cloud1

cloud2

cloud3

cloud4

cloud5

cloud6

← Back

ORG REPORT — unknown

First sighted: April 30, 2023, 3 a.m. · Last sighted: Jan. 11, 2026, 2 a.m.

Risk

100 (high)

Total hits

1481015

Total errors

233412

Distinct IPs

91803

Distinct ASNs

2783

Top country

Israel

Top city

Singapore

Top region

North West

Risk

Model: v1 Computed: 2026-01-15 08:32:00

Risk score

100

High

Risk gradient

Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.

Key drivers

Sensitive file probing

Requests target commonly sensitive files, configs, backups, or administrative resources.

sfp

Hits 23065

Points 187516.12

Command injection attempts

Request content resembles attempts to execute OS commands via an application.

cmdi

Hits 3179

Points 71913.40

Scan velocity

High request rate and broad endpoint coverage suggest scanning or automated enumeration.

scan_velocity

Hits 34950

Points 47887.20

Credential brute forcing

Repeated authentication attempts consistent with password guessing or credential stuffing.

cred

Hits 11249

Points 41597.60

Path traversal attempts

Request paths/parameters resemble attempts to access files outside intended directories.

trav

Hits 4634

Points 38091.56

Automated client behavior

Traffic patterns strongly suggest automation rather than a human-operated browser.

bot

Hits 56606

Points 26250.70

User-Agent anomaly

User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.

ua

Hits 99070

Points 13942.96

Request size anomaly

Requests are unusually large or shaped in a way that suggests abuse or automation.

request_size

Hits 24714

Points 9949.08

Firewall probing

Traffic behavior suggests probing of access controls and protected surfaces.

fwprobe

Hits 115

Points 1454.40

Protocol anomaly

Request structure or protocol-level signals deviate from typical browser HTTP traffic.

proto

Hits 1004

Points 821.92

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this organization.

Loading activity…

Daily activity (hits per day). Total in window: —.

Traffic rollup

HTTP status classes, URL diversity, and totals.

2xx

701084

3xx

431663

4xx

126050

5xx

107362

Unique URLs

642149

Total hits

1481015

First seen

April 30, 2023, 3 a.m.

Last seen

Jan. 11, 2026, 2 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →

Low High

Sensitive file probing sfp

Requests target commonly sensitive files, configs, backups, or administrative resources.

hits 23065 pts 187516.12

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
40	18602	1	163697.60	May 28, 2023, 1:48 p.m.	Jan. 9, 2026, 9:30 p.m.	sensitive_file 18602
16	1592	1	5603.84	Aug. 25, 2023, 8:38 p.m.	Nov. 23, 2025, 10:54 a.m.	sensitive_file 1592
24	1054	1	5565.12	July 20, 2023, 8:54 a.m.	Nov. 23, 2025, 10:56 a.m.	sensitive_file 1054
36	632	1	5005.44	July 14, 2023, 9:18 p.m.	Jan. 10, 2026, 1:40 a.m.	sensitive_file 632
34	608	1	4547.84	Sept. 25, 2023, 6:39 a.m.	Jan. 9, 2026, 5:17 p.m.	sensitive_file 608
22	274	1	1326.16	Aug. 3, 2023, 6:55 p.m.	Sept. 23, 2025, 2 a.m.	sensitive_file 274
30	158	1	1042.80	Dec. 1, 2023, 10:01 a.m.	April 15, 2025, 10:06 a.m.	sensitive_file 158
44	36	1	348.48	Jan. 29, 2024, 1:56 p.m.	March 20, 2025, 1:05 a.m.	sensitive_file 36
42	25	1	231.00	Dec. 5, 2024, 3:45 a.m.	Sept. 26, 2025, 3:32 p.m.	sensitive_file 25
8	84	1	147.84	March 19, 2025, 9:45 p.m.	March 28, 2025, 1:11 p.m.	sensitive_file 84

Command injection attempts cmdi

Request content resembles attempts to execute OS commands via an application.

hits 3179 pts 71913.40

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
28	1295	1	30821.00	May 2, 2023, 1:40 p.m.	Dec. 17, 2025, 3:06 p.m.	cmdi 1295
30	862	1	21981.00	July 14, 2023, 9:18 p.m.	Dec. 17, 2025, 3:06 p.m.	cmdi 862
22	1022	1	19111.40	Aug. 30, 2023, 1:18 a.m.	Aug. 16, 2025, 11:33 a.m.	cmdi 1022

Scan velocity scan_velocity

High request rate and broad endpoint coverage suggest scanning or automated enumeration.

hits 34950 pts 47887.20

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
10	12833	1	23099.40	April 30, 2023, 4:09 p.m.	Dec. 17, 2025, 12:30 p.m.	scan_velocity 12833
24	2007	1	8670.24	Aug. 20, 2023, 1:42 p.m.	Nov. 26, 2025, 2:49 a.m.	scan_velocity 2007
22	550	1	2178.00	Aug. 10, 2023, 1:25 p.m.	Aug. 2, 2025, 2:59 p.m.	scan_velocity 550
12	974	1	2103.84	April 30, 2023, 6:28 a.m.	Oct. 10, 2025, 4:46 p.m.	scan_velocity 974
36	275	1	1782.00	Jan. 10, 2024, 2:11 a.m.	July 4, 2025, 12:25 p.m.	scan_velocity 275
20	451	1	1623.60	Aug. 10, 2023, 1:25 p.m.	July 22, 2025, 8:44 a.m.	scan_velocity 451
32	262	1	1509.12	Oct. 11, 2023, 11:17 a.m.	July 4, 2025, 12:25 p.m.	scan_velocity 262
16	498	1	1434.24	Oct. 5, 2023, 1:17 a.m.	Sept. 26, 2025, 12:45 p.m.	scan_velocity 498
14	559	1	1408.68	July 9, 2023, 10:59 p.m.	Oct. 10, 2025, 12:07 a.m.	scan_velocity 559
18	377	1	1221.48	Oct. 5, 2023, 1:17 a.m.	July 16, 2025, 7:46 p.m.	scan_velocity 377
26	215	1	1006.20	Oct. 5, 2023, 1:17 a.m.	July 4, 2025, 12:25 p.m.	scan_velocity 215
28	167	1	841.68	Oct. 5, 2023, 1:18 a.m.	July 4, 2025, 12:25 p.m.	scan_velocity 167
30	112	1	604.80	Oct. 11, 2023, 1:29 p.m.	July 4, 2025, 12:25 p.m.	scan_velocity 112
34	66	1	403.92	Aug. 10, 2023, 1:25 p.m.	March 21, 2025, 6:19 p.m.	scan_velocity 66
0	15604	1	0.00	April 30, 2023, 6:28 a.m.	Dec. 17, 2025, 12:30 p.m.	scan_velocity 15604

Credential brute forcing cred

Repeated authentication attempts consistent with password guessing or credential stuffing.

hits 11249 pts 41597.60

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
10	4798	1	26389.00	July 6, 2023, 12:31 a.m.	Jan. 10, 2026, 1:28 a.m.	cred 4798
12	1486	1	9807.60	Aug. 9, 2023, 7:10 p.m.	Nov. 28, 2025, 11:43 p.m.	cred 1486
8	954	1	4197.60	July 6, 2023, 12:31 a.m.	Nov. 10, 2025, 12:56 a.m.	cred 954
6	213	1	702.90	May 15, 2023, 5:02 p.m.	Nov. 10, 2025, 12:56 a.m.	cred 213
14	65	1	500.50	July 13, 2023, 12:10 a.m.	April 29, 2025, 10:25 a.m.	cred 65
0	3733	1	0.00	May 15, 2023, 5:02 p.m.	Jan. 10, 2026, 1:28 a.m.	cred 3733

Path traversal attempts trav

Request paths/parameters resemble attempts to access files outside intended directories.

hits 4634 pts 38091.56

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
34	2776	1	24539.84	Dec. 1, 2023, 10:01 a.m.	Sept. 26, 2025, 3:32 p.m.	trav 2776
30	655	1	5109.00	Dec. 23, 2023, 2:39 p.m.	Jan. 9, 2026, 5:19 p.m.	trav 655
28	597	1	4346.16	Sept. 25, 2023, 6:39 a.m.	Jan. 9, 2026, 5:17 p.m.	trav 597
26	606	1	4096.56	Sept. 25, 2023, 6:39 a.m.	Jan. 9, 2026, 5:17 p.m.	trav 606

Automated client behavior bot

Traffic patterns strongly suggest automation rather than a human-operated browser.

hits 56606 pts 26250.70

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
10	36083	1	18041.50	July 6, 2023, 5:31 a.m.	Jan. 10, 2026, 4:11 a.m.	bot 36083
8	20523	1	8209.20	July 13, 2023, 4:03 p.m.	Jan. 10, 2026, 4:50 a.m.	bot 20523

User-Agent anomaly ua

User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.

hits 99070 pts 13942.96

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
6	69444	1	8333.28	April 30, 2023, 2:31 p.m.	Jan. 2, 2026, 6:26 p.m.	ua 69444
8	13836	1	2213.76	July 5, 2023, 10:58 p.m.	Jan. 9, 2026, 10:56 p.m.	ua 13836
10	10726	1	2145.20	July 6, 2023, 11:29 a.m.	Jan. 9, 2026, 10:07 p.m.	ua 10726
12	4180	1	1003.20	Aug. 13, 2023, 12:32 a.m.	Oct. 10, 2025, 12:08 p.m.	ua 4180
14	884	1	247.52	July 8, 2023, 5:20 a.m.	Jan. 10, 2026, 4:59 a.m.	ua 884

Request size anomaly request_size

Requests are unusually large or shaped in a way that suggests abuse or automation.

hits 24714 pts 9949.08

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
12	10014	1	7210.08	April 30, 2023, 7:06 a.m.	Jan. 10, 2026, 1:33 a.m.	request_size 10014
14	2955	1	2482.20	July 5, 2023, 10:22 p.m.	Jan. 10, 2026, 2:49 a.m.	request_size 2955
20	214	1	256.80	July 7, 2023, 12:55 a.m.	April 1, 2025, 6:45 a.m.	request_size 214
0	11531	1	0.00	Dec. 14, 2024, 6:50 p.m.	Jan. 10, 2026, 1:33 a.m.	request_size 11531

Firewall probing fwprobe

Traffic behavior suggests probing of access controls and protected surfaces.

hits 115 pts 1454.40

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
28	57	1	718.20	Sept. 25, 2023, 6:39 a.m.	Jan. 10, 2026, 1:28 a.m.	fwprobe 57
30	43	1	580.50	Sept. 12, 2024, 2:43 p.m.	Jan. 10, 2026, 1:12 a.m.	fwprobe 43
22	5	1	49.50	Oct. 31, 2024, 2:26 a.m.	Nov. 20, 2025, 12:34 a.m.	fwprobe 5
34	2	1	30.60	Oct. 18, 2023, 2:47 p.m.	Nov. 11, 2023, 11:43 a.m.	fwprobe 2
16	4	1	28.80	May 20, 2025, 5:55 a.m.	May 20, 2025, 12:10 p.m.	fwprobe 4
32	2	1	28.80	Dec. 24, 2024, 2:26 a.m.	Dec. 24, 2024, 2:32 a.m.	fwprobe 2
20	2	1	18.00	May 9, 2024, 3:27 a.m.	May 9, 2024, 3:28 a.m.	fwprobe 2

Protocol anomaly proto

Request structure or protocol-level signals deviate from typical browser HTTP traffic.

hits 1004 pts 821.92

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
11	415	1	365.20	July 12, 2023, 10:13 a.m.	Jan. 9, 2026, 3:28 p.m.	proto 415
12	335	1	321.60	June 27, 2023, 9:52 p.m.	Jan. 9, 2026, 5:17 p.m.	proto 335
14	83	1	92.96	Jan. 27, 2025, 8:40 a.m.	Feb. 27, 2025, 8:05 a.m.	proto 83
3	169	1	40.56	June 27, 2023, 9:52 p.m.	Oct. 7, 2025, 12:12 a.m.	proto 169
10	2	1	1.60	Jan. 22, 2025, 5:10 p.m.	Jan. 22, 2025, 5:10 p.m.	proto 2

SQL injection attempts sqli

Input patterns resemble attempts to manipulate SQL queries via application parameters.

hits 20 pts 456.00

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
30	8	1	240.00	Oct. 21, 2023, 2:17 a.m.	Oct. 21, 2023, 2:17 a.m.	sqli 8
18	6	1	108.00	Oct. 21, 2023, 2:17 a.m.	Oct. 21, 2023, 2:17 a.m.	sqli 6
20	5	1	100.00	Sept. 16, 2024, 5:13 p.m.	Feb. 22, 2025, 12:17 p.m.	sqli 5
8	1	1	8.00	Nov. 6, 2025, 9:04 p.m.	Nov. 6, 2025, 9:04 p.m.	sqli 1

HTTP method anomaly method

Unusual or unexpected HTTP methods observed for the target endpoints.

hits 618 pts 277.62

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
8	447	1	214.56	May 3, 2023, 1:40 p.m.	Dec. 14, 2025, 9:18 p.m.	method 447
10	76	1	45.60	July 24, 2023, 9:12 p.m.	Oct. 2, 2025, 4:31 p.m.	method 76
3	93	1	16.74	July 3, 2023, 5:50 a.m.	Sept. 15, 2025, 5:53 a.m.	method 93
6	2	1	0.72	Jan. 22, 2025, 5:10 p.m.	Jan. 22, 2025, 5:10 p.m.	method 2

Referrer abuse ref

Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.

hits 1273 pts 239.16

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
6	1161	1	208.98	July 6, 2023, 12:31 a.m.	Nov. 28, 2025, 7:48 p.m.	ref 1161
9	110	1	29.70	July 24, 2023, 1:24 a.m.	March 28, 2025, 1:13 p.m.	ref 110
8	2	1	0.48	June 21, 2025, 5:28 p.m.	June 21, 2025, 5:28 p.m.	ref 2

Header injection attempts hdrinj

Input patterns suggest attempts to manipulate headers or downstream header parsing.

hits 6 pts 115.20

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
24	6	1	115.20	Oct. 5, 2023, 1:18 a.m.	Oct. 5, 2023, 1:18 a.m.	hdrinj 6

General injection attempts injg

Suspicious input patterns consistent with injection-like probing across multiple families.

hits 2 pts 50.40

Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.

Severity	Total	Labels	Weighted	First seen	Last seen	Top labels
36	2	1	50.40	June 19, 2023, 1:27 a.m.	Oct. 4, 2023, 9:01 p.m.	injg 2

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Uses totals aggregation and renders a donut.

Loading status mix…

Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this Org snapshot (peer IPs with coordinates).

Loading map…

ASNs held by this org

Derived from IP rollups (IPReportTotal). Grouped by (asn, as_org_name).

Order Limit

Loading…

Interesting IPs

Top risky peers inside this org (latest snapshot). Sorted by risk score, then hits.

Bucket

Limit

Filter

No matching IP rows available for this org.

Syndu