DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

ORG REPORT — Comcast IP Services, L.L.C. · comcast ip services, l.l.c.

First sighted: July 21, 2023, 3 a.m. · Last sighted: March 2, 2026, 2 a.m.

Risk
71 (high)
Total hits
25113
Total errors
7406
Distinct IPs
10893
Distinct ASNs
3
Top country
United States
Top city
Sarasota
Top region
Florida

Risk

Model: v1 Computed: 2026-03-03 20:12:57
Risk score
71
High
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Annotator influence radar
Rendering annotator influence profile…
Normalized contribution (0..1) per annotator versus robust per-code envelope.
Key drivers
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 671
Points 2239.60
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 1903
Points 231.76
Command injection attempts
Request content resembles attempts to execute OS commands via an application.
cmdi
Hits 9
Points 195.50
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 202
Points 195.48
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 908
Points 105.96
SQL injection attempts
Input patterns resemble attempts to manipulate SQL queries via application parameters.
sqli
Hits 3
Points 72.00
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 7
Points 51.92
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 1
Points 8.84
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 14
Points 6.90
HTTP method anomaly
Unusual or unexpected HTTP methods observed for the target endpoints.
method
Hits 2
Points 0.96

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this organization.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
12093
3xx
2409
4xx
3722
5xx
3684
Unique URLs
0
Total hits
25113
First seen
July 21, 2023, 3 a.m.
Last seen
March 2, 2026, 2 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 671 pts 2239.60
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 230 1 1265.00 Sept. 12, 2024, 3:34 a.m. Feb. 28, 2026, 1:04 p.m.
cred 230
8 202 1 888.80 Dec. 3, 2024, 5:51 a.m. Feb. 28, 2026, 1:04 p.m.
cred 202
12 13 1 85.80 Sept. 12, 2024, 3:34 a.m. Jan. 31, 2026, 10:17 a.m.
cred 13
0 226 1 0.00 Sept. 12, 2024, 3:34 a.m. Feb. 28, 2026, 1:04 p.m.
cred 226
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 1903 pts 231.76
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 1876 1 225.12 Sept. 13, 2023, 5:46 p.m. Jan. 2, 2026, 6:25 p.m.
ua 1876
14 19 1 5.32 Sept. 12, 2024, 8:10 p.m. April 23, 2025, 3:13 p.m.
ua 19
8 7 1 1.12 July 27, 2023, 2:40 p.m. Jan. 29, 2026, 8:14 p.m.
ua 7
10 1 1 0.20 Aug. 5, 2023, 1:23 a.m. Aug. 5, 2023, 1:23 a.m.
ua 1
Command injection attempts cmdi
Request content resembles attempts to execute OS commands via an application.
hits 9 pts 195.50
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 4 1 95.20 Sept. 25, 2023, 10:50 a.m. March 12, 2025, 8:11 p.m.
cmdi 4
22 4 1 74.80 Jan. 29, 2026, 8:14 p.m. Jan. 29, 2026, 8:14 p.m.
cmdi 4
30 1 1 25.50 March 12, 2025, 8:11 p.m. March 12, 2025, 8:11 p.m.
cmdi 1
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 202 pts 195.48
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 84 1 151.20 Nov. 7, 2024, 6:45 a.m. May 29, 2025, 6:32 p.m.
scan_velocity 84
16 10 1 28.80 Jan. 16, 2025, 12:01 a.m. Jan. 16, 2025, 12:05 a.m.
scan_velocity 10
12 6 1 12.96 Nov. 20, 2024, 10:31 p.m. Feb. 25, 2025, 7:52 a.m.
scan_velocity 6
14 1 1 2.52 Jan. 16, 2025, 12:01 a.m. Jan. 16, 2025, 12:01 a.m.
scan_velocity 1
0 101 1 0.00 Nov. 7, 2024, 6:45 a.m. May 29, 2025, 6:32 p.m.
scan_velocity 101
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 908 pts 105.96
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
12 132 1 95.04 July 27, 2023, 6:26 p.m. Oct. 2, 2025, 11:47 p.m.
request_size 132
14 13 1 10.92 July 26, 2025, 10:11 a.m. Feb. 23, 2026, 8:21 p.m.
request_size 13
0 763 1 0.00 Dec. 25, 2024, 5:08 a.m. Oct. 11, 2025, 6:06 p.m.
request_size 763
SQL injection attempts sqli
Input patterns resemble attempts to manipulate SQL queries via application parameters.
hits 3 pts 72.00
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
24 3 1 72.00 Jan. 29, 2026, 8:14 p.m. Jan. 29, 2026, 8:14 p.m.
sqli 3
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 7 pts 51.92
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 4 1 35.20 March 8, 2025, 1:42 a.m. Feb. 6, 2026, 12:54 p.m.
sensitive_file 4
36 1 1 7.92 March 12, 2025, 8:11 p.m. March 12, 2025, 8:11 p.m.
sensitive_file 1
24 1 1 5.28 Feb. 12, 2026, 7:34 p.m. Feb. 12, 2026, 7:34 p.m.
sensitive_file 1
16 1 1 3.52 Jan. 30, 2026, 7:26 a.m. Jan. 30, 2026, 7:26 a.m.
sensitive_file 1
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 1 pts 8.84
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 1 1 8.84 Feb. 14, 2026, 11:59 a.m. Feb. 14, 2026, 11:59 a.m.
trav 1
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 14 pts 6.90
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 13 1 6.50 Jan. 31, 2024, 4:08 a.m. May 19, 2025, 11:59 a.m.
bot 13
8 1 1 0.40 Oct. 16, 2023, 12:30 a.m. Oct. 16, 2023, 12:30 a.m.
bot 1
HTTP method anomaly method
Unusual or unexpected HTTP methods observed for the target endpoints.
hits 2 pts 0.96
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
8 2 1 0.96 Dec. 14, 2024, 7:53 p.m. Dec. 14, 2024, 7:53 p.m.
method 2
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 1 pts 0.88
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
11 1 1 0.88 Jan. 18, 2025, 12:41 a.m. Jan. 18, 2025, 12:41 a.m.
proto 1

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Uses totals aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this Org snapshot (peer IPs with coordinates).

Loading map…

ASNs held by this org

Derived from IP rollups (IPReportTotal). Grouped by (asn, as_org_name).
Loading…

Interesting IPs

Top risky peers inside this org (latest snapshot). Sorted by risk score, then hits.

No matching IP rows available for this org.