Sign in
← Dashboard / Signature Detail
US

Unknown

Human
Scraper
Policy: Silent Throttle
Probability
0 %
Confidence
99 %
Risk Profile
VeryLow
Threat
None
Hit Count
1
Last Seen
47s ago
Network Locale Headers Tool Transport Session Quality
Drifted
Generic Adblocker uBlock Origin
Drift vs
57.2%

Fingerprint Profile

TLS Version
TLSv1.3
HTTP Protocol
HTTP/1.1
Protocol Client
TLS_AES_256_GCM_SHA384
TCP OS Hint
Unavailable
Fingerprint Integrity
Suspect
UA Consistency
Suspect
Headless Indicator
Low
Datacenter IP
Clean

Browser modes same browser, different modes. One row per persisted mode

Mode Observations Maturity Shift from baseline Last seen
bot-raw 704 704 0.00 (header order hash, ua family, header case pattern) 07:59:00
signalr-negotiate 3 3 0.36 (header order hash, ua family, header case pattern) 20:13:20
2 modes across 707 observations. See composite browser-mode fingerprints.
Endpoints Visited (1) Click to expand · stats unavailable
# Path
1 /
Raw Requests (1) Click to expand
Time Method Path Status Prob Conf Risk Profile Action Time
06:34:23 GET / 200 90 % 68 % VeryHigh Silent Throttle 68.8ms

User Agent

Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity

Analysis

Unknown on / - caught by Very few headers (2), Missing Accept header, Request patterns appear normal

Detection Signals

  • Very few headers (2)
  • Missing Accept header
  • Request patterns appear normal
  • IP appears normal: 205.210.31.xxx
  • User-Agent appears normal

Detector Contributions (17 detectors)

Detector Confidence Delta Timing (ms)
HeuristicLate
Heuristic model (late): 93 % bot likelihood (262 features)
+0.860 0.3
Header
Missing Accept header; Very few headers (2)
+1.240 0.1
Heuristic
Heuristic model (early): 56 % bot likelihood (17 features)
+0.129 0.1
Ip
IP appears normal: 205.210.31.xxx
-0.150 2.1
UserAgent
User-Agent appears normal
-0.150 1.1
Behavioral
Request patterns appear normal
-0.150 0.2
TlsFingerprint
TLS connection appears normal
-0.150 0.0
TcpIpFingerprint
Missing connection reuse header (unusual for real browsers)
+0.200 0.1
AI
AI analysis: borderline case, monitoring
+0.000 10.8
AiScraper
No AI scraper signals detected
+0.000 0.1
VerifiedBot
No known bot UA pattern
+0.000 53.7
SecurityTool
No security tools detected in User-Agent
+0.000 0.1
RequestHydrator
Request signals hydrated to sink
+0.000 0.0
Http2Fingerprint
Using HTTP/1.1; environment norm is HTTP/1.1 (3 % HTTP/2 over 488 samples)
+0.000 0.0
Http3Fingerprint
Connection uses HTTP/1.1 (not HTTP/3)
+0.000 0.0
TransportProtocol
Transport protocol analysis complete
+0.000 0.0
FastPathReputation
No known patterns in reputation cache
+0.000 0.0

Signal Intelligence

request

protocol HTTP/1.1

risk

justification Classified Scraper (probability 0.90, confidence 0.68)
friendly_pin_trace not-applicable:botType=Scraper,yamlType=null,botName=null

tls

cipher TLS_AES_256_GCM_SHA384
Version TLSv1.3
version TLSv1.3

Policy applied

Hit history

No sessions recorded yet.

Sessions are created when a visitor's activity gap exceeds 30 minutes.

Effective policy
Loading effective policy…
ASP.NET Pack — Auth events
JWKS health
OK

reachable

Auth pipeline
JWKS reachable
License
Licensed

ASP.NET pack enabled

OTel Mesh — Traces

Fingerprint timeline

8a5d1160e2354ac1865cf33e4ce78dad 0 observations

Span + log activity for this fingerprint, ordered by timestamp.

No timeline observations

OTel Mesh receiver online, but no observations seen for this fingerprint id (check W3C baggage propagation)

Signature: Z1UuStZJCji5LSiqpm19Nw | Processing: 69ms | Country: US | UA: Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity | First seen: 2026-07-15 06:34:23 UTC