JA4H HTTP client fingerprint

ge11nn05en_716f80ccc342

Seen 2026-02-19 to 2026-06-04 across the retained window.

Open in lookup →

928

Source IPs

Networks

Countries

3.3K

Ports hit

286.9K

Events

464

IPs / network

This fingerprint is concentrated: many addresses on very few networks, which is what a single coordinated operation tends to look like.

Top networks

AS213412 ONYPHE SAS912 IPs286.1K

AS16276 OVH SAS16 IPs826

Countries

US 480FR 448

Ports targeted

554/tcp 245 1717/tcp 240 22323/tcp 234 58603/tcp 229 465/tcp 227 8443/tcp 225 8000/tcp 223 9443/tcp 222 10323/tcp 221 5001/tcp 221 9100/tcp 221 3128/tcp 220

Source IPCCNetworkEvents

91.230.168.180USAS213412 ONYPHE SAS516

195.184.76.240USAS213412 ONYPHE SAS503

91.230.168.181USAS213412 ONYPHE SAS497

195.184.76.174USAS213412 ONYPHE SAS490

91.230.168.25USAS213412 ONYPHE SAS488

91.230.168.236USAS213412 ONYPHE SAS486

91.230.168.35USAS213412 ONYPHE SAS485

195.184.76.95USAS213412 ONYPHE SAS483

91.230.168.10USAS213412 ONYPHE SAS483

91.230.168.3USAS213412 ONYPHE SAS482

91.230.168.80USAS213412 ONYPHE SAS479

91.230.168.138USAS213412 ONYPHE SAS478

91.230.168.232USAS213412 ONYPHE SAS478

91.230.168.128USAS213412 ONYPHE SAS476

91.230.168.161USAS213412 ONYPHE SAS476

195.184.76.65USAS213412 ONYPHE SAS475

91.230.168.172USAS213412 ONYPHE SAS475

195.184.76.92USAS213412 ONYPHE SAS475

91.230.168.24USAS213412 ONYPHE SAS475

195.184.76.166USAS213412 ONYPHE SAS474

About this fingerprint

JA4H fingerprints the shape of an HTTP request: method, version, the ordered set of headers and the cookie and language handling. It identifies the HTTP client independently of the URL it asks for.