Sign in
← Dashboard / Signature Detail
US

Chrome 126 Linux

· Chrome 126.0.0 / Linux Human
Scraper
Policy: Silent Throttle
Probability
0 %
Confidence
95 %
Risk Profile
VeryLow
Threat
None
Hit Count
50
Last Seen
51s ago
Network Locale Headers Tool Transport Session Quality
Closest to
Chrome Desktop
Drift vs
23.9%

Fingerprint Profile

TLS Version
Unavailable
HTTP Protocol
HTTP/1.1
Protocol Client
Unavailable
TCP OS Hint
Unavailable
Fingerprint Integrity
Consistent
UA Consistency
Suspect
Headless Indicator
Low
Datacenter IP
Clean

Browser modes same browser, different modes. One row per persisted mode

Mode Observations Maturity Shift from baseline Last seen
navigation 682 682 0.00 (upgrade insecure requests, x requested with, sec ch ua brands ordered) 01:51:22
sub-resource 2 2 0.62 (upgrade insecure requests, header order hash, ip subnet) 19:09:37
signalr-negotiate 4 4 0.56 (upgrade insecure requests, x requested with, sec ch ua brands ordered) 21:33:31
bot-raw 1 1 0.74 (x requested with, upgrade insecure requests, sec ch ua brands ordered) 15:00:06
4 modes across 689 observations. See composite browser-mode fingerprints.
Endpoints Visited (41) Click to expand · stats unavailable
# Path
1 /%2e%2e/%2e%2e/.env
2 /%u002e%u002e/%u002e%u002e/.env
3 /etc/passwd
4 /..%c0%af../etc/passwd
5 /media../.env
6 /console
7 /.env..
8 /....//....//....//....//proc/self/environ
9 /....//....//....//home/.env
10 /....//....//....//srv/.env
11 /....//....//home/admin/.ssh/id_rsa
12 /....//....//home/www-data/.ssh/id_rsa
13 /....//....//srv/.env
14 /....//home/ubuntu/.ssh/id_ed25519
15 /../var/www/html/config.php
16 /home/ec2-user/.ssh/id_rsa
17 /var/www/html/config.php
18 /%2f..%2f../proc/self/environ
19 /%2f../etc/apache2/apache2.conf
20 /%2e%2e/%2e%2e/home/deploy/.ssh/id_rsa
21 /%2e%2e/home/admin/.ssh/id_rsa
22 /%2e%2e/home/ubuntu/.ssh/id_ed25519
23 /%2e%2e/root/.bash_history
24 /proc/version
25 /home/git/.ssh/id_rsa
26 /var/www/.git/config
27 /var/log/apache2/access.log
28 /var/www/html/.env
29 /root/.ssh/id_rsa
30 /var/log/secure
31 /.env
32 /root/.bash_history
33 /etc/ssh/sshd_config
34 /user.css
35 /profile.css
36 /server.js
37 /.git/HEAD
38 /actuator/beans
39 /static../.env
40 /..%c0%af..%c0%af.env
41 /%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
Raw Requests (50) Click to expand
Time Method Path Status Prob Conf Risk Profile Action Time
04:03:52 GET /%2e%2e/%2e%2e/.env 200 100 % 100 % VeryHigh Silent Throttle 14.1ms
04:03:37 GET /%u002e%u002e/%u002e%u002e/.env 200 100 % 100 % VeryLow Monitor Only 12.5ms
04:03:08 GET /etc/passwd 200 100 % 100 % VeryLow Monitor Only 11.1ms
04:03:06 GET /..%c0%af../etc/passwd 200 34 % 83 % Low Allow 18.2ms
04:03:05 GET /etc/passwd 200 100 % 100 % VeryLow Monitor Only 12.1ms
04:02:54 GET /media../.env 200 100 % 100 % VeryLow Monitor Only 12.3ms
04:02:45 GET /console 200 16 % 87 % Low Allow 14.2ms
04:02:43 GET /etc/passwd 200 100 % 100 % VeryLow Monitor Only 11.5ms
04:02:16 GET /.env.. 200 100 % 100 % VeryLow Monitor Only 12.2ms
04:01:14 GET /....//....//....//....//proc/self/environ 200 6 % 68 % Low Allow 10.9ms
04:01:02 GET /....//....//....//home/.env 200 100 % 100 % VeryLow Monitor Only 11.3ms
04:01:02 GET /....//....//....//srv/.env 200 100 % 100 % VeryLow Monitor Only 12.0ms
04:00:53 GET /....//....//home/admin/.ssh/id_rsa 200 11 % 68 % Low Allow 11.9ms
04:00:52 GET /....//....//home/www-data/.ssh/id_rsa 200 6 % 68 % Low Allow 12.4ms
04:00:41 GET /....//....//srv/.env 200 100 % 100 % VeryLow Monitor Only 12.2ms
04:00:25 GET /....//home/ubuntu/.ssh/id_ed25519 200 6 % 68 % Low Allow 11.9ms
03:59:40 GET /../var/www/html/config.php 200 11 % 68 % Low Allow 11.9ms
03:58:30 GET /home/ec2-user/.ssh/id_rsa 200 2 % 68 % VeryLow Allow 14.0ms
03:58:24 GET /var/www/html/config.php 200 16 % 68 % Low Allow 12.1ms
03:57:53 GET /var/www/html/config.php 200 6 % 68 % Low Allow 12.1ms
03:57:20 GET /%2f..%2f../proc/self/environ 200 100 % 100 % VeryLow Monitor Only 12.5ms
03:57:10 GET /%2f../etc/apache2/apache2.conf 200 16 % 87 % Low Allow 15.2ms
03:56:53 GET /%2e%2e/%2e%2e/home/deploy/.ssh/id_rsa 200 3 % 68 % Low Allow 11.6ms
03:56:32 GET /%2e%2e/home/admin/.ssh/id_rsa 200 6 % 68 % Low Allow 11.9ms
03:56:31 GET /%2e%2e/home/ubuntu/.ssh/id_ed25519 200 3 % 68 % Low Allow 11.8ms
03:56:28 GET /%2e%2e/root/.bash_history 200 3 % 68 % Low Allow 11.8ms
03:56:01 GET /proc/version 200 100 % 100 % VeryHigh Silent Throttle 13.5ms
03:55:42 GET /etc/passwd 200 100 % 100 % VeryLow Monitor Only 12.1ms
03:55:41 GET /home/git/.ssh/id_rsa 200 3 % 68 % Low Allow 11.7ms
03:55:39 GET /var/www/.git/config 200 10 % 68 % VeryLow Allow 13.0ms
03:55:37 GET /var/log/apache2/access.log 200 19 % 86 % Low Allow 13.1ms
03:55:32 GET /var/www/html/.env 200 100 % 100 % VeryLow Monitor Only 12.3ms
03:55:32 GET /proc/version 200 100 % 100 % VeryHigh Silent Throttle 12.2ms
03:55:27 GET /home/ec2-user/.ssh/id_rsa 200 3 % 68 % Low Allow 12.0ms
03:55:26 GET /root/.ssh/id_rsa 200 9 % 68 % VeryLow Allow 11.9ms
03:55:21 GET /var/log/secure 200 3 % 68 % Low Allow 11.9ms
03:55:05 GET /.env 200 100 % 100 % VeryHigh Silent Throttle 13.3ms
03:54:53 GET /root/.bash_history 200 3 % 68 % Low Allow 11.9ms
03:54:12 GET /home/git/.ssh/id_rsa 200 2 % 68 % VeryLow Allow 16.8ms
03:54:10 GET /etc/ssh/sshd_config 200 6 % 68 % Low Allow 12.1ms
03:53:38 GET /user.css 200 3 % 68 % Low Allow 11.6ms
03:53:34 GET /profile.css 200 3 % 68 % Low Allow 12.0ms
03:53:18 GET /server.js 200 3 % 68 % Low Allow 11.9ms
03:53:16 GET /.git/HEAD 200 100 % 100 % VeryLow Monitor Only 12.6ms
03:29:19 GET /actuator/beans 200 19 % 86 % Low Allow 12.9ms
03:27:50 GET /.env 200 100 % 100 % VeryLow Monitor Only 11.8ms
03:27:31 GET /static../.env 200 100 % 100 % VeryLow Monitor Only 12.2ms
03:27:15 GET /.env 200 100 % 100 % VeryLow Monitor Only 12.1ms
03:26:59 GET /..%c0%af..%c0%af.env 200 83 % 85 % High Silent Throttle 13.8ms
03:26:52 GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 200 100 % 100 % VeryHigh Silent Throttle 19.1ms

Bot Probability & Confidence History

StyloBot Detection Overhead (ms)

User Agent

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Analysis

Chrome 126 Linux on /%2e%2e/%2e%2e/.env - caught by Tier 1 honeypot hit: /.env matched */.env*, Browser fetch metadata present (Sec-Fetch-Site: none), User-Agent appears normal

Detection Signals

  • Tier 1 honeypot hit: /.env matched */.env*
  • Browser fetch metadata present (Sec-Fetch-Site: none)
  • User-Agent appears normal
  • Request patterns appear normal
  • IP appears normal: 52.128.182.xxx

Detector Contributions (20 detectors)

Detector Confidence Delta Timing (ms)
HoneypotLink
Tier 1 honeypot hit: /.env matched */.env*
+0.950 0.1
Heuristic
Heuristic model (early): 90 % human likelihood (19 features)
-0.792 0.1
HeuristicLate
Heuristic model (late): 66 % bot likelihood (322 features)
+0.322 0.4
Header
Browser fetch metadata present (Sec-Fetch-Site: none)
-0.300 0.0
Ip
IP appears normal: 52.128.182.xxx
-0.150 2.0
UserAgent
User-Agent appears normal
-0.150 0.6
Behavioral
Request patterns appear normal
-0.150 0.2
TlsFingerprint
Using HTTP instead of HTTPS (uncommon for modern browsers)
+0.050 0.0
AI
AI analysis: borderline case, monitoring
+0.000 10.2
AiScraper
No AI scraper signals detected
+0.000 0.0
VerifiedBot
No known bot UA pattern
+0.000 0.0
SecurityTool
No security tools detected in User-Agent
+0.000 0.1
ContentSequence
Document hit; sequence reset at /%2e%2e/%2e%2e/.env
+0.000 0.1
RequestHydrator
Request signals hydrated to sink
+0.000 0.0
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (16 % HTTP/2 over 251 samples)
+0.000 0.0
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
+0.000 0.0
TcpIpFingerprint
Network fingerprint analysis complete (no anomalies detected)
+0.000 0.0
HeaderCorrelation
Single signature per header profile
+0.000 0.1
TransportProtocol
Transport protocol analysis complete
+0.000 0.0
FastPathReputation
No known patterns in reputation cache
+0.000 0.0

Signal Intelligence

referrer

domain twitter.com

request

protocol HTTP/1.1
accept_encoding gzip, deflate, br, zstd

risk

justification Verified bad bot

Policy applied

Hit history

No sessions recorded yet.

Sessions are created when a visitor's activity gap exceeds 30 minutes.

Effective policy
Loading effective policy…
ASP.NET Pack — Auth events
JWKS health
OK

reachable

Auth pipeline
JWKS reachable
License
Licensed

ASP.NET pack enabled

OTel Mesh — Traces

Fingerprint timeline

a3b641a4b3554a7eb1e4e86ec08eb218 0 observations

Span + log activity for this fingerprint, ordered by timestamp.

No timeline observations

OTel Mesh receiver online, but no observations seen for this fingerprint id (check W3C baggage propagation)

Signature: tnRcsPsEkTE_hwt2KLjxSA | Processing: 14ms | Country: US | UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 | First seen: 2026-07-14 03:26:52 UTC