Back to sessionsOpen in graphDevice fingerprint has never been associated with this user or account before.IP belongs to a residential proxy network often used by fraud-for-hire operations.User signed in from a device never previously bound to the account.A file hash on the endpoint matches an active malware family signature.EDR telemetry shows injected code running in the browser context.
unx_0d51g1y
83User: l••••••@gmail.com🇪🇸ES166.70.•••.•••AS13335 Cloudflare
Final decision
Blocked· 83 / 100
Driven primarily by:
- Known malware signature78
- Process injection72
- Residential proxy49
Fired signals
Each card explains what the signal means and why it fired.
Device
First-seen fingerprint
43Network
Residential proxy
49Identity
New device for account
30Malware
Known malware signature
78Process injection
72Risk breakdown
Contribution to the final score by category.
- Device43
- Behavior0
- Network49
- Identity30
- Malware150
Event timeline
Everything that happened during this session.
- Session start4:20:41 PMVPN · AS13335 Cloudflare
- Linux · Ubuntu 22.044:20:47 PMfp_00003uh
- Known malware signature4:21:01 PMseverity 78
- Process injection4:21:08 PMseverity 72
- Residential proxy4:21:13 PMseverity 49
- First-seen fingerprint4:21:25 PMseverity 43
- New device for account4:21:45 PMseverity 30
- Opened /transfer4:21:52 PM
- Requested /kyc4:21:59 PM
- Transfer attempt4:22:03 PM$6,387
- Blocked by unilinx4:22:15 PM