OK
reachable
| Mode | Observations | Maturity | Shift from baseline | Last seen |
|---|---|---|---|---|
| bot-raw | 598 | 598 | 0.01 (header order hash, ip subnet, header case pattern) | 19:29:21 |
| signalr-negotiate | 1 | 1 | 0.40 (accept encoding ordered, header order hash, accept) | 08:04:29 |
| # | Path |
|---|---|
| 1 | /*update.cgi* |
| 2 | /.docker/secrets.json |
| 3 | /.boto |
| 4 | /*/[id] |
| 5 | /*/[slug] |
| 6 | /* |
| 7 | / |
| Time | Method | Path | Status | Prob | Conf | Risk Profile | Action | Time |
|---|---|---|---|---|---|---|---|---|
| 14:53:00 | GET | /*update.cgi* | 200 | 82 % | 86 % | High | Allow | 43.4ms |
| 14:52:59 | GET | /.docker/secrets.json | 200 | 30 % | 0 % | Unknown | Allow | 9.5ms |
| 14:52:59 | GET | /.boto | 200 | 95 % | 100 % | VeryHigh | Allow | 0.0ms |
| 14:52:59 | GET | /*/[id] | 200 | 93 % | 100 % | VeryHigh | Allow | 0.0ms |
| 14:52:59 | GET | /*/[slug] | 200 | 90 % | 100 % | VeryHigh | Allow | 0.0ms |
| 14:52:59 | GET | /* | 200 | 90 % | 100 % | VeryHigh | Allow | 0.0ms |
| 14:52:59 | GET | / | 200 | 86 % | 100 % | VeryHigh | Allow | 0.0ms |
| 11:20:29 | GET | /.docker/secrets.json | 200 | 30 % | 0 % | Unknown | Allow | 8.1ms |
| 11:20:28 | GET | / | 200 | 86 % | 100 % | High | Allow | 0.0ms |
| 11:20:28 | GET | /.boto | 200 | 70 % | 100 % | High | Allow | 0.0ms |
| 11:20:28 | GET | /*/[id] | 200 | 70 % | 100 % | High | Allow | 0.0ms |
TLM-Audit-Scanner/1.0
Link Looter on /*update.cgi* - caught by Heuristic model (late): 100 % bot likelihood (227 features), Heuristic model (early): 65 % bot likelihood (18 features), TLS connection appears normal
| Detector | Confidence Delta | Timing (ms) |
|---|---|---|
|
HeuristicLate
Heuristic model (late): 100 % bot likelihood (227 features)
|
+1.000 | 0.2 |
|
Heuristic
Heuristic model (early): 65 % bot likelihood (18 features)
|
+0.301 | 0.1 |
|
TlsFingerprint
TLS connection appears normal
|
-0.300 | 0.0 |
|
UserAgent
User-Agent appears normal
|
-0.250 | 0.7 |
|
Behavioral
Request patterns appear normal
|
-0.300 | 0.1 |
|
Ip
IP appears normal: 45.148.10.xxx
|
-0.250 | 21.8 |
|
Header
Headers appear normal
|
-0.150 | 0.1 |
|
BehavioralWaveform
Normal browser multiplexing: high total traffic but only 0 page visits per minute (2 sub-resources loaded)
|
-0.150 | 0.1 |
|
TcpIpFingerprint
Missing connection reuse header (unusual for real browsers)
|
+0.200 | 0.0 |
|
Inconsistency
No header/UA inconsistencies detected
|
-0.100 | 0.0 |
|
ReputationBias
UA pattern Suspect (score=1.00, support=128)
|
+0.250 | 0.0 |
|
VersionAge
Browser/OS versions appear current
|
-0.050 | 0.0 |
|
AiScraper
No AI scraper signals detected
|
+0.000 | 0.0 |
|
StreamAbuse
Stream abuse check - non-streaming request
|
+0.000 | 0.0 |
|
SecurityTool
No security tools detected in User-Agent
|
+0.000 | 0.0 |
|
SessionVector
Session tracking active (2 requests, 0 prior sessions)
|
+0.000 | 0.0 |
|
ClaimedIdentity
No profile for UA family 'Other'
|
+0.000 | 0.0 |
|
ReactivePattern
No prior error events to analyze
|
+0.000 | 0.0 |
|
Http2Fingerprint
HTTP/2 analysis complete (no anomalies detected)
|
+0.000 | 0.0 |
|
Http3Fingerprint
Connection uses HTTP/2 (not HTTP/3)
|
+0.000 | 0.0 |
|
HeaderCorrelation
Single signature per header profile
|
+0.000 | 0.0 |
|
TransportProtocol
Transport protocol analysis complete
|
+0.000 | 0.0 |
|
FastPathReputation
No known patterns in reputation cache
|
+0.000 | 0.0 |
|
MultiLayerCorrelation
Cross-signal consistency check complete (not enough data to compare)
|
+0.000 | 0.0 |
reachable
ASP.NET pack enabled
e1b7e623025447d98e4c902b50a099dc
0 observations
Span + log activity for this fingerprint, ordered by timestamp.
OTel Mesh receiver online, but no observations seen for this fingerprint id (check W3C baggage propagation)
855VXyyYCODeFksU9AXmHQ
|
Processing: 43ms
|
Country: NL
|
UA: TLM-Audit-Scanner/1.0
|
First seen: 2026-07-01 11:20:28 UTC