Claude's Coder Caper
Bot
Unknown
Policy:
Silent Throttle
Probability
90 %
Confidence
88 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
3h 46m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
+1.50
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /dashboard/signature/fHcLM6ioTqVp-q-htsSs8g |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 23:11:47 | GET | /dashboard/signature/fHcLM6ioTqVp-q-htsSs8g | 200 | 90 % | 88 % | VeryHigh | Silent Throttle | 122.1ms |
Analysis
Claude's Coder Caper on /dashboard/signat... - caught by Heuristic model (late): 100 % bot likelihood (239 features), [Reputation] UA pattern ConfirmedBad (score=0.91, support..., Previously identified as bot (UserAgent seen 60 times)
Detection Signals
- • Heuristic model (late): 100 % bot likelihood (239 features)
- • [Reputation] UA pattern ConfirmedBad (score=0.91, support=60)
- • Previously identified as bot (UserAgent seen 60 times)
- • Heuristic model (early): 70 % bot likelihood (22 features)
- • Browser User-Agent without Accept-Language header
Detector Contributions (26 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
HeuristicLate
Heuristic model (late): 100 % bot likelihood (239 features)
|
+1.000 | 0.1 |
|
ReputationBias
[Reputation] UA pattern ConfirmedBad (score=0.91, support=60)
|
+0.750 | 0.0 |
|
Inconsistency
Browser User-Agent without Accept-Language header; Chrome User-Agent without Client Hints; Outdated browser version in User-Agent
|
+1.000 | 0.0 |
|
FastPathReputation
Previously identified as bot (UserAgent seen 60 times)
|
+0.600 | 0.1 |
|
Heuristic
Heuristic model (early): 70 % bot likelihood (22 features)
|
+0.398 | 0.0 |
|
VersionAge
Chrome v85 is 49 versions behind (latest: 134)
|
+0.400 | 0.0 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.2 |
|
Behavioral
Request patterns appear normal
|
-0.300 | 0.0 |
|
Ip
IP appears normal: 169.224.28.xxx
|
-0.250 | 20.5 |
|
IdentityChange
Matched fingerprint shifted surface dimensions: UA family Chrome -> Brave
|
+0.060 | 0.0 |
|
Header
Browser UA without Accept-Language; deployment norm is low language rate (0 % over 74 samples)
|
+0.000 | 0.0 |
|
Intent
Session intent: unknown (threat=0.05, band=None)
|
+0.000 | 0.1 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
StreamAbuse
Stream abuse check - non-streaming request
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
SessionVector
Session tracking active (1 requests, 0 prior sessions)
|
+0.000 | 0.0 |
|
ClaimedIdentity
No profile for UA family 'Brave'
|
+0.000 | 0.0 |
|
ReactivePattern
No prior error events to analyze
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 74 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
|
BehavioralWaveform
Behavioral waveform analysis complete (insufficient history)
|
+0.000 | 0.0 |
|
MultiLayerCorrelation
Cross-signal consistency check complete (not enough data to compare)
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
74
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
True
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
is_service_worker_fetch
False
population_accept_language_rate
0
heuristic
confidence
0.398
prediction
bot
early_completed
True
late_confidence
1
late_prediction
bot
intent
analyzed
True
category
unknown
match_count
1
threat_band
None
threat_score
0.05
similarity_score
0.978
ip
subnet
169.224.28
is_ipv6
False
is_local
False
is_datacenter
False
reputation
can_abort
True
bias_count
1
bias_applied
True
fastpath_hit
True
useragent.score
0.911
useragent.state
ConfirmedBad
fast_abort_active
True
useragent.support
59.959
fastpath.useragent.score
0.911
fastpath.useragent.state
ConfirmedBad
fastpath.useragent.support
59.959
fastpath.useragent.pattern_id
ua:45cb312f9bdf58b2
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
probability 0.90; confirmed bad actor
ua_family_changed
True
friendly_pin_trace
not-applicable:botType=Unknown,yamlType=null,botName=null
suspicious_change_score
0.3
suspicious_change_reason
UA family Chrome -> Brave
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Brave
is_bot
False
family_version
85
Signature:
4y1xKAun_UR_tzBCPGzNKw
|
Processing: 122.1ms
|
Country: IQ
|
First seen: 2026-06-09 23:11:47 UTC