AZ
Back to sessions

unx_0a5csp4

82
User: eβ€’β€’β€’β€’β€’β€’@yahoo.comπŸ‡§πŸ‡·BR115.102.β€’β€’β€’.β€’β€’β€’AS3269 Telecom Italia
Open in graph
Final decision
BlockedΒ· 82 / 100
Driven primarily by:
  • RAT tooling detected91
  • Device spoofing81
  • Impossible travel73

Fired signals

Each card explains what the signal means and why it fired.

Device
Device spoofing
81
Declared device characteristics contradict passive telemetry β€” strong indicator of spoofed device metadata.
Behavior
Unusual navigation pattern
23
User traversed pages in an order inconsistent with typical flows for this account.
Network
Residential proxy
58
IP belongs to a residential proxy network often used by fraud-for-hire operations.
Identity
Impossible travel
73
Previous authenticated session occurred in a geographically implausible window for a single user.
Credential stuffing pattern
67
Login attempts match a distributed credential-stuffing campaign seen across the network.
New device for account
25
User signed in from a device never previously bound to the account.
Malware
RAT tooling detected
91
Remote access tooling (AnyDesk, TeamViewer, Quick Assist) is active alongside the session.

Risk breakdown

Contribution to the final score by category.

  • Device81
  • Behavior23
  • Network58
  • Identity165
  • Malware91

Event timeline

Everything that happened during this session.

  1. Session start11:17:25 PM
    Tor Β· AS3269 Telecom Italia
  2. iPhone Β· iPhone 15 Pro11:17:27 PM
    fp_00002fj
  3. RAT tooling detected11:17:46 PM
    severity 91
  4. Device spoofing11:18:05 PM
    severity 81
  5. Impossible travel11:18:23 PM
    severity 73
  6. Credential stuffing pattern11:18:28 PM
    severity 67
  7. Residential proxy11:18:49 PM
    severity 58
  8. New device for account11:19:07 PM
    severity 25
  9. Unusual navigation pattern11:19:25 PM
    severity 23
  10. Requested /kyc11:19:35 PM
  11. Opened /transfer11:19:43 PM
  12. Requested /kyc11:19:53 PM
  13. Transfer attempt11:20:00 PM
    $1,410
  14. Blocked by unilinx11:18:27 PM