IPMediumSignal 83/100
31.57.228.28
Location
Iran, Islamic Republic ofDubai, Dubai
ASN
AS21859
Zenlayer Inc
First Seen
Apr 10, 2025
Last Seen
Feb 15, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIran, Islamic Republic of
Iran, Islamic Republic ofRegionDubai, Dubai
ASNAS21859
OrganizationZenlayer Inc
Feed Intelligence Summary
8 reports83% confidence
8
Source reports
83%
Confidence score
Category tags
aptasyncratbianlianbotnetc2censyscobaltstrikecommand and controlcredential harvestingdata exfiltrationdcratdistributed attackshak5_cloud_c2havocindicatoriran, islamic republic ofmalicious softwaremalwaremythicnetsupportratnetworkprocess injectionqakbotremcos trojanremote accessremote servicesresearchedreverse_sshself-signedsliversocial media exploitationsupershellt1005t1016t1021t1021.001t1027t1036t1047t1053t1055t1059t1059.003t1068t1071t1071.001t1078t1083t1105t1190t1204t1486t1496t1499.002t1499.003t1547t1565t1566t1572t1583t1584t1588t1592t1595t1598united arab emirateszen-ecn
Activity Timeline
Feb 15Feb 15
Threat Activity Heatmap
· Peak: 2026-02-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
8
Reports
First seenApr 10, 2025
Last seenFeb 15, 2026
GeolocationIR
CountryIran, Islamic Republic of
LocationDubai, Dubai
ASNAS21859
OrgZenlayer Inc
Coords35.6980, 51.4115
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 31.57.228.0 - 31.57.228.255 netname: NET-31-57-228-0-24 country: US geofeed: https://geofeed.ipxo.com/geofeed.txt org: ORG-PC392-RIPE admin-c: PC18935-RIPE tech-c: PC18935-RIPE abuse-c: PC18935-RIPE status: ASSIGNED PA remarks: End User Organization mnt-by: netutils-mnt created: 2024-12-13T07:35:32Z last-modified: 2024-12-13T07:35:32Z source: RIPE organisation: ORG-PC392-RIPE org-name: Private Customer org-type: OTHER remarks: End User Organization address: Private Residence country: US abuse-c: PC18935-RIPE mnt-ref: IPXO-MNT mnt-ref: netutils-mnt mnt-by: IPXO-MNT mnt-by: netutils-mnt created: 2024-01-22T15:27:12Z last-modified: 2024-12-05T09:21:56Z source: RIPE # Filtered role: Private Customer address: Private Residence nic-hdl: PC18935-RIPE remarks: End User Organization abuse-mailbox: [email protected] mnt-by: netutils-mnt created: 2024-01-22T15:27:12Z last-modified: 2024-12-05T09:42:07Z source: RIPE # Filtered route: 31.57.228.0/24 origin: AS21859 mnt-by: netutils-mnt created: 2024-12-13T07:35:31Z last-modified: 2024-12-13T07:35:31Z source: RIPE
- references
- https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1910148738238054618, https://x.com/drb_ra/status/1910222573872284010, https://x.com/drb_ra/status/1910222598555791704, https://x.com/drb_ra/status/1910222624833090030, https://x.com/drb_ra/status/1910222648249823375, https://x.com/drb_ra/status/1910223168997896487, https://x.com/drb_ra/status/1910223189940019501, https://x.com/drb_ra/status/1910223210899009772, https://x.com/drb_ra/status/1910223232046612770, https://x.com/drb_ra/status/1910223253550801021, https://x.com/drb_ra/status/1910223275159937220, https://x.com/drb_ra/status/1910223296173387977, https://x.com/drb_ra/status/1910223317396500959, https://x.com/drb_ra/status/1910223338535891048, https://x.com/drb_ra/status/1910223370530025889, https://x.com/drb_ra/status/1910223402335416334, https://x.com/drb_ra/status/1910223428923142243, https://x.com/drb_ra/status/1910223456081228153, https://x.com/drb_ra/status/1910223479460274522, https://x.com/drb_ra/status/1910223504219263198, https://x.com/drb_ra/status/1910223528525254947, https://x.com/drb_ra/status/1910224046899319245, https://x.com/drb_ra/status/1910224065631056223, https://x.com/drb_ra/status/1910242292251664433, https://x.com/drb_ra/status/1910283271977460203, https://x.com/drb_ra/status/1910283291271327953, https://x.com/drb_ra/status/1910283309977907389, https://x.com/drb_ra/status/1910283327656894895, https://x.com/drb_ra/status/1910283345998528679, https://x.com/drb_ra/status/1910283365506297867, https://x.com/drb_ra/status/1910287422606242092, https://x.com/drb_ra/status/1910287440805245424, https://x.com/drb_ra/status/1910287458790482197, https://x.com/drb_ra/status/1910287477320843603, https://x.com/drb_ra/status/1910287496388260190, https://x.com/drb_ra/status/1910403813460078602, https://x.com/drb_ra/status/1910403831260684574, https://x.com/drb_ra/status/1910403848407240758, https://x.com/drb_ra/status/1910403866161471601, https://x.com/drb_ra/status/1910404383302430738, https://x.com/drb_ra/status/1910404401082360188, https://x.com/drb_ra/status/1910404419058819434, https://x.com/drb_ra/status/1910404437455077693, https://x.com/drb_ra/status/1910404456585498790, https://x.com/drb_ra/status/1910404475208294614, https://x.com/drb_ra/status/1910404494682448186, https://x.com/drb_ra/status/1910404515649511442, https://x.com/drb_ra/status/1910404536574869757, https://x.com/drb_ra/status/1910404558561362245, https://x.com/drb_ra/status/1910404579415511478, https://x.com/drb_ra/status/1910404601183895801, https://x.com/drb_ra/status/1910404622084170174, https://x.com/drb_ra/status/1910404642879455664, https://x.com/drb_ra/status/1910404666128560450, https://x.com/drb_ra/status/1910404687083294964, https://x.com/drb_ra/status/1910404708620972467, https://x.com/drb_ra/status/1910404730201002244, https://x.com/drb_ra/status/1910404751340064975, https://x.com/drb_ra/status/1910404772412452915, https://x.com/drb_ra/status/1910404792981348787, https://x.com/drb_ra/status/1910405311867097514, https://x.com/drb_ra/status/1910405331232186577, https://x.com/drb_ra/status/1910405352404766782, https://x.com/drb_ra/status/1910405373129064764, https://x.com/drb_ra/status/1910405394700394935, https://x.com/drb_ra/status/1910405416669892646, https://x.com/drb_ra/status/1910424181424177566, https://x.com/drb_ra/status/1910424200130478579, https://x.com/drb_ra/status/1910424220007309729
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports