DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS211590 · Bucklog SARL

First sighted: May 17, 2025, 3 a.m. · Last sighted: Jan. 10, 2026, 1:59 a.m.

Risk
96 (high)
Total hits
4632
Total errors
2852
Observed IPs
153
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:53:07
Risk score
96
High
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 971
Points 5461.98
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 222
Points 1592.94
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 291
Points 725.22
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 31
Points 67.76
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 526
Points 64.89
Firewall probing
Traffic behavior suggests probing of access controls and protected surfaces.
fwprobe
Hits 2
Points 15.84
HTTP method anomaly
Unusual or unexpected HTTP methods observed for the target endpoints.
method
Hits 6
Points 3.31
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 2
Points 0.94
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 1
Points 0.69
Referrer abuse
Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.
ref
Hits 5
Points 0.63

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
365
3xx
1398
4xx
2846
5xx
6
Unique URLs
1302
Total hits
4632
First seen
May 17, 2025, 3 a.m.
Last seen
Jan. 10, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 971 pts 5461.98
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 300 1 2428.80 May 18, 2025, 12:19 a.m. Nov. 6, 2025, 9:30 p.m.
sensitive_file 300
24 460 1 1991.62 May 18, 2025, 12:19 a.m. Jan. 10, 2026, 1:49 a.m.
sensitive_file 460
34 68 1 437.43 July 9, 2025, 11:29 a.m. Aug. 24, 2025, 2:33 a.m.
sensitive_file 68
16 92 1 226.69 June 21, 2025, 4:32 p.m. Oct. 12, 2025, 6:57 a.m.
sensitive_file 92
36 30 1 209.09 June 24, 2025, 6:40 p.m. Aug. 25, 2025, 12:36 p.m.
sensitive_file 30
44 12 1 109.19 June 24, 2025, 6:39 p.m. Aug. 15, 2025, 2:16 p.m.
sensitive_file 12
30 6 1 33.66 June 24, 2025, 6:40 p.m. June 25, 2025, 12:35 a.m.
sensitive_file 6
42 3 1 25.50 June 24, 2025, 6:39 p.m. June 25, 2025, 12:35 a.m.
sensitive_file 3
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 222 pts 1592.94
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 88 1 739.02 June 24, 2025, 6:39 p.m. Aug. 5, 2025, 9:26 p.m.
trav 88
26 71 1 431.96 July 9, 2025, 11:29 a.m. Aug. 24, 2025, 2:33 a.m.
trav 71
28 63 1 421.95 July 9, 2025, 11:29 a.m. Aug. 24, 2025, 2:33 a.m.
trav 63
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 291 pts 725.22
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
22 30 1 106.92 June 21, 2025, 4:32 p.m. Aug. 17, 2025, 3:22 a.m.
scan_velocity 30
26 25 1 105.30 June 24, 2025, 6:40 p.m. July 24, 2025, 11:46 p.m.
scan_velocity 25
36 16 1 93.31 June 25, 2025, 12:35 a.m. July 22, 2025, 2:38 a.m.
scan_velocity 16
32 12 1 62.21 June 25, 2025, 12:35 a.m. July 22, 2025, 2:39 a.m.
scan_velocity 12
24 15 1 58.32 June 21, 2025, 4:33 p.m. July 24, 2025, 11:45 p.m.
scan_velocity 15
30 11 1 53.46 June 24, 2025, 6:41 p.m. June 25, 2025, 12:35 a.m.
scan_velocity 11
20 17 1 53.46 July 15, 2025, 4:30 a.m. July 24, 2025, 11:45 p.m.
scan_velocity 17
28 10 1 45.36 June 24, 2025, 6:41 p.m. June 25, 2025, 12:35 a.m.
scan_velocity 10
34 8 1 44.06 June 25, 2025, 12:35 a.m. July 22, 2025, 2:37 a.m.
scan_velocity 8
10 23 1 31.59 May 18, 2025, 5:36 a.m. Oct. 12, 2025, 6:57 a.m.
scan_velocity 23
18 11 1 30.62 July 15, 2025, 4:30 a.m. Aug. 4, 2025, 6:28 p.m.
scan_velocity 11
14 10 1 21.17 May 18, 2025, 12:19 a.m. July 22, 2025, 2:37 a.m.
scan_velocity 10
12 8 1 12.96 May 18, 2025, 5:36 a.m. Aug. 17, 2025, 3:21 a.m.
scan_velocity 8
16 3 1 6.48 July 22, 2025, 2:37 a.m. July 22, 2025, 2:37 a.m.
scan_velocity 3
0 92 1 0.00 May 18, 2025, 12:19 a.m. Oct. 12, 2025, 6:57 a.m.
scan_velocity 92
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 31 pts 67.76
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 12 1 46.20 June 24, 2025, 6:41 p.m. Oct. 7, 2025, 2:24 p.m.
cred 12
8 7 1 21.56 June 24, 2025, 6:41 p.m. Oct. 7, 2025, 2:24 p.m.
cred 7
0 12 1 0.00 June 24, 2025, 6:41 p.m. Oct. 7, 2025, 2:24 p.m.
cred 12
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 526 pts 64.89
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 261 1 37.58 June 24, 2025, 6:39 p.m. June 25, 2025, 12:36 a.m.
ua 261
8 257 1 26.73 May 18, 2025, 12:19 a.m. Jan. 10, 2026, 12:27 a.m.
ua 257
6 8 1 0.58 June 25, 2025, 10:34 p.m. Aug. 5, 2025, 9:50 a.m.
ua 8
Firewall probing fwprobe
Traffic behavior suggests probing of access controls and protected surfaces.
hits 2 pts 15.84
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
22 2 1 15.84 June 24, 2025, 6:42 p.m. June 25, 2025, 12:36 a.m.
fwprobe 2
HTTP method anomaly method
Unusual or unexpected HTTP methods observed for the target endpoints.
hits 6 pts 3.31
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 6 1 3.31 Aug. 21, 2025, 1:38 p.m. Jan. 10, 2026, 12:27 a.m.
method 6
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 2 pts 0.94
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 2 1 0.94 Aug. 5, 2025, 12:18 p.m. Aug. 5, 2025, 9:28 p.m.
request_size 2
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 1 pts 0.69
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 1 1 0.69 Aug. 24, 2025, 1:50 a.m. Aug. 24, 2025, 1:50 a.m.
proto 1
Referrer abuse ref
Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.
hits 5 pts 0.63
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 5 1 0.63 June 24, 2025, 6:41 p.m. June 25, 2025, 12:36 a.m.
ref 5

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.