DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ASN REPORT — AS56047 · China Mobile communications corporation

First sighted: April 15, 2024, 3 a.m. · Last sighted: Jan. 26, 2026, 1:59 a.m.

Risk
13 (low)
Total hits
1472
Total errors
125
Observed IPs
150
Top country
N/A
Top city
N/A

Risk

Model: v1 Computed: 2026-01-29 10:18:33
Risk score
13
Low
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 45
Points 103.95
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 11
Points 73.04
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 483
Points 66.46
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 43
Points 44.68
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 8
Points 40.83
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 29
Points 17.94
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 14
Points 3.53

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this ASN.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
1167
3xx
128
4xx
121
5xx
4
Unique URLs
433
Total hits
1472
First seen
April 15, 2024, 3 a.m.
Last seen
Jan. 26, 2026, 1:59 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 45 pts 103.95
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 15 1 57.75 April 15, 2024, 3:31 a.m. May 8, 2024, 1:14 a.m.
cred 15
8 15 1 46.20 April 15, 2024, 3:31 a.m. May 8, 2024, 1:14 a.m.
cred 15
0 15 1 0.00 April 15, 2024, 3:31 a.m. May 8, 2024, 1:14 a.m.
cred 15
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 11 pts 73.04
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 4 1 26.79 March 18, 2025, 1:09 p.m. March 30, 2025, 12:10 p.m.
trav 4
26 4 1 24.34 March 18, 2025, 1:09 p.m. March 30, 2025, 12:10 p.m.
trav 4
30 3 1 21.92 March 30, 2025, 12:10 p.m. March 30, 2025, 12:10 p.m.
trav 3
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 483 pts 66.46
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 425 1 61.20 April 15, 2024, 3:29 a.m. May 8, 2024, 1:18 a.m.
ua 425
8 34 1 3.54 Jan. 15, 2025, 5:06 p.m. March 30, 2025, 12:10 p.m.
ua 34
6 24 1 1.73 April 24, 2024, 1:33 p.m. Dec. 15, 2024, 3:53 a.m.
ua 24
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 43 pts 44.68
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 17 1 31.21 April 16, 2024, 5:23 a.m. May 8, 2024, 1:18 a.m.
scan_velocity 17
14 4 1 8.57 April 16, 2024, 5:24 a.m. April 16, 2024, 5:24 a.m.
scan_velocity 4
16 2 1 4.90 April 16, 2024, 5:24 a.m. April 16, 2024, 5:24 a.m.
scan_velocity 2
0 20 1 0.00 April 16, 2024, 5:23 a.m. May 8, 2024, 1:18 a.m.
scan_velocity 20
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 8 pts 40.83
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 4 1 25.73 March 18, 2025, 1:09 p.m. March 30, 2025, 12:10 p.m.
sensitive_file 4
22 4 1 15.10 March 5, 2025, 5:57 a.m. March 5, 2025, 5:59 a.m.
sensitive_file 4
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 29 pts 17.94
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
11 28 1 17.25 March 5, 2025, 5:57 a.m. March 5, 2025, 6 a.m.
proto 28
12 1 1 0.69 March 30, 2025, 12:10 p.m. March 30, 2025, 12:10 p.m.
proto 1
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 14 pts 3.53
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
14 6 1 3.53 Dec. 1, 2025, 2:22 a.m. Jan. 23, 2026, 12:06 a.m.
request_size 6
0 8 1 0.00 March 11, 2025, 4:39 p.m. Dec. 14, 2025, 11:36 p.m.
request_size 8

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Auto-loads a single aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this ASN snapshot (peer IPs with coordinates).

Loading map…

SUBNETS HELD BY THIS ISP

Derived from ISP snapshot peers (Option A). Grouped into IPv4 /24 and IPv6 /48 by default.
IPv4
IPv6
Limit
Loading subnets…

Interesting IPs

Top risky peers inside this ASN (latest snapshot). Sorted by risk score, then hits.

No peer rows available for this ASN snapshot.