US Bot
Bot
Policy:
Silent Throttle
Probability
100 %
Confidence
100 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
1h 16m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
+0.72
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /server/.env.production |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 23:28:16 | GET | /server/.env.production | 200 | 100 % | 100 % | VeryHigh | Silent Throttle | 1.6ms |
Analysis
Suspicious automated client on /server/.env.prod... - caught by Previously identified as bot (IP seen 76 times), Heuristic model (early): 80 % bot likelihood (21 features), Datacenter IP detected: Google Cloud
Detection Signals
- • Previously identified as bot (IP seen 76 times)
- • Heuristic model (early): 80 % bot likelihood (21 features)
- • Datacenter IP detected: Google Cloud
- • Browser User-Agent without Accept-Language
- • Visiting many random URLs in no logical order (random scanning pattern)
Detector Contributions (14 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
FastPathReputation
Previously identified as bot (IP seen 76 times)
|
+1.000 | 0.1 |
|
Heuristic
Heuristic model (early): 80 % bot likelihood (21 features)
|
+0.609 | 0.0 |
|
Ip
Datacenter IP detected: Google Cloud
|
+0.600 | 0.0 |
|
Header
Missing Accept header; Browser User-Agent without Accept-Language
|
+0.599 | 0.1 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.4 |
|
Behavioral
Request patterns appear normal; Visiting many random URLs in no logical order (random scanning pattern)
|
+0.050 | 0.2 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 438 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
438
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
False
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
population_accept_rate
0.855
is_service_worker_fetch
False
population_accept_language_rate
0.855
heuristic
confidence
0.609
prediction
bot
early_completed
True
ip
subnet
34.127.126
is_ipv6
False
is_local
False
provider
Google Cloud
is_datacenter
True
datacenter_name
Google Cloud
reputation
can_abort
True
fastpath_hit
True
fast_abort_active
True
fastpath.ip.score
1
fastpath.ip.state
ConfirmedBad
fastpath.ip.support
76.093
fastpath.ip.pattern_id
ip:34.127.126.0/24
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
Verified bad bot
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Safari
is_bot
False
family_version
4
Signature:
9ocD-gI3uOGpDFMoTQgwlQ
|
Processing: 1.6ms
|
Country: US
|
First seen: 2026-06-09 23:28:16 UTC