US Bot
Bot
Unknown
Policy:
Silent Throttle
Probability
89 %
Confidence
68 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
3h 18m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
Low
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /www/.env |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 23:28:15 | GET | /www/.env | 200 | 89 % | 68 % | VeryHigh | Silent Throttle | 1.3ms |
Analysis
Suspicious automated client on /www/.env - caught by Heuristic model (early): 77 % bot likelihood (22 features), Previously identified as bot (UserAgent seen 134 times), Datacenter IP detected: Google Cloud
Detection Signals
- • Heuristic model (early): 77 % bot likelihood (22 features)
- • Previously identified as bot (UserAgent seen 134 times)
- • Datacenter IP detected: Google Cloud
- • Visiting many random URLs in no logical order (random scanning pattern)
- • TLS connection appears normal
Detector Contributions (14 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
Heuristic
Heuristic model (early): 77 % bot likelihood (22 features)
|
+0.550 | 0.0 |
|
FastPathReputation
Previously identified as bot (UserAgent seen 134 times)
|
+0.600 | 0.0 |
|
Ip
Datacenter IP detected: Google Cloud
|
+0.600 | 0.0 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.2 |
|
Behavioral
Request patterns appear normal; Visiting many random URLs in no logical order (random scanning pattern)
|
+0.050 | 0.2 |
|
Header
Missing Accept header; deployment norm is low Accept rate (39 % over 296 samples); Browser UA without Accept-Language; deployment norm is low language rate (16 % over 295 samples)
|
+0.000 | 0.0 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 379 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
379
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
False
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
population_accept_rate
0.385
is_service_worker_fetch
False
population_accept_language_rate
0.159
heuristic
confidence
0.55
prediction
bot
early_completed
True
ip
subnet
34.127.126
is_ipv6
False
is_local
False
provider
Google Cloud
is_datacenter
True
datacenter_name
Google Cloud
reputation
can_abort
True
fastpath_hit
True
fast_abort_active
True
fastpath.useragent.score
0.978
fastpath.useragent.state
ConfirmedBad
fastpath.useragent.support
134.383
fastpath.useragent.pattern_id
ua:81b197d8528f2ba4
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
probability 0.89; confirmed bad actor
friendly_pin_trace
not-applicable:botType=Unknown,yamlType=null,botName=null
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Chrome
is_bot
False
family_version
67
Signature:
2FkKyntMobc3--L2-hEJuA
|
Processing: 1.3ms
|
Country: US
|
First seen: 2026-06-09 23:28:15 UTC