← Back

Subnet Overview

Model: v1 Updated: Feb. 20, 2026, 12:19 p.m.

Report for 31.57.159.0/24

Behavioral baseline and contextual score for this subnet.

Contextual Risk

Syndu matches the queried target properties against aggregated behavioral baselines across the IP hierarchy and calculates a contextual risk score from the matched dimensions.

--unknown

Contextual Risk

Context-aware score.

Total Hits

164

Total Errors

First Seen

March 20, 2025, 2 a.m.

Last Seen

March 21, 2025, 2 a.m.

Risk Level

Risk Score

Dimension Baselines

Matched dimensions contribute directly to the contextual score. Each value links to the corresponding report and latest computed baseline.

Create API Account Risk API Docs View Pricing

Access Mode

Visitor mode shows a reduced view for performance (recent activity window and lighter deep analysis surfaces). Log in or create an account to unlock full-history subnet analysis and richer tooling.

Traffic ready Risk ready Snapshot ready Window March 17, 2025, midnight → March 24, 2025, midnight Model v1

Behavioral Risk

Model: v1 Computed: Feb. 20, 2026, 1:36 p.m.

Subnet risk score

Low

Risk gradient

Contributor codes are normalized (e.g. sqli, cmdi, trav, sfp). Totals and breakdowns are derived from subnet rollups and explainability tables only.

Annotator influence radar

Rendering annotator influence profile…

Normalized contribution (0..1) per annotator versus robust per-code envelope.

All contributing signals

Sensitive file probing sfp Requests target commonly sensitive files, configs, backups, or administrative resources. 61 hits 523.60 pts

Severity	Hits	Labels	Weighted	Top labels
40	53	1	466.40	{'count': 53, 'label': 'sensitive_file'}
36	4	1	31.68	{'count': 4, 'label': 'sensitive_file'}
34	2	1	14.96	{'count': 2, 'label': 'sensitive_file'}
24	2	1	10.56	{'count': 2, 'label': 'sensitive_file'}

Path traversal attempts trav Request paths/parameters resemble attempts to access files outside intended directories. 7 hits 54.60 pts

Severity	Hits	Labels	Weighted	Top labels
34	3	1	26.52	{'count': 3, 'label': 'trav'}
28	2	1	14.56	{'count': 2, 'label': 'trav'}
26	2	1	13.52	{'count': 2, 'label': 'trav'}

Command injection attempts cmdi Request content resembles attempts to execute OS commands via an application. 2 hits 51.00 pts

Severity	Hits	Labels	Weighted	Top labels
30	2	1	51.00	{'count': 2, 'label': 'cmdi'}

User-Agent anomaly ua User-Agent signals look missing, inconsistent, or indicative of non-browser tooling. 164 hits 26.40 pts

Severity	Hits	Labels	Weighted	Top labels
8	160	1	25.60	{'count': 160, 'label': 'ua'}
10	4	1	0.80	{'count': 4, 'label': 'ua'}

Credential brute forcing cred Repeated authentication attempts consistent with password guessing or credential stuffing. 6 hits 19.80 pts

Severity	Hits	Labels	Weighted	Top labels
10	2	1	11.00	{'count': 2, 'label': 'cred'}
8	2	1	8.80	{'count': 2, 'label': 'cred'}
0	2	1	0.00	{'count': 2, 'label': 'cred'}

Scan velocity scan_velocity High request rate and broad endpoint coverage suggest scanning or automated enumeration. 4 hits 3.60 pts

Severity	Hits	Labels	Weighted	Top labels
10	2	1	3.60	{'count': 2, 'label': 'scan_velocity'}
0	2	1	0.00	{'count': 2, 'label': 'scan_velocity'}

Protocol anomaly proto Request structure or protocol-level signals deviate from typical browser HTTP traffic. 1 hits 0.88 pts

Severity	Hits	Labels	Weighted	Top labels
11	1	1	0.88	{'count': 1, 'label': 'proto'}

Technical summary

Computed at

Feb. 20, 2026, 1:36 p.m.

Raw total

679.88

Total hits

164

Errors

Traffic

Rollup

Daily activity (hits per day) plus HTTP response mix and basic counters from the subnet traffic rollup.

Activity Access

Visitor

Visitor mode is limited to the most recent 30 days for performance. Log in or create an account to unlock full-history subnet activity and deeper analysis.

Loading activity…

Rendering hits per day for this subnet.

Daily activity (stacked response classes + total hits). Showing recent 30 days in visitor mode.

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads one aggregation and renders a donut.

Loading status mix…

Fetching one histogram and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this subnet (all IPs with coordinates).

Loading map…

Sibling Subnets By ASN / Org Identity

Compare other subnet snapshots that share this report's ASN or organization identity. “Same window” keeps comparisons aligned to the current publish window.

Identity

Window

Limit

No matching peer subnets in the latest window.

Interesting IPs In This Subnet

Top risky peer IPs for this subnet snapshot, sorted by risk score then hits. Use this panel to drill down from subnet to IP-level reports.

Bucket

Limit

Filter

31.57.159.26 low

Open report

32 /100

Last seen 2025-03-21 02:00

Hits

109

Errors

Country

United States

ASN

AS137517

AS Org

FLAMEHOSTING INC

Subnet Overview

Contextual Risk

Dimension Baselines

Behavioral Risk

Traffic

HTTP Status Breakdown

Geolocation

Sibling Subnets By ASN / Org Identity

Interesting IPs In This Subnet

Confirm Action