DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS12389 · PJSC Rostelecom

First sighted: July 6, 2023, 3 a.m. · Last sighted: Jan. 11, 2026, 1:59 a.m.

Risk
9 (low)
Total hits
10361
Total errors
908
Observed IPs
2680
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:55:16
Risk score
9
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 11
Points 76.81
Command injection attempts
Request content resembles attempts to execute OS commands via an application.
cmdi
Hits 3
Points 64.84
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 7
Points 48.29
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 382
Points 29.02
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 13
Points 12.78
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 1069
Points 8.68
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 5
Points 2.71
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 5
Points 2.16
HTTP method anomaly
Unusual or unexpected HTTP methods observed for the target endpoints.
method
Hits 2
Points 0.65

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
6774
3xx
1180
4xx
786
5xx
122
Unique URLs
5560
Total hits
10361
First seen
July 6, 2023, 3 a.m.
Last seen
Jan. 11, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 11 pts 76.81
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
30 7 1 51.25 June 10, 2024, 10:32 p.m. April 30, 2025, 8:15 p.m.
trav 7
28 2 1 13.40 April 30, 2025, 8:15 p.m. April 30, 2025, 8:15 p.m.
trav 2
26 2 1 12.17 April 30, 2025, 8:15 p.m. April 30, 2025, 8:15 p.m.
trav 2
Command injection attempts cmdi
Request content resembles attempts to execute OS commands via an application.
hits 3 pts 64.84
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 2 1 41.89 July 10, 2023, 9:40 a.m. March 8, 2025, 12:57 a.m.
cmdi 2
30 1 1 22.95 March 8, 2025, 12:57 a.m. March 8, 2025, 12:57 a.m.
cmdi 1
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 7 pts 48.29
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 3 1 24.29 July 29, 2025, 3:37 a.m. Aug. 5, 2025, 3:48 p.m.
sensitive_file 3
34 2 1 12.87 April 30, 2025, 8:15 p.m. April 30, 2025, 8:15 p.m.
sensitive_file 2
36 1 1 6.81 March 8, 2025, 12:57 a.m. March 8, 2025, 12:57 a.m.
sensitive_file 1
24 1 1 4.33 Oct. 13, 2023, 11:14 p.m. Oct. 13, 2023, 11:14 p.m.
sensitive_file 1
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 382 pts 29.02
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 355 1 25.56 July 10, 2023, 9:40 a.m. Nov. 22, 2025, 9:24 p.m.
ua 355
8 14 1 1.46 July 12, 2023, 6:25 a.m. Nov. 6, 2025, 11:25 p.m.
ua 14
10 8 1 1.15 Nov. 30, 2023, 2:07 p.m. May 17, 2025, 6:44 a.m.
ua 8
12 5 1 0.84 Nov. 13, 2024, 5:42 a.m. Jan. 5, 2025, 1:28 p.m.
ua 5
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 13 pts 12.78
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
20 2 1 6.48 April 30, 2025, 8:15 p.m. April 30, 2025, 8:15 p.m.
scan_velocity 2
10 5 1 6.30 Sept. 16, 2024, 4:07 a.m. July 7, 2025, 2:31 p.m.
scan_velocity 5
0 6 1 0.00 Sept. 16, 2024, 4:07 a.m. July 7, 2025, 2:31 p.m.
scan_velocity 6
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 1069 pts 8.68
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 11 1 5.15 Jan. 5, 2025, 1:28 p.m. Aug. 1, 2025, 12:47 p.m.
request_size 11
14 6 1 3.53 May 25, 2025, 12:23 p.m. Nov. 22, 2025, 9:20 p.m.
request_size 6
0 1052 1 0.00 Dec. 25, 2024, 4:08 a.m. Oct. 13, 2025, 7:45 p.m.
request_size 1052
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 5 pts 2.71
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 2 1 1.38 April 30, 2025, 8:15 p.m. June 21, 2025, 8:28 p.m.
proto 2
10 2 1 1.20 May 18, 2024, 5:50 a.m. May 18, 2024, 5:50 a.m.
proto 2
3 1 1 0.13 May 18, 2024, 5:50 a.m. May 18, 2024, 5:50 a.m.
proto 1
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 5 pts 2.16
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 4 1 1.90 Jan. 23, 2025, 9:42 p.m. Jan. 25, 2025, 10:20 a.m.
bot 4
8 1 1 0.26 Aug. 3, 2023, 12:58 a.m. Aug. 3, 2023, 12:58 a.m.
bot 1
HTTP method anomaly method
Unusual or unexpected HTTP methods observed for the target endpoints.
hits 2 pts 0.65
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 2 1 0.65 May 18, 2024, 5:50 a.m. May 18, 2024, 5:50 a.m.
method 2

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.