DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS11427 · Charter Communications Inc

First sighted: June 17, 2023, 3 a.m. · Last sighted: Jan. 11, 2026, 1:59 a.m.

Risk
8 (low)
Total hits
2990
Total errors
271
Observed IPs
472
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:55:20
Risk score
8
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Command injection attempts
Request content resembles attempts to execute OS commands via an application.
cmdi
Hits 5
Points 100.37
Header injection attempts
Input patterns suggest attempts to manipulate headers or downstream header parsing.
hdrinj
Hits 2
Points 38.11
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 10
Points 30.36
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 148
Points 20.59
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 100
Points 9.12
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 12
Points 7.56
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 1
Points 0.48

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
2052
3xx
96
4xx
172
5xx
99
Unique URLs
1651
Total hits
2990
First seen
June 17, 2023, 3 a.m.
Last seen
Jan. 11, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Command injection attempts cmdi
Request content resembles attempts to execute OS commands via an application.
hits 5 pts 100.37
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 3 1 62.83 June 17, 2023, 11:42 a.m. Sept. 29, 2025, 10:32 a.m.
cmdi 3
30 1 1 22.95 Sept. 29, 2025, 10:32 a.m. Sept. 29, 2025, 10:32 a.m.
cmdi 1
22 1 1 14.59 Sept. 29, 2025, 10:32 a.m. Sept. 29, 2025, 10:32 a.m.
cmdi 1
Header injection attempts hdrinj
Input patterns suggest attempts to manipulate headers or downstream header parsing.
hits 2 pts 38.11
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 1 1 20.83 Sept. 29, 2025, 10:32 a.m. Sept. 29, 2025, 10:32 a.m.
hdrinj 1
24 1 1 17.28 Sept. 29, 2025, 10:32 a.m. Sept. 29, 2025, 10:32 a.m.
hdrinj 1
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 10 pts 30.36
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 4 1 15.51 Jan. 7, 2025, 6:29 p.m. Jan. 7, 2025, 6:29 p.m.
cred 4
12 3 1 14.85 Jan. 7, 2025, 6:29 p.m. Jan. 7, 2025, 6:29 p.m.
cred 3
0 3 1 0.00 Jan. 7, 2025, 6:29 p.m. Jan. 7, 2025, 6:29 p.m.
cred 3
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 148 pts 20.59
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 44 1 20.59 Jan. 2, 2025, 7:11 p.m. Aug. 13, 2025, 8:45 a.m.
request_size 44
0 104 1 0.00 Jan. 2, 2025, 7:11 p.m. Oct. 11, 2025, 7:06 p.m.
request_size 104
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 100 pts 9.12
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 84 1 6.05 June 17, 2023, 11:42 a.m. Oct. 11, 2025, 10:58 a.m.
ua 84
14 10 1 2.24 Jan. 18, 2025, 5:23 a.m. May 14, 2025, 1:03 p.m.
ua 10
12 2 1 0.34 Sept. 16, 2024, 3:46 a.m. Sept. 16, 2024, 3:46 a.m.
ua 2
10 2 1 0.29 Sept. 29, 2025, 7:50 p.m. Oct. 8, 2025, 8:10 a.m.
ua 2
8 2 1 0.21 July 11, 2023, 8:52 a.m. July 12, 2023, 9:27 a.m.
ua 2
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 12 pts 7.56
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 6 1 7.56 Oct. 14, 2024, 7:31 p.m. July 2, 2025, 7:25 a.m.
scan_velocity 6
0 6 1 0.00 Oct. 14, 2024, 7:31 p.m. July 2, 2025, 7:25 a.m.
scan_velocity 6
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 1 pts 0.48
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 1 1 0.48 July 2, 2025, 7:22 a.m. July 2, 2025, 7:22 a.m.
bot 1

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.