Header Hooligan Hashing
Bot
Unknown
Policy:
Silent Throttle
Probability
90 %
Confidence
88 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
1h 44m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
+1.50
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /docs/running-locally |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 20:42:54 | GET | /docs/running-locally | 200 | 90 % | 88 % | VeryHigh | Silent Throttle | 124.9ms |
Analysis
Header Hooligan Hashing on /docs/running-loc... - caught by Heuristic model (late): 100 % bot likelihood (235 features), [Reputation] UA pattern ConfirmedBad (score=0.83, support..., Previously identified as bot (UserAgent seen 121 times)
Detection Signals
- • Heuristic model (late): 100 % bot likelihood (235 features)
- • [Reputation] UA pattern ConfirmedBad (score=0.83, support=121)
- • Previously identified as bot (UserAgent seen 121 times)
- • Heuristic model (early): 70 % bot likelihood (22 features)
- • Browser User-Agent without Accept-Language header
Detector Contributions (25 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
HeuristicLate
Heuristic model (late): 100 % bot likelihood (235 features)
|
+1.000 | 0.2 |
|
ReputationBias
[Reputation] UA pattern ConfirmedBad (score=0.83, support=121)
|
+0.750 | 0.0 |
|
Inconsistency
Browser User-Agent without Accept-Language header; Chrome User-Agent without Client Hints; Outdated browser version in User-Agent
|
+1.000 | 0.0 |
|
FastPathReputation
Previously identified as bot (UserAgent seen 121 times)
|
+0.600 | 0.1 |
|
Heuristic
Heuristic model (early): 70 % bot likelihood (22 features)
|
+0.399 | 0.0 |
|
VersionAge
Chrome v89 is 45 versions behind (latest: 134)
|
+0.400 | 0.0 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.2 |
|
Behavioral
Request patterns appear normal
|
-0.300 | 0.0 |
|
Ip
IP appears normal: 186.40.202.xxx
|
-0.250 | 20.7 |
|
Header
Browser UA without Accept-Language; deployment norm is low language rate (21 % over 457 samples)
|
+0.000 | 0.0 |
|
Intent
Session intent: unknown (threat=0.05, band=None)
|
+0.000 | 0.1 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
StreamAbuse
Stream abuse check - non-streaming request
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
SessionVector
Session tracking active (1 requests, 0 prior sessions)
|
+0.000 | 0.0 |
|
ClaimedIdentity
Chrome behavioral profile mismatch (consistency=0.34): missing Sec-Fetch headers (expected for this browser); no Accept-Language (browsers always send this); no text/html in Accept (expected for browser)
|
+0.350 | 0.0 |
|
ReactivePattern
No prior error events to analyze
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 291 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
|
BehavioralWaveform
Behavioral waveform analysis complete (insufficient history)
|
+0.000 | 0.0 |
|
MultiLayerCorrelation
Cross-signal consistency check complete (not enough data to compare)
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
291
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
True
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
is_service_worker_fetch
False
population_accept_language_rate
0.208
heuristic
confidence
0.399
prediction
bot
early_completed
True
late_confidence
1
late_prediction
bot
intent
analyzed
True
category
unknown
match_count
1
threat_band
None
threat_score
0.05
similarity_score
1
ip
subnet
186.40.202
is_ipv6
False
is_local
False
is_datacenter
False
reputation
can_abort
True
bias_count
1
bias_applied
True
fastpath_hit
True
useragent.score
0.83
useragent.state
ConfirmedBad
fast_abort_active
True
useragent.support
121.234
fastpath.useragent.score
0.83
fastpath.useragent.state
ConfirmedBad
fastpath.useragent.support
121.234
fastpath.useragent.pattern_id
ua:81b197d8528f2ba4
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
probability 0.90; confirmed bad actor
friendly_pin_trace
not-applicable:botType=Unknown,yamlType=null,botName=null
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Chrome
is_bot
False
family_version
89
Signature:
b9SeHeTCxMxdnYbG1lLx0Q
|
Processing: 124.9ms
|
Country: CL
|
First seen: 2026-06-09 20:42:54 UTC