US Bot
Bot
Unknown
Policy:
Silent Throttle
Probability
88 %
Confidence
68 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
1h 23m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
+0.17
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /services/.env.production |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 23:28:15 | GET | /services/.env.production | 200 | 88 % | 68 % | VeryHigh | Silent Throttle | 1.0ms |
Analysis
Suspicious automated client on /services/.env.pr... - caught by Previously identified as bot (UserAgent seen 12 times), Heuristic model (early): 70 % bot likelihood (18 features), Datacenter IP detected: Google Cloud
Detection Signals
- • Previously identified as bot (UserAgent seen 12 times)
- • Heuristic model (early): 70 % bot likelihood (18 features)
- • Datacenter IP detected: Google Cloud
- • Visiting many random URLs in no logical order (random scanning pattern)
- • TLS connection appears normal
Detector Contributions (14 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
FastPathReputation
Previously identified as bot (UserAgent seen 12 times)
|
+0.600 | 0.0 |
|
Heuristic
Heuristic model (early): 70 % bot likelihood (18 features)
|
+0.392 | 0.0 |
|
Ip
Datacenter IP detected: Google Cloud
|
+0.600 | 0.0 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.2 |
|
Header
Missing Accept header
|
+0.142 | 0.0 |
|
Behavioral
Request patterns appear normal; Visiting many random URLs in no logical order (random scanning pattern)
|
+0.050 | 0.1 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 335 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
335
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
False
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
population_accept_rate
0.709
is_service_worker_fetch
False
heuristic
confidence
0.392
prediction
bot
early_completed
True
ip
subnet
34.127.126
is_ipv6
False
is_local
False
provider
Google Cloud
is_datacenter
True
datacenter_name
Google Cloud
reputation
can_abort
True
fastpath_hit
True
fast_abort_active
True
fastpath.useragent.score
0.621
fastpath.useragent.state
ConfirmedBad
fastpath.useragent.support
11.937
fastpath.useragent.pattern_id
ua:3a738855789abb50
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
probability 0.88; confirmed bad actor
friendly_pin_trace
not-applicable:botType=Unknown,yamlType=null,botName=null
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Other
is_bot
False
family_version
Signature:
A0Hy0unYAz_xw-ocxXDiww
|
Processing: 1.0ms
|
Country: US
|
First seen: 2026-06-09 23:28:15 UTC