31.210.21.51 Threat Intelligence and Host Information

Share on:
May 22, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 31.210.21.51 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: C&C, Nextray, awsau, awsbah, cyber security, ioc, malicious, ntp, phishing, scanners
  • JARM: 05d10d20d21d20d05c05d10d05d20d74fcf6501ae7a92319e575bfafd2a827

  • View other sources: Spamhaus VirusTotal

  • Country: Netherlands
  • Network: AS211252 delis llc
  • Noticed: 17 times
  • Protcols Attacked: ntp
  • Countries Attacked: Australia, Bahrain, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: c1k.top t.c1k.top

Malware Detected on Host

Count: 13 47cfdb41863b58b03419a7541b877e1b2c8a1d1ee43814c3cf30cd51ca11ea59 02a7e692565ec5704e052fe0fdf181455c07713d189365bed931dcc3e0dbc6d8 c9c0101494b51d0be1f2879aeda1cdb99f00dea82359c57a6cad2a788f01310a 1ad4e2b1ff6afdf1ed4424988fe71e5a629e7d5dbc9aa531e4ed8213082d35e8 8d8d2f50e178d554beb3cf5f24fe2bec4693c90ec91972954664adf734fd771c 4dfce040e5b22a846edd2e3ee024d55e8fb2fbe37af3a9abac7231212eb177a1 603f6ba05f3c444d45e7766faa0d6365d4106021764af529d1c1802bde8e35c4 9366c9bb21f9a88eccef912c3f005ff5b03ee94290d0f2b400c2e6da12560979 e40152dee18f7f688770e38710c7aeaa04aa0ae838b366c62f6fe4d3afad1dc6 a06f5685904ef6adec87d767bde2690026ddadaebc39981f04e0ab6460ebccb4

Map

Whois Information

  • inetnum: 31.210.21.0 - 31.210.21.255
  • netname: SERVER-31-210-21-0
  • country: NL
  • org: ORG-SB652-RIPE
  • admin-c: SBAH16-RIPE
  • tech-c: SBAH16-RIPE
  • status: ASSIGNED PA
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:22:20Z
  • last-modified: 2022-10-21T10:22:20Z
  • organisation: ORG-SB652-RIPE
  • org-name: Serverion BV
  • org-type: OTHER
  • address: Krammer 8
  • address: 3232HE Brielle
  • address: Netherlands
  • abuse-c: SBAH16-RIPE
  • mnt-ref: PREFIXBROKER-MNT
  • mnt-by: PREFIXBROKER-MNT
  • created: 2021-02-26T12:34:24Z
  • last-modified: 2021-02-26T12:34:24Z
  • role: Serverion BV abuse handling
  • address: Krammer 8
  • address: 3232HE Brielle
  • address: Netherlands
  • nic-hdl: SBAH16-RIPE
  • mnt-by: PREFIXBROKER-MNT
  • created: 2021-02-26T12:34:24Z
  • last-modified: 2021-02-26T12:34:24Z
  • abuse-mailbox: [email protected]
  • route: 31.210.21.0/24
  • origin: AS211252
  • mnt-by: PREFIXBROKER-MNT
  • created: 2021-05-31T06:45:00Z
  • last-modified: 2021-05-31T06:45:00Z

Links to attack logs

awsbah-ntp-bruteforce-ip-list-2021-05-26 awsau-ntp-bruteforce-ip-list-2021-05-20 awsbah-ntp-bruteforce-ip-list-2021-05-22 awsau-ntp-bruteforce-ip-list-2021-05-26