the country’s share within that specific service (service‑level distribution), not the overall share across all services. This helps identify regional characteristics and distinguish broad campaigns from local anomalies.

Service	Top 5 countries
ssh	United States (23%), The Netherlands (21%), China (10%), Vietnam (9%), Hong Kong (6%)
telnet	China (15%), United States (12%), Pakistan (7%), Brazil (5%), Russia (5%)
rdp	United States (29%), France (11%), Hong Kong (8%), The Netherlands (7%), Germany (7%)
smb	Indonesia (21%), Russia (10%), India (8%), Vietnam (6%), China (4%)
ntp	United States (41%), The Netherlands (11%), France (9%), Germany (5%), United Kingdom (5%)

The lists (feeds) presented here should not be interpreted as a blacklist.
They represent operational telemetry only, such as repeated login attempts or other forms of observed unsolicited activity.