We gratefully acknowledge IPinfo.io for their generous support of academic research by providing free access to their comprehensive IP geolocation and intelligence data.

Traffic Report for rynzs (US, San Jose)

Linux | 0.89 GB | hosting

Page loaded: 2026-06-18 20:32:49 UTC

Actionable Threat Intelligence

Firewall IP Blocklists
Choose Your Blocklist Strategy

Three different blocklist options are available based on your security requirements and tolerance for false positives.

Recommended
LightScope Network Power

Harnesses the power of the entire LightScope network! Contains IPs that connected to honeypots across ALL LightScope endpoints.

  • 🌐 Network-wide threat intelligence
  • ✓ 100% verified genuine attackers
  • ✓ No spoofed IP addresses
  • ✓ Maximum protection coverage
Best Choice: Leverages the collective intelligence of the entire LightScope network. Safe for immediate deployment.
Download Recommended
Conservative
Endpoint-Specific Verified

Only includes IPs that completed a 3-way TCP handshake with THIS endpoint's honeypot services. These are verified genuine threat actors specific to your endpoint.

  • ✓ Endpoint-specific targeting
  • ✓ Zero spoofing risk
  • ✓ Safe for production
  • ✓ Targeted protection
Good Choice: For endpoint-specific protection. These IPs specifically targeted your infrastructure.
Download Conservative
Extreme (Not Recommended)
All Threat Actor IPs

Includes ALL individual threat actor IPs that targeted your network, including those that may be spoofed by competitors or other attackers.

  • 🚨 HIGH spoofing probability
  • ⚠️ WILL LIKELY block legitimate traffic
  • ⚠️ Can cause service disruption
  • ⚠️ NOT RECOMMENDED
Not Recommended: High risk of blocking legitimate services. Only for isolated environments.
Download Extreme
Firewall Import Instructions:
pfSense/OPNsense:
Firewall → Aliases → IP → Upload
Cisco ASA:
object-group network BLOCKLIST
iptables:
ipset create blocklist hash:ip
Format:
Plain text, one IP per line

Automate your blocklist updates! Use these wget commands to automatically download the latest blocklists for integration into scripts, cron jobs, or automated security workflows.

Recommended (Network-wide)
wget -O recommended_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20251004_pesszaxsjsanedtmkihqycumjrdaihwegcrtytwlpnrynzs/recommended"
Conservative (Endpoint-specific)
wget -O conservative_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20251004_pesszaxsjsanedtmkihqycumjrdaihwegcrtytwlpnrynzs/conservative"
Extreme (Not Recommended)
wget -O extreme_blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20251004_pesszaxsjsanedtmkihqycumjrdaihwegcrtytwlpnrynzs/extreme"
Example Automation Script:
#!/bin/bash
# Download latest LightScope blocklist
wget -q -O /tmp/blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20251004_pesszaxsjsanedtmkihqycumjrdaihwegcrtytwlpnrynzs/recommended"

# Apply to iptables
ipset flush lightscope_blocklist
while read ip; do
  ipset add lightscope_blocklist $ip
done < /tmp/blocklist.txt
Cron Job Example:
# Update blocklist every hour
0 * * * * /usr/local/bin/update_blocklist.sh

# Update blocklist daily at 2 AM
0 2 * * * wget -q -O /etc/firewall/blocklist.txt \
  "https://lightscope.isi.edu/blocklist/20251004_pesszaxsjsanedtmkihqycumjrdaihwegcrtytwlpnrynzs/recommended" \
  && /usr/local/bin/reload_firewall.sh
Pro Tip: Set up automated downloads to keep your firewall protection current. The blocklists are updated whenever new dashboard data is processed, ensuring you have the latest threat intelligence.
Internal Threats
None detected
No unwanted traffic from internal IP addresses
Changes To Targeted Ports
No major changes detected
No port changes above 300%
Overall Traffic Trends
Unknown Level
0.0% change (7-day)
Status:
  • Traffic levels are within normal range
  • Continue regular monitoring
  • Review other sections for insights
How to Use This Section

This section provides immediate, actionable insights from your threat intelligence data. Red items require immediate attention, yellow items need investigation, and green items indicate normal status. Click on the detailed sections below for comprehensive analysis and remediation steps.

Honeypot Analysis

IPs Connected to Honeypot Ports On Your Machine

Loading honeypot connections data...

Incomplete Connections: Attackers Started But Didn't Complete The 3-Way Handshake To Honeypot Ports

Loading incomplete connections data...

Honeypot Port Statistics

Loading port statistics...

Captured Commands

Loading payload analysis...

Honeypot Attack Timeline

Loading temporal analysis...

General Information

All Sources Unwanted Traffic Port Activity
Last 7 Days
Daily Unwanted Traffic Since Inception
Weekly Unwanted Traffic by Hour
Last 7 Days
Ports Targeted by Unwanted Traffic
Last 7 Days
Data Time Ranges:
  • Weekly Unwanted Traffic by Hour: Last 7 days
  • Daily Unwanted Traffic Since Inception: Complete history
  • Port Statistics: Last 7 days
Unique Threat Actors

20,415

Distinct sources of unwanted traffic

Comparative Analysis
Unwanted Traffic Concentration

Top threat subnets generate:

Top 5% of subnets (488 subnets): 90.4%
Top 10% of subnets: 93.5%
Top 20% of subnets: 95.8%
From 9,769 total threat subnets (380,793 unwanted packets)

Internal Threats

Threat Intelligence Analysis

Unwanted Traffic by Company/Organization
No company traffic data available
Unwanted Traffic by Country
No country traffic data available
Unwanted Traffic by Autonomous System (ASN)
No ASN traffic data available

Global Threat Intelligence

Global Threat Trends
Network-Wide Traffic Volume
Recent 30 days
0
Previous 30 days
0
0.0% change
Unique Threat Sources
Recent 30 days
0
Previous 30 days
0
0.0% change
Top Threat Source Countries
Country Packets Sources
Top Targeted Ports Globally
Port Hit Count Sources

Individual Threat Actors

Location Information
Country:United States (US)
City:Raleigh
Region:North Carolina
Postal Code:27601
Timezone:America/New_York
Network Information
ASN:AS11878
AS Name:tzulo, inc.
Company:Cloudfanatic
Domain:cloudfanatic.net
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days
Location Information
Country:Bulgaria (BG)
City:Sofia
Region:Sofia-Capital
Postal Code:1000
Timezone:Europe/Sofia
Network Information
ASN:AS50360
AS Name:Tamatiya EOOD
Company:Tamatiya EOOD
Domain:4vendeta.com
Privacy Information
Hosting:true
Proxy:
VPN:
Tor:
rynzs - Targeted Ports
Temporal Port Activity
Last 7 Days

Subnet Analysis (/24 Networks)

Unique Subnets

9,769

Distinct /24 networks with unwanted traffic

Ports Targeted by Subnets
Last 7 Days
Subnet Temporal Port Activity
Last 7 Days
Top Subnet Offenders
IPs in Subnet
IP Address Hit Count
79.124.56.230 8,654
79.124.56.238 8,002
79.124.56.178 8,000
79.124.56.246 8,000
79.124.56.250 8,000
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
79.124.49.234 8,002
79.124.49.86 8,001
79.124.49.82 8,000
79.124.49.114 7,995
79.124.49.146 7,990
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
107.152.44.215 22,780
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
79.124.58.130 8,002
79.124.58.218 7,993
79.124.58.162 159
79.124.58.142 158
79.124.58.234 1
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
78.128.114.166 10,366
78.128.114.22 524
78.128.114.110 520
78.128.114.174 305
78.128.114.50 302
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
162.216.150.191 56
162.216.150.116 53
162.216.150.198 51
162.216.150.164 50
162.216.150.59 50
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
35.203.211.138 54
35.203.211.81 53
35.203.211.45 52
35.203.211.50 52
35.203.211.92 52
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
162.216.149.104 55
162.216.149.122 55
162.216.149.165 55
162.216.149.117 48
162.216.149.167 48
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
147.185.133.189 59
147.185.133.56 50
147.185.133.143 49
147.185.133.200 48
147.185.133.35 48
Ports Targeted by This Subnet
Temporal Port Activity
IPs in Subnet
IP Address Hit Count
35.203.210.213 56
35.203.210.199 52
35.203.210.172 51
35.203.210.112 49
35.203.210.196 49
Ports Targeted by This Subnet
Temporal Port Activity
Complete Endpoint Data Export
Download All LightScope Data For This Endpoint

Get the complete raw dataset for this endpoint in CSV format. This includes all network traffic data, timestamps, IP addresses, ports, and other collected intelligence from the lightscope_honeypot_included_data table.

  • Format: CSV (Comma-Separated Values)
  • Contents: All endpoint data ordered by most recent first
  • Use Case: Research, analysis, custom reporting, data science
  • Compatibility: Excel, Python pandas, R, SQL imports
Download All Data
CSV format
Note: This download contains the raw data used to generate all dashboard visualizations and analytics. File size depends on the amount of traffic data collected for this endpoint.