DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS215730 · H2NEXUS LTD

First sighted: Oct. 8, 2024, 3 a.m. · Last sighted: Jan. 10, 2026, 1:59 a.m.

Risk
30 (low)
Total hits
382
Total errors
217
Observed IPs
31
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:53:48
Risk score
30
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 90
Points 580.62
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 32
Points 211.65
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 18
Points 41.47
Command injection attempts
Request content resembles attempts to execute OS commands via an application.
cmdi
Hits 2
Points 34.97
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 7
Points 3.72
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 31
Points 3.26
HTTP method anomaly
Unusual or unexpected HTTP methods observed for the target endpoints.
method
Hits 2
Points 0.82

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
31
3xx
91
4xx
216
5xx
1
Unique URLs
124
Total hits
382
First seen
Oct. 8, 2024, 3 a.m.
Last seen
Jan. 10, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 90 pts 580.62
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 44 1 356.22 Oct. 10, 2024, 3:53 p.m. Jan. 12, 2025, 4:43 p.m.
sensitive_file 44
24 34 1 147.21 Oct. 11, 2024, 7:35 p.m. Oct. 11, 2025, 3:13 a.m.
sensitive_file 34
34 12 1 77.19 Dec. 5, 2024, 2:43 a.m. Sept. 23, 2025, 3:41 p.m.
sensitive_file 12
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 32 pts 211.65
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 12 1 80.37 Dec. 5, 2024, 2:43 a.m. Sept. 23, 2025, 3:41 p.m.
trav 12
26 12 1 73.01 Dec. 5, 2024, 2:43 a.m. Sept. 23, 2025, 3:41 p.m.
trav 12
30 8 1 58.27 Dec. 5, 2024, 2:43 a.m. Sept. 23, 2025, 3:41 p.m.
trav 8
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 18 pts 41.47
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
22 10 1 35.64 Dec. 5, 2024, 2:45 a.m. Dec. 5, 2024, 2:47 a.m.
scan_velocity 10
18 2 1 5.83 Dec. 5, 2024, 2:44 a.m. Dec. 5, 2024, 2:44 a.m.
scan_velocity 2
0 6 1 0.00 Dec. 5, 2024, 2:44 a.m. Dec. 5, 2024, 2:47 a.m.
scan_velocity 6
Command injection attempts cmdi
Request content resembles attempts to execute OS commands via an application.
hits 2 pts 34.97
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 1 1 20.94 Dec. 5, 2024, 2:47 a.m. Dec. 5, 2024, 2:47 a.m.
cmdi 1
22 1 1 14.02 Dec. 5, 2024, 2:47 a.m. Dec. 5, 2024, 2:47 a.m.
cmdi 1
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 7 pts 3.72
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 5 1 3.46 Dec. 5, 2024, 2:43 a.m. Sept. 23, 2025, 3:41 p.m.
proto 5
3 2 1 0.26 Dec. 5, 2024, 2:43 a.m. Sept. 22, 2025, 7:34 a.m.
proto 2
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 31 pts 3.26
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 9 1 1.30 Oct. 8, 2024, 5:04 a.m. Nov. 6, 2025, 10:11 a.m.
ua 9
8 12 1 1.25 Oct. 8, 2024, 5:04 a.m. Sept. 23, 2025, 3:41 p.m.
ua 12
6 10 1 0.72 Oct. 8, 2024, 5:04 a.m. Sept. 22, 2025, 7:34 a.m.
ua 10
HTTP method anomaly method
Unusual or unexpected HTTP methods observed for the target endpoints.
hits 2 pts 0.82
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
8 2 1 0.82 Jan. 28, 2025, 11:53 p.m. Jan. 28, 2025, 11:53 p.m.
method 2

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.