HoneyLabs

JA4H HTTP client fingerprint

ge11nn0700_a1f20e5bfd9b

Seen 2026-02-19 to 2026-07-04 across the retained window.

49

Source IPs

31

Networks

19

Countries

2

Ports hit

2.9K

Events

2

IPs / network

This fingerprint is spread thinly across many networks, which is the shape of a common, widely-used client.

Top networks

Countries

CN 15US 7RU 5KR 4DE 2SG 2SE 2BR 1HU 1TR 1

Ports targeted

Source IPCCNetworkEvents
79.76.58.113SEAS31898 Oracle Corporation333
222.89.169.98CNAS4134 Chinanet296
170.9.16.186USAS31898 Oracle Corporation185
120.236.49.131CNAS9808 China Mobile Communications Group Co., Ltd.148
36.132.36.134CNAS56044 China Mobile communications corporation111
168.110.107.79KRAS31898 Oracle Corporation111
134.65.30.157BRAS31898 Oracle Corporation111
138.2.102.66SGAS31898 Oracle Corporation74
138.2.0.137JPAS31898 Oracle Corporation74
119.8.163.124SGAS136907 HUAWEI CLOUDS74
46.191.157.159RUAS60095 JSC Ufanet42
36.105.194.19CNAS4134 Chinanet37
221.2.109.198CNAS4837 CHINA UNICOM China169 Backbone37
1.94.17.74CNAS55990 Huawei Cloud Service data center37
84.47.160.26RUAS8641 LLC Nauka-Svyaz37
24.65.228.183CAAS6327 Shaw Communications37
130.61.28.82DEAS31898 Oracle Corporation37
213.14.191.52TRAS34984 Superonline Iletisim Hizmetleri A.S.37
89.217.231.108CHAS6730 Sunrise GmbH37
152.53.83.101USAS214996 netcup GmbH37

About this fingerprint

JA4H fingerprints the shape of an HTTP request: method, version, the ordered set of headers and the cookie and language handling. It identifies the HTTP client independently of the URL it asks for.