← Dashboard / Signature Detail
NL

Link Looter

Bot
Policy: Allow
Probability
99 %
Confidence
94 %
Risk Profile
VeryHigh
Threat
None
Hit Count
11
Last Seen
48s ago
Network Locale Headers Tool Transport Session Quality
Drifted
Generic Adblocker uBlock Origin
Drift vs
73.0%

Fingerprint Profile

TLS Version
-
HTTP Protocol
-
Protocol Client
Detected
TCP OS Hint
-0.18
Fingerprint Integrity
-0.45
UA Consistency
-0.33
Headless Indicator
Low
Datacenter IP
Clean

Browser modes same browser, different modes. One row per persisted mode

Mode Observations Maturity Shift from baseline Last seen
bot-raw 598 598 0.01 (header order hash, ip subnet, header case pattern) 19:29:21
signalr-negotiate 1 1 0.40 (accept encoding ordered, header order hash, accept) 08:04:29
2 modes across 599 observations. See composite browser-mode fingerprints.
Endpoints Visited (7) Click to expand · stats unavailable
# Path
1 /*update.cgi*
2 /.docker/secrets.json
3 /.boto
4 /*/[id]
5 /*/[slug]
6 /*
7 /
Raw Requests (11) Click to expand
Time Method Path Status Prob Conf Risk Profile Action Time
14:53:00 GET /*update.cgi* 200 82 % 86 % High Allow 43.4ms
14:52:59 GET /.docker/secrets.json 200 30 % 0 % Unknown Allow 9.5ms
14:52:59 GET /.boto 200 95 % 100 % VeryHigh Allow 0.0ms
14:52:59 GET /*/[id] 200 93 % 100 % VeryHigh Allow 0.0ms
14:52:59 GET /*/[slug] 200 90 % 100 % VeryHigh Allow 0.0ms
14:52:59 GET /* 200 90 % 100 % VeryHigh Allow 0.0ms
14:52:59 GET / 200 86 % 100 % VeryHigh Allow 0.0ms
11:20:29 GET /.docker/secrets.json 200 30 % 0 % Unknown Allow 8.1ms
11:20:28 GET / 200 86 % 100 % High Allow 0.0ms
11:20:28 GET /.boto 200 70 % 100 % High Allow 0.0ms
11:20:28 GET /*/[id] 200 70 % 100 % High Allow 0.0ms

Bot Probability & Confidence History

StyloBot Detection Overhead (ms)

User Agent

TLM-Audit-Scanner/1.0

Analysis

Link Looter on /*update.cgi* - caught by Heuristic model (late): 100 % bot likelihood (227 features), Heuristic model (early): 65 % bot likelihood (18 features), TLS connection appears normal

Detection Signals

  • Heuristic model (late): 100 % bot likelihood (227 features)
  • Heuristic model (early): 65 % bot likelihood (18 features)
  • TLS connection appears normal
  • User-Agent appears normal
  • Request patterns appear normal

Detector Contributions (24 detectors)

Detector Confidence Delta Timing (ms)
HeuristicLate
Heuristic model (late): 100 % bot likelihood (227 features)
+1.000 0.2
Heuristic
Heuristic model (early): 65 % bot likelihood (18 features)
+0.301 0.1
TlsFingerprint
TLS connection appears normal
-0.300 0.0
UserAgent
User-Agent appears normal
-0.250 0.7
Behavioral
Request patterns appear normal
-0.300 0.1
Ip
IP appears normal: 45.148.10.xxx
-0.250 21.8
Header
Headers appear normal
-0.150 0.1
BehavioralWaveform
Normal browser multiplexing: high total traffic but only 0 page visits per minute (2 sub-resources loaded)
-0.150 0.1
TcpIpFingerprint
Missing connection reuse header (unusual for real browsers)
+0.200 0.0
Inconsistency
No header/UA inconsistencies detected
-0.100 0.0
ReputationBias
UA pattern Suspect (score=1.00, support=128)
+0.250 0.0
VersionAge
Browser/OS versions appear current
-0.050 0.0
AiScraper
No AI scraper signals detected
+0.000 0.0
StreamAbuse
Stream abuse check - non-streaming request
+0.000 0.0
SecurityTool
No security tools detected in User-Agent
+0.000 0.0
SessionVector
Session tracking active (2 requests, 0 prior sessions)
+0.000 0.0
ClaimedIdentity
No profile for UA family 'Other'
+0.000 0.0
ReactivePattern
No prior error events to analyze
+0.000 0.0
Http2Fingerprint
HTTP/2 analysis complete (no anomalies detected)
+0.000 0.0
Http3Fingerprint
Connection uses HTTP/2 (not HTTP/3)
+0.000 0.0
HeaderCorrelation
Single signature per header profile
+0.000 0.0
TransportProtocol
Transport protocol analysis complete
+0.000 0.0
FastPathReputation
No known patterns in reputation cache
+0.000 0.0
MultiLayerCorrelation
Cross-signal consistency check complete (not enough data to compare)
+0.000 0.0

Signal Intelligence

behavioral

anomaly False

h2

is_http2 True
protocol HTTP/2
behind_proxy False
pseudoheader_order method,path,scheme,authority

h3

is_http3 False
protocol HTTP/2

header

count 4
has_accept True
sec_fetch_dest
sec_fetch_mode
sec_fetch_site
has_proxy_headers False
has_accept_encoding True
has_accept_language False
is_websocket_upgrade False
sec_fetch_same_origin False
is_service_worker_fetch False

heuristic

confidence 0.301
prediction bot
early_completed True
late_confidence 1
late_prediction bot

ip

is_ipv6 False
is_local False
is_datacenter False

reputation

bias_count 1
bias_applied True
useragent.score 0.999
useragent.state Suspect
useragent.support 127.924

request

protocol HTTP/2
accept_encoding gzip

risk

justification Probability 0.82, confidence 0.86
friendly_pin_trace not-applicable:botType=null,yamlType=null,botName=null

tcp

connection_header

tls

is_https True
available True

ua

family Other
is_bot False
family_version

Policy applied

Hit history

Link Looter Bot VeryHigh
14:52 - 14:53
6s
62 req 📄 PageView H=0.4 92%
/.env /..%5C..%5C..%5C..%5C..%5C..%5Cvar/log/apache2/access.log /%2f.aws%2fcredentials /%2fbackend%2f.env +56
Page→Page 61
Link Looter Human Unknown
14:52 - 14:53
0s
4 req 📄 PageView H=0.9 0% ↓ 92pp
/.amplifyrc /*update.cgi* /.cache /.dockerignore
Page→Page 3
Link Looter Bot VeryHigh
11:20 - 11:20
0s
63 req 📄 PageView H=0.4 93%
/.aws/credentials /.git/config /..%5C..%5C..%5C..%5C..%5C..%5Cvar/log/apache2/access.log /*/%5Bslug%5D +57
Page→Page 62
1–3 of 3
1
ASP.NET Pack — Auth events
JWKS health
OK

reachable

Auth pipeline
JWKS reachable
License
Licensed

ASP.NET pack enabled

OTel Mesh — Traces

Fingerprint timeline

e1b7e623025447d98e4c902b50a099dc 0 observations

Span + log activity for this fingerprint, ordered by timestamp.

No timeline observations

OTel Mesh receiver online, but no observations seen for this fingerprint id (check W3C baggage propagation)

Signature: 855VXyyYCODeFksU9AXmHQ | Processing: 43ms | Country: NL | UA: TLM-Audit-Scanner/1.0 | First seen: 2026-07-01 11:20:28 UTC