DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS28573 · Claro NXT Telecomunicacoes Ltda

First sighted: July 8, 2023, 3 a.m. · Last sighted: Jan. 11, 2026, 1:59 a.m.

Risk
26 (low)
Total hits
33407
Total errors
6741
Observed IPs
24507
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-18 11:55:16
Risk score
26
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 167
Points 510.40
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 1109
Points 93.32
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 10
Points 65.63
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 7
Points 46.25
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 37
Points 23.89
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 16
Points 10.08
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 176
Points 9.96
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 4
Points 1.90

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
9409
3xx
15626
4xx
5863
5xx
878
Unique URLs
25413
Total hits
33407
First seen
July 8, 2023, 3 a.m.
Last seen
Jan. 11, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 167 pts 510.40
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 69 1 267.85 Dec. 20, 2023, 3:15 p.m. Aug. 7, 2025, 4:56 a.m.
cred 69
12 49 1 242.55 Dec. 20, 2023, 3:15 p.m. Aug. 7, 2025, 4:56 a.m.
cred 49
0 49 1 0.00 Dec. 20, 2023, 3:15 p.m. Aug. 7, 2025, 4:56 a.m.
cred 49
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 1109 pts 93.32
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 706 1 50.83 Jan. 27, 2024, 2:44 a.m. Jan. 2, 2026, 6:25 p.m.
ua 706
8 395 1 41.09 July 8, 2023, 7:30 a.m. Nov. 7, 2025, 1:43 a.m.
ua 395
12 4 1 0.75 Aug. 15, 2025, 3:01 a.m. Aug. 15, 2025, 3:01 a.m.
ua 4
10 3 1 0.43 March 17, 2025, 7:56 p.m. April 25, 2025, 1:29 a.m.
ua 3
14 1 1 0.22 April 22, 2025, 4:16 p.m. April 22, 2025, 4:16 p.m.
ua 1
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 10 pts 65.63
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 4 1 26.79 Sept. 21, 2024, 3:33 a.m. Sept. 21, 2024, 3:33 a.m.
trav 4
26 4 1 24.34 Sept. 21, 2024, 3:33 a.m. Sept. 21, 2024, 3:33 a.m.
trav 4
30 2 1 14.51 Sept. 21, 2024, 3:33 a.m. Sept. 21, 2024, 3:33 a.m.
trav 2
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 7 pts 46.25
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 4 1 25.73 Sept. 21, 2024, 3:33 a.m. Sept. 21, 2024, 3:33 a.m.
sensitive_file 4
40 2 1 16.19 Feb. 11, 2024, 1:39 p.m. Nov. 25, 2025, 3:34 p.m.
sensitive_file 2
24 1 1 4.33 Nov. 22, 2025, 3:23 p.m. Nov. 22, 2025, 3:23 p.m.
sensitive_file 1
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 37 pts 23.89
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 21 1 14.52 Sept. 21, 2024, 3:33 a.m. June 26, 2025, 10:54 a.m.
proto 21
11 15 1 9.24 Dec. 20, 2024, 1:46 a.m. Dec. 17, 2025, 3:51 a.m.
proto 15
3 1 1 0.13 Sept. 21, 2024, 3:33 a.m. Sept. 21, 2024, 3:33 a.m.
proto 1
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 16 pts 10.08
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 8 1 10.08 Dec. 30, 2024, 1:05 a.m. Feb. 17, 2025, 12:03 a.m.
scan_velocity 8
0 8 1 0.00 Dec. 30, 2024, 1:05 a.m. Feb. 17, 2025, 12:03 a.m.
scan_velocity 8
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 176 pts 9.96
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 15 1 7.02 Dec. 23, 2024, 8:05 p.m. Aug. 3, 2025, 1:48 a.m.
request_size 15
14 5 1 2.94 July 25, 2025, 7:49 p.m. Nov. 2, 2025, 5:57 p.m.
request_size 5
0 156 1 0.00 Dec. 30, 2024, 1:03 a.m. Oct. 11, 2025, 8:51 p.m.
request_size 156
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 4 pts 1.90
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 4 1 1.90 Aug. 15, 2025, 3:01 a.m. Aug. 15, 2025, 3:01 a.m.
bot 4

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.