DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back

CITY REPORT — __unknown__ · __unknown__

First sighted: June 18, 2023, 3 a.m. · Last sighted: Jan. 26, 2026, 2 a.m.

Risk
35 (med)
Total hits
2532730
Total errors
373881
Distinct IPs
1011
Distinct ASNs
0
Country
N/A
Region
N/A
City
N/A

Risk

Model: v1 Computed: 2026-01-30 09:29:24
Risk score
35
Risk gradient
Key drivers are enriched against the published annotator catalog when available; otherwise sensible defaults are used.
Key drivers
Automated client behavior
Traffic patterns strongly suggest automation rather than a human-operated browser.
bot
Hits 433192
Points 208891.30
Scan velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
scan_velocity
Hits 48633
Points 72098.64
Sensitive file probing
Requests target commonly sensitive files, configs, backups, or administrative resources.
sfp
Hits 2401
Points 18837.72
Command injection attempts
Request content resembles attempts to execute OS commands via an application.
cmdi
Hits 230
Points 5450.20
Path traversal attempts
Request paths/parameters resemble attempts to access files outside intended directories.
trav
Hits 574
Points 4574.44
Credential brute forcing
Repeated authentication attempts consistent with password guessing or credential stuffing.
cred
Hits 1071
Points 3716.90
Request size anomaly
Requests are unusually large or shaped in a way that suggests abuse or automation.
request_size
Hits 3887
Points 3241.08
Firewall probing
Traffic behavior suggests probing of access controls and protected surfaces.
fwprobe
Hits 69
Points 850.50
SQL injection attempts
Input patterns resemble attempts to manipulate SQL queries via application parameters.
sqli
Hits 7
Points 168.00
Protocol anomaly
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
proto
Hits 123
Points 112.08
User-Agent anomaly
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
ua
Hits 270
Points 47.72
Header injection attempts
Input patterns suggest attempts to manipulate headers or downstream header parsing.
hdrinj
Hits 2
Points 38.40

Top Organizations Operating In The City

Most-observed organizations in this city
ORG_UNKNOWN

Traffic

Rollup

Daily activity (hits per day) and basic HTTP rollup counters for this city.

Loading activity…
Daily activity (hits per day). Total in window: .
Traffic rollup
HTTP status classes, URL diversity, and totals.
2xx
1370704
3xx
786485
4xx
295730
5xx
78151
Unique URLs
2503941
Total hits
2532730
First seen
June 18, 2023, 3 a.m.
Last seen
Jan. 26, 2026, 2 a.m.

Annotators (All-time)

Heatmap of annotator × severity. Darker cells mean more volume in that band. Tip: switch to Weighted points to see what drives impact (not just noise).

Severity →
Low High
Automated client behavior bot
Traffic patterns strongly suggest automation rather than a human-operated browser.
hits 433192 pts 208891.30
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 356145 1 178072.50 July 24, 2023, 2:55 a.m. Jan. 25, 2026, 11:59 p.m.
bot 356145
8 77047 1 30818.80 Feb. 26, 2024, 1:50 a.m. Jan. 25, 2026, 11:59 p.m.
bot 77047
Scan velocity scan_velocity
High request rate and broad endpoint coverage suggest scanning or automated enumeration.
hits 48633 pts 72098.64
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 23725 1 42705.00 May 26, 2025, 1:34 a.m. Jan. 25, 2026, 11:05 p.m.
scan_velocity 23725
20 1122 1 4039.20 Jan. 18, 2026, 5:59 p.m. Jan. 24, 2026, 8:45 a.m.
scan_velocity 1122
14 1431 1 3606.12 Jan. 20, 2026, 1:26 a.m. Jan. 24, 2026, 10:51 p.m.
scan_velocity 1431
18 966 1 3129.84 Jan. 18, 2026, 6:08 p.m. Jan. 25, 2026, 7 p.m.
scan_velocity 966
12 1444 1 3119.04 Jan. 18, 2026, 5:17 p.m. Jan. 24, 2026, 10:03 p.m.
scan_velocity 1444
22 782 1 3096.72 Jan. 18, 2026, 11:31 p.m. Jan. 25, 2026, 7 p.m.
scan_velocity 782
24 597 1 2579.04 Jan. 18, 2026, 11:31 p.m. Jan. 25, 2026, 7 p.m.
scan_velocity 597
16 889 1 2560.32 Jan. 20, 2026, 1:33 a.m. Jan. 24, 2026, 10:51 p.m.
scan_velocity 889
32 330 1 1900.80 Jan. 20, 2026, 2 a.m. Jan. 25, 2026, 9:01 p.m.
scan_velocity 330
26 378 1 1769.04 Jan. 20, 2026, 1:35 a.m. Jan. 25, 2026, 7 p.m.
scan_velocity 378
28 253 1 1275.12 Jan. 20, 2026, 1:36 a.m. Jan. 25, 2026, 7 p.m.
scan_velocity 253
30 177 1 955.80 Jan. 20, 2026, 2 a.m. Jan. 24, 2026, 7:20 p.m.
scan_velocity 177
34 121 1 740.52 Jan. 20, 2026, 2:02 a.m. Jan. 25, 2026, 9:01 p.m.
scan_velocity 121
36 96 1 622.08 Jan. 20, 2026, 10:16 a.m. Jan. 25, 2026, 9:02 p.m.
scan_velocity 96
0 16322 1 0.00 May 26, 2025, 1:34 a.m. Jan. 25, 2026, 11:05 p.m.
scan_velocity 16322
Sensitive file probing sfp
Requests target commonly sensitive files, configs, backups, or administrative resources.
hits 2401 pts 18837.72
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
40 1613 1 14194.40 Feb. 5, 2024, 12:40 a.m. Jan. 25, 2026, 11:37 p.m.
sensitive_file 1613
24 264 1 1393.92 July 24, 2023, 1:45 a.m. Jan. 25, 2026, 11:37 p.m.
sensitive_file 264
36 169 1 1338.48 Jan. 18, 2026, 6:28 p.m. Jan. 25, 2026, 10:33 p.m.
sensitive_file 169
34 113 1 845.24 May 27, 2024, 1:55 a.m. Jan. 25, 2026, 10:47 p.m.
sensitive_file 113
16 158 1 556.16 Jan. 19, 2026, 10:53 p.m. Jan. 25, 2026, 9:33 p.m.
sensitive_file 158
22 39 1 188.76 Jan. 20, 2026, 2:06 a.m. Jan. 25, 2026, 10:16 p.m.
sensitive_file 39
30 24 1 158.40 Jan. 20, 2026, 1:21 a.m. Jan. 25, 2026, 9:32 p.m.
sensitive_file 24
44 13 1 125.84 Jan. 20, 2026, 5:16 a.m. Jan. 23, 2026, 4:14 p.m.
sensitive_file 13
42 3 1 27.72 Jan. 20, 2026, 4:03 p.m. Jan. 25, 2026, 12:37 p.m.
sensitive_file 3
8 5 1 8.80 Jan. 20, 2026, 5:51 a.m. Jan. 21, 2026, 6:48 p.m.
sensitive_file 5
Command injection attempts cmdi
Request content resembles attempts to execute OS commands via an application.
hits 230 pts 5450.20
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 116 1 2760.80 June 19, 2023, 1:04 a.m. Jan. 25, 2026, 10:33 p.m.
cmdi 116
30 82 1 2091.00 Jan. 18, 2026, 6:28 p.m. Jan. 25, 2026, 10:33 p.m.
cmdi 82
22 32 1 598.40 Aug. 4, 2025, 1:11 a.m. Jan. 24, 2026, 6:49 a.m.
cmdi 32
Path traversal attempts trav
Request paths/parameters resemble attempts to access files outside intended directories.
hits 574 pts 4574.44
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
34 256 1 2263.04 Jan. 20, 2026, 1:43 a.m. Jan. 25, 2026, 9:33 p.m.
trav 256
30 100 1 780.00 May 27, 2024, 1:55 a.m. Jan. 25, 2026, 9:50 p.m.
trav 100
28 105 1 764.40 May 27, 2024, 1:55 a.m. Jan. 25, 2026, 9:50 p.m.
trav 105
26 111 1 750.36 May 27, 2024, 1:55 a.m. Jan. 25, 2026, 9:50 p.m.
trav 111
32 2 1 16.64 Jan. 20, 2026, 6:01 p.m. Jan. 21, 2026, 6:45 p.m.
trav 2
Credential brute forcing cred
Repeated authentication attempts consistent with password guessing or credential stuffing.
hits 1071 pts 3716.90
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
10 442 1 2431.00 July 24, 2023, 1:24 a.m. Jan. 25, 2026, 11:03 p.m.
cred 442
12 107 1 706.20 Feb. 26, 2024, 1:07 a.m. Jan. 25, 2026, 8:05 p.m.
cred 107
8 119 1 523.60 Nov. 20, 2023, 1:29 a.m. Jan. 25, 2026, 11:03 p.m.
cred 119
6 17 1 56.10 Nov. 10, 2025, 12:56 a.m. Jan. 23, 2026, 11:26 p.m.
cred 17
0 386 1 0.00 July 24, 2023, 1:24 a.m. Jan. 25, 2026, 11:03 p.m.
cred 386
Request size anomaly request_size
Requests are unusually large or shaped in a way that suggests abuse or automation.
hits 3887 pts 3241.08
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
14 3825 1 3213.00 May 26, 2025, 1:11 a.m. Jan. 25, 2026, 11:59 p.m.
request_size 3825
12 24 1 17.28 March 3, 2025, 12:19 a.m. Aug. 4, 2025, 2:28 a.m.
request_size 24
20 9 1 10.80 Jan. 19, 2026, 6:59 p.m. Jan. 23, 2026, 2:58 p.m.
request_size 9
0 29 1 0.00 March 3, 2025, 12:10 a.m. Jan. 18, 2026, 6:07 p.m.
request_size 29
Firewall probing fwprobe
Traffic behavior suggests probing of access controls and protected surfaces.
hits 69 pts 850.50
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
28 28 1 352.80 Jan. 20, 2026, 5:17 a.m. Jan. 25, 2026, 6:49 p.m.
fwprobe 28
30 22 1 297.00 Jan. 20, 2026, 1:46 a.m. Jan. 25, 2026, 2:04 p.m.
fwprobe 22
22 13 1 128.70 Jan. 20, 2026, 3:56 a.m. Jan. 25, 2026, 1:53 p.m.
fwprobe 13
26 3 1 35.10 Jan. 23, 2026, 4:45 a.m. Jan. 24, 2026, 11:38 a.m.
fwprobe 3
24 2 1 21.60 Jan. 21, 2026, 5:18 a.m. Jan. 21, 2026, 5:18 a.m.
fwprobe 2
34 1 1 15.30 Jan. 23, 2026, 8:50 a.m. Jan. 23, 2026, 8:50 a.m.
fwprobe 1
SQL injection attempts sqli
Input patterns resemble attempts to manipulate SQL queries via application parameters.
hits 7 pts 168.00
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
24 3 1 72.00 Jan. 20, 2026, 10:14 a.m. Jan. 22, 2026, 9:23 a.m.
sqli 3
30 2 1 60.00 Jan. 20, 2026, 2:02 p.m. Jan. 20, 2026, 3:41 p.m.
sqli 2
18 2 1 36.00 Jan. 20, 2026, 2:02 p.m. Jan. 20, 2026, 3:41 p.m.
sqli 2
Protocol anomaly proto
Request structure or protocol-level signals deviate from typical browser HTTP traffic.
hits 123 pts 112.08
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
11 88 1 77.44 Jan. 19, 2026, 8:54 p.m. Jan. 25, 2026, 4:32 a.m.
proto 88
12 31 1 29.76 May 27, 2024, 1:55 a.m. Jan. 25, 2026, 9:50 p.m.
proto 31
24 2 1 3.84 Jan. 20, 2026, 4:46 a.m. Jan. 20, 2026, 5 a.m.
proto 2
10 1 1 0.80 Jan. 21, 2026, 5:29 a.m. Jan. 21, 2026, 5:29 a.m.
proto 1
3 1 1 0.24 May 27, 2024, 1:55 a.m. May 27, 2024, 1:55 a.m.
proto 1
User-Agent anomaly ua
User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.
hits 270 pts 47.72
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
8 113 1 18.08 July 24, 2023, 2:32 a.m. Jan. 18, 2026, 11:31 p.m.
ua 113
14 39 1 10.92 Feb. 26, 2024, 12:59 a.m. Jan. 18, 2026, 6:08 p.m.
ua 39
6 71 1 8.52 June 19, 2023, 1:04 a.m. Sept. 26, 2025, 1:45 a.m.
ua 71
10 27 1 5.40 June 10, 2024, 1:37 a.m. Aug. 4, 2025, 2:15 a.m.
ua 27
12 20 1 4.80 May 26, 2025, 2:03 a.m. Aug. 4, 2025, 2:29 a.m.
ua 20
Header injection attempts hdrinj
Input patterns suggest attempts to manipulate headers or downstream header parsing.
hits 2 pts 38.40
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
24 2 1 38.40 Jan. 20, 2026, 4:46 a.m. Jan. 20, 2026, 5 a.m.
hdrinj 2
General injection attempts injg
Suspicious input patterns consistent with injection-like probing across multiple families.
hits 1 pts 25.20
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
36 1 1 25.20 June 19, 2023, 1:27 a.m. June 19, 2023, 1:27 a.m.
injg 1
Referrer abuse ref
Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.
hits 96 pts 18.00
Breakdown by severity band (all-time). “Weighted” reflects your weight configuration.
Severity Total Labels Weighted First seen Last seen Top labels
6 88 1 15.84 Feb. 26, 2024, 12:58 a.m. Jan. 25, 2026, 10:01 a.m.
ref 88
9 8 1 2.16 July 24, 2023, 1:24 a.m. Jan. 25, 2026, 3:40 a.m.
ref 8

HTTP Status Breakdown

Response mix grouped by status class (2xx/3xx/4xx/5xx). Uses totals aggregation and renders a donut.

Loading status mix…
Running one aggregation and rendering the chart.

Geolocation

Live geolocation and map tiles auto-load for this Org snapshot (peer IPs with coordinates).

Loading map…

Top Autonomous System Networks

Most-observed networks in this city
No ASN rollups available.

Interesting IPs

Top risky peers inside this city (latest snapshot). Sorted by risk score, then hits.

No matching IP rows available for this city.