Multilogin Profile Clone & Forensics Recipe

After a ban, teams delete profiles and lose evidence — or clone burned cookies onto a new proxy and get linked again. The ban recovery runbook says **never auto-delete** — this recipe covers **forensic clone**, fingerprint diff, and **safe re-launch** with new proxy only.

Workflow

Burn signal → freeze original profile (burn tier, no jobs)
           → export fingerprint manifest + logs
           → clone profile shell (NO cookies) OR new profile with same engine preset
           → bind NEW sticky proxy session ID
           → warm tier 14 days → human login test → prod

What to preserve (forensics)

Artifact	Purpose
Original `profile_id`	Appeal evidence, audit trail
Fingerprint manifest JSON	Diff vs post-incident
Proxy session history (CMDB)	IP reuse detection
Last 50 structured log events	Job timeline before ban
Screenshot of platform restriction page	Human appeal support

Clone API pattern (illustrative)

import httpx

MLX = "https://api.multilogin.com"
TOKEN = "Bearer ..."
HEADERS = {"Authorization": TOKEN}

def clone_for_forensics(source_id: str, label: str) -> str:
    """Clone profile metadata — verify clone behavior in official Multilogin API docs."""
    r = httpx.post(
        f"{MLX}/profile/clone",
        json={
            "profile_id": source_id,
            "name": f"{label}-forensics-readonly",
            "copy_cookies": False,  # NEVER copy cookies from burned profile
            "copy_local_storage": False,
        },
        headers=HEADERS,
        timeout=60,
    )
    r.raise_for_status()
    return r.json()["profile_id"]

def tag_burn(original_id: str):
    # CMDB + profile pool — see profile pool manager recipe
    sync_pool(original_id, tier="burn", ban_status="burned")

Verify clone endpoint fields against official Multilogin API — names may differ by plan.

Fingerprint diff script

# Run audit on burned vs baseline — see fingerprint-audit guide
python fingerprint_audit.py \
  --profile-id uuid-burned \
  --baseline manifests/acme_prod_baseline.json \
  --output diff/burned_2026-06-17.json

Look for: WebGL vendor change, canvas hash drift, timezone mismatch, unexpected extension list.

Safe re-launch checklist

New profile OR clone with copy_cookies=False
New sticky proxy session — not same IP as burned profile
Engine preset matches original registration class (don't switch OS family)
Enter warm tier in profile pool
14-day manual browse warm — no automation
Human login + 2FA test before prod queue routing
Original burned profile stays in burn tier for appeals

What never to clone

Cookies or localStorage from burned profile
Proxy session ID used during ban window
Automation scripts that triggered ban (fix root cause first)

CMDB lineage

profile_id: uuid-new
parent_profile_id: uuid-burned   # forensics link
clone_reason: post_ban_relaunch
geo: US
web_proxy: us-isp-sticky-99      # NEW session
tier: warm
ban_status: ok

Ban recovery runbook Fingerprint audit Profile pool manager Cookie transfer (caution) Debug runbook Code hub

Disclosure: MLX-MMO affiliated with Multilogin. API endpoints illustrative — confirm with official docs.