DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS17561 · LARUS Limited

First sighted: Feb. 16, 2024, 2 a.m. · Last sighted: Oct. 13, 2025, 2:59 a.m.

Risk
7 (low)
Total hits
1989
Total errors
485
Observed IPs
559
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:54:33
Risk score
7
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 12
Points 60.92
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 524
Points 55.35
Firewall probing
Traffic behavior suggests probing of access controls and protected surfaces.
fwprobe
Hits 4
Points 38.12
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 2
Points 12.78
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 5
Points 11.66
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 11
Points 5.23
HTTP method anomaly
Unusual or unexpected HTTP methods observed for the target endpoints.
method
Hits 9
Points 1.98
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 3
Points 1.85

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
453
3xx
1032
4xx
475
5xx
10
Unique URLs
591
Total hits
1989
First seen
Feb. 16, 2024, 2 a.m.
Last seen
Oct. 13, 2025, 2:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 12 pts 60.92
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
22 8 1 30.20 Aug. 6, 2025, 7:15 p.m. Sept. 6, 2025, 7:41 a.m.
sensitive_file 8
40 3 1 24.29 May 13, 2025, 4:28 p.m. Aug. 1, 2025, 9:33 a.m.
sensitive_file 3
34 1 1 6.43 Sept. 12, 2025, 1:21 p.m. Sept. 12, 2025, 1:21 p.m.
sensitive_file 1
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 524 pts 55.35
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
8 499 1 51.90 April 20, 2024, 9:04 p.m. Sept. 12, 2025, 1:21 p.m.
ua 499
12 10 1 1.87 May 15, 2025, 12:21 p.m. May 15, 2025, 12:21 p.m.
ua 10
10 7 1 1.01 Jan. 24, 2025, 7:23 p.m. April 17, 2025, 5:20 p.m.
ua 7
6 8 1 0.58 Dec. 13, 2024, 1:13 p.m. Sept. 12, 2025, 7:53 p.m.
ua 8
Firewall probing fwprobe
Traffic behavior suggests probing of access controls and protected surfaces.
hits 4 pts 38.12
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 2 1 22.68 Aug. 21, 2025, 7:53 p.m. Aug. 21, 2025, 9:40 p.m.
fwprobe 2
22 2 1 15.44 Oct. 12, 2024, 10:07 a.m. Oct. 12, 2024, 10:07 a.m.
fwprobe 2
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 2 pts 12.78
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 1 1 6.70 Sept. 12, 2025, 1:21 p.m. Sept. 12, 2025, 1:21 p.m.
trav 1
26 1 1 6.08 Sept. 12, 2025, 1:21 p.m. Sept. 12, 2025, 1:21 p.m.
trav 1
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 5 pts 11.66
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 3 1 11.66 Aug. 21, 2025, 7:53 p.m. Aug. 21, 2025, 9:40 p.m.
cred 3
0 2 1 0.00 Aug. 21, 2025, 7:53 p.m. Aug. 21, 2025, 9:40 p.m.
cred 2
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 11 pts 5.23
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 11 1 5.23 May 15, 2025, 12:21 p.m. Sept. 23, 2025, 1:55 p.m.
bot 11
HTTP method anomaly method
Unusual or unexpected HTTP methods observed for the target endpoints.
hits 9 pts 1.98
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
8 3 1 1.22 March 27, 2025, 8:26 a.m. April 4, 2025, 12:27 p.m.
method 3
3 6 1 0.76 Dec. 13, 2024, 1:13 p.m. Feb. 25, 2025, 3:15 p.m.
method 6
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 3 pts 1.85
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
11 3 1 1.85 March 26, 2025, 3:49 a.m. April 4, 2025, 12:27 p.m.
proto 3

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.