JA4 TLS client fingerprint

t13i1909h1_9dc949149365_97f8aa674fd9

Seen 2026-02-19 to 2026-06-04 across the retained window.

Open in lookup →

264

Source IPs

Networks

Countries

937

Ports hit

80.7K

Events

IPs / network

This fingerprint is concentrated: many addresses on very few networks, which is what a single coordinated operation tends to look like.

Top networks

AS396982 Google LLC250 IPs80.7K

AS14061 DigitalOcean, LLC13 IPs13

AS0 1 IPs1

Countries

US 258NL 2SG 2CA 2

Ports targeted

80/tcp 2.0K 8080/tcp 983 81/tcp 458 17000/tcp 361 85/tcp 321 45004/tcp 291 45000/tcp 271 8110/tcp 246 8283/tcp 244 37777/tcp 241 50104/tcp 233 60006/tcp 226

Source IPCCNetworkEvents

216.180.246.1USAS396982 Google LLC847

216.180.246.104USAS396982 Google LLC675

216.180.246.126USAS396982 Google LLC668

216.180.246.124USAS396982 Google LLC645

216.180.246.131USAS396982 Google LLC626

216.180.246.3USAS396982 Google LLC602

216.180.246.85USAS396982 Google LLC596

216.180.246.195USAS396982 Google LLC576

216.180.246.194USAS396982 Google LLC548

216.180.246.159USAS396982 Google LLC547

216.180.246.42USAS396982 Google LLC540

216.180.246.37USAS396982 Google LLC529

216.180.246.180USAS396982 Google LLC519

216.180.246.152USAS396982 Google LLC518

216.180.246.166USAS396982 Google LLC518

216.180.246.60USAS396982 Google LLC512

216.180.246.77USAS396982 Google LLC504

216.180.246.246USAS396982 Google LLC501

216.180.246.8USAS396982 Google LLC497

216.180.246.73USAS396982 Google LLC490

About this fingerprint

JA4 is a fingerprint of the TLS Client Hello: the version, cipher suites, extensions and signature algorithms a client offers when it opens an HTTPS connection. Clients built on the same library and version produce the same JA4, which makes it a durable handle on the tool behind the traffic.