Claude's Coder Caper
Bot
Scraper
Policy:
Aggressive Throttle
Probability
90 %
Confidence
88 %
Risk Profile
VeryHigh
Threat
None
Hit Count
1
Last Seen
4h 9m ago
Drifted
Googlebot
→
Mastodon Family
0.35
→
0.36
Fingerprint Profile
TLS Version
--
HTTP Protocol
--
Protocol Client
Detected
TCP OS Hint
+1.05
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean
Endpoints Visited (1) Click to expand
| # | Path |
|---|---|
| 1 | /dashboard/entity/b93ed0c3b48041f5 |
Raw Requests (1) Click to expand
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 22:54:39 | GET | /dashboard/entity/b93ed0c3b48041f5 | 200 | 90 % | 88 % | VeryHigh | Aggressive Throttle | 121.7ms |
Analysis
Claude's Coder Caper on /dashboard/entity... - caught by Heuristic model (late): 100 % bot likelihood (241 features), [Reputation] UA pattern ConfirmedBad (score=0.86, support..., Previously identified as bot (UserAgent seen 120 times)
Detection Signals
- • Heuristic model (late): 100 % bot likelihood (241 features)
- • [Reputation] UA pattern ConfirmedBad (score=0.86, support=120)
- • Previously identified as bot (UserAgent seen 120 times)
- • Heuristic model (early): 70 % bot likelihood (22 features)
- • Browser User-Agent without Accept-Language header
Detector Contributions (26 detectors)
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
HeuristicLate
Heuristic model (late): 100 % bot likelihood (241 features)
|
+1.000 | 0.1 |
|
ReputationBias
[Reputation] UA pattern ConfirmedBad (score=0.86, support=120)
|
+0.750 | 0.0 |
|
Inconsistency
Browser User-Agent without Accept-Language header; Chrome User-Agent without Client Hints
|
+0.700 | 0.0 |
|
FastPathReputation
Previously identified as bot (UserAgent seen 120 times)
|
+0.600 | 0.0 |
|
Heuristic
Heuristic model (early): 70 % bot likelihood (22 features)
|
+0.400 | 0.0 |
|
VersionAge
Chrome v97 is 37 versions behind (latest: 134)
|
+0.400 | 0.0 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.3 |
|
Behavioral
Request patterns appear normal
|
-0.300 | 0.0 |
|
Ip
IP appears normal: 167.249.136.xxx
|
-0.250 | 20.1 |
|
IdentityChange
Matched fingerprint shifted surface dimensions: UA family Brave -> Chrome
|
+0.060 | 0.0 |
|
Header
Browser UA without Accept-Language; deployment norm is low language rate (20 % over 469 samples)
|
+0.000 | 0.0 |
|
Intent
Session intent: unknown (threat=0.05, band=None)
|
+0.000 | 0.0 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
StreamAbuse
Stream abuse check - non-streaming request
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
SessionVector
Session tracking active (1 requests, 0 prior sessions)
|
+0.000 | 0.0 |
|
ClaimedIdentity
Chrome behavioral profile mismatch (consistency=0.34): missing Sec-Fetch headers (expected for this browser); no Accept-Language (browsers always send this); no text/html in Accept (expected for browser)
|
+0.350 | 0.0 |
|
ReactivePattern
No prior error events to analyze
|
+0.000 | 0.0 |
|
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (0 % HTTP/2 over 303 samples)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
|
+0.000 | 0.0 |
|
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
|
BehavioralWaveform
Behavioral waveform analysis complete (insufficient history)
|
+0.000 | 0.0 |
|
MultiLayerCorrelation
Cross-signal consistency check complete (not enough data to compare)
|
+0.000 | 0.0 |
Signal Intelligence
behavioral
anomaly
False
h2
is_http2
False
protocol
HTTP/1.1
behind_proxy
False
population_samples
303
population_http2_rate
0
h3
is_http3
False
protocol
HTTP/1.1
header
count
14
has_accept
True
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers
False
has_accept_encoding
True
has_accept_language
False
is_websocket_upgrade
False
sec_fetch_same_origin
False
is_service_worker_fetch
False
population_accept_language_rate
0.203
heuristic
confidence
0.4
prediction
bot
early_completed
True
late_confidence
1
late_prediction
bot
intent
analyzed
True
category
unknown
match_count
1
threat_band
None
threat_score
0.05
similarity_score
0.978
ip
subnet
167.249.136
is_ipv6
False
is_local
False
is_datacenter
False
reputation
can_abort
True
bias_count
1
bias_applied
True
fastpath_hit
True
useragent.score
0.864
useragent.state
ConfirmedBad
fast_abort_active
True
useragent.support
120.444
fastpath.useragent.score
0.864
fastpath.useragent.state
ConfirmedBad
fastpath.useragent.support
120.444
fastpath.useragent.pattern_id
ua:81b197d8528f2ba4
request
protocol
HTTP/1.1
accept_encoding
gzip, br
risk
justification
probability 0.90; confirmed bad actor
ua_family_changed
True
friendly_pin_trace
not-applicable:botType=Scraper,yamlType=null,botName=null
suspicious_change_score
0.3
suspicious_change_reason
UA family Brave -> Chrome
tcp
connection_header
keep-alive
tls
is_https
True
available
True
ua
family
Chrome
is_bot
False
family_version
97
Signature:
9lShFbV-NJs6P-xeRp6mCw
|
Processing: 121.7ms
|
Country: BR
|
First seen: 2026-06-09 22:54:39 UTC