DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS37105 · RAIN GROUP HOLDINGS (PTY) LTD

First sighted: Nov. 5, 2023, 2 a.m. · Last sighted: Jan. 26, 2026, 1:59 a.m.

Risk
1 (low)
Total hits
10076
Total errors
1613
Observed IPs
7163
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-29 10:18:33
Risk score
1
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 3
Points 24.29
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 3
Points 6.93
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 33
Points 2.63
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 2
Points 1.38
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 3
Points 0.47

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
4961
3xx
3428
4xx
1269
5xx
344
Unique URLs
9828
Total hits
10076
First seen
Nov. 5, 2023, 2 a.m.
Last seen
Jan. 26, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 3 pts 24.29
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 3 1 24.29 Nov. 5, 2023, 5:47 a.m. Jan. 23, 2026, 8:19 p.m.
sensitive_file 3
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 3 pts 6.93
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 1 1 3.85 Jan. 24, 2026, 5:14 p.m. Jan. 24, 2026, 5:14 p.m.
cred 1
8 1 1 3.08 Jan. 24, 2026, 5:14 p.m. Jan. 24, 2026, 5:14 p.m.
cred 1
0 1 1 0.00 Jan. 24, 2026, 5:14 p.m. Jan. 24, 2026, 5:14 p.m.
cred 1
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 33 pts 2.63
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 25 1 1.80 Feb. 21, 2024, 11:31 p.m. Dec. 21, 2025, 8:31 p.m.
ua 25
8 8 1 0.83 Aug. 23, 2025, 4:04 a.m. Aug. 26, 2025, 10:26 p.m.
ua 8
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 2 pts 1.38
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 2 1 1.38 June 21, 2025, 5:21 a.m. June 22, 2025, 1:38 p.m.
proto 2
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 3 pts 0.47
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 1 1 0.47 July 31, 2025, 9:01 p.m. July 31, 2025, 9:01 p.m.
request_size 1
0 2 1 0.00 May 28, 2025, 3:45 a.m. July 31, 2025, 9:01 p.m.
request_size 2

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.