DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS214036 · Ultahost, Inc.

First sighted: July 6, 2023, 3 a.m. · Last sighted: Dec. 3, 2025, 1:59 a.m.

Risk
54 (med)
Total hits
1373
Total errors
1078
Observed IPs
73
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:55:16
Risk score
54
Medium
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 188
Points 1310.64
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 75
Points 574.59
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 14
Points 29.16
Firewall probing
Traffic behavior suggests probing of access controls and protected surfaces.
fwprobe
Hits 2
Points 22.68
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 7
Points 15.51
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 12
Points 1.28
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 2
Points 0.95

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
134
3xx
133
4xx
1078
5xx
0
Unique URLs
851
Total hits
1373
First seen
July 6, 2023, 3 a.m.
Last seen
Dec. 3, 2025, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 188 pts 1310.64
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 121 1 979.62 July 6, 2023, 10:32 p.m. Dec. 2, 2025, 2:39 a.m.
sensitive_file 121
34 18 1 115.79 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
sensitive_file 18
24 20 1 86.59 Aug. 16, 2023, 1:04 p.m. Jan. 4, 2025, 3:14 a.m.
sensitive_file 20
30 8 1 44.88 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
sensitive_file 8
42 4 1 34.00 Sept. 19, 2023, 9:59 p.m. Sept. 19, 2023, 9:59 p.m.
sensitive_file 4
16 11 1 27.10 Sept. 17, 2023, 10:43 a.m. Sept. 30, 2023, 7:50 a.m.
sensitive_file 11
22 6 1 22.65 Sept. 18, 2023, 11:33 p.m. Sept. 29, 2023, 11:33 a.m.
sensitive_file 6
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 75 pts 574.59
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 49 1 411.50 July 7, 2023, 1:34 a.m. Dec. 2, 2025, 2:39 a.m.
trav 49
26 18 1 109.51 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
trav 18
28 8 1 53.58 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
trav 8
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 14 pts 29.16
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
22 4 1 14.26 Sept. 19, 2023, 3:20 p.m. Sept. 19, 2023, 9:59 p.m.
scan_velocity 4
24 3 1 11.66 Sept. 19, 2023, 9:59 p.m. Sept. 19, 2023, 9:59 p.m.
scan_velocity 3
12 2 1 3.24 Sept. 19, 2023, 6:49 p.m. Sept. 19, 2023, 9:59 p.m.
scan_velocity 2
0 5 1 0.00 Sept. 19, 2023, 3:20 p.m. Sept. 19, 2023, 9:59 p.m.
scan_velocity 5
Firewall probing fwprobe
Traffic behavior suggests probing of access controls and protected surfaces.
hits 2 pts 22.68
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 2 1 22.68 Aug. 25, 2025, 7:13 p.m. Oct. 15, 2025, 9:23 p.m.
fwprobe 2
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 7 pts 15.51
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 4 1 15.51 Sept. 19, 2023, 5:55 a.m. Oct. 15, 2025, 9:23 p.m.
cred 4
0 3 1 0.00 Sept. 19, 2023, 5:55 a.m. Oct. 15, 2025, 9:23 p.m.
cred 3
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 12 pts 1.28
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 4 1 0.58 Jan. 7, 2024, 11:36 p.m. Jan. 8, 2024, 8:31 a.m.
ua 4
8 4 1 0.42 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
ua 4
6 4 1 0.29 Sept. 17, 2023, 4:51 a.m. Sept. 30, 2023, 8:05 a.m.
ua 4
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 2 pts 0.95
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 2 1 0.95 Oct. 14, 2023, 4:50 a.m. Oct. 14, 2023, 4:50 a.m.
bot 2

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.