HoneyLabs

JA4 TLS client fingerprint

t13i1314h2_f57a46bbacb6_3b244d8fbcc8

Seen 2026-05-28 to 2026-06-30 across the retained window.

38

Source IPs

1

Networks

15

Countries

39

Ports hit

1.9M

Events

38

IPs / network

This fingerprint is concentrated: many addresses on very few networks, which is what a single coordinated operation tends to look like.

Top networks

Countries

IN 9US 5SG 4DE 4AU 3TW 2BR 2KR 2NL 1QA 1

Ports targeted

Source IPCCNetworkEvents
34.145.99.73USAS396982 Google LLC121.0K
34.17.165.5ITAS396982 Google LLC119.4K
34.172.164.119USAS396982 Google LLC118.2K
34.32.98.232DEAS396982 Google LLC107.9K
34.40.152.103AUAS396982 Google LLC107.4K
34.14.215.57INAS396982 Google LLC102.2K
34.65.98.115CHAS396982 Google LLC99.1K
34.18.217.21QAAS396982 Google LLC97.6K
35.240.178.56SGAS396982 Google LLC83.1K
34.158.194.225KRAS396982 Google LLC74.1K
35.234.81.66DEAS396982 Google LLC68.3K
34.21.154.212SGAS396982 Google LLC67.5K
34.21.208.191SGAS396982 Google LLC67.0K
34.130.62.231CAAS396982 Google LLC66.3K
34.6.123.140NLAS396982 Google LLC54.3K
34.93.154.77INAS396982 Google LLC53.9K
34.162.180.107USAS396982 Google LLC53.5K
34.100.199.1INAS396982 Google LLC53.5K
34.131.191.159INAS396982 Google LLC51.6K
34.21.152.217SGAS396982 Google LLC47.3K

About this fingerprint

JA4 is a fingerprint of the TLS Client Hello: the version, cipher suites, extensions and signature algorithms a client offers when it opens an HTTPS connection. Clients built on the same library and version produce the same JA4, which makes it a durable handle on the tool behind the traffic.