HoneyLabs

JA4H HTTP client fingerprint

ge11nn14en_068ebe3632ec

Seen 2026-05-06 to 2026-07-01 across the retained window.

25

Source IPs

2

Networks

2

Countries

16

Ports hit

153.4K

Events

12

IPs / network

This fingerprint is concentrated: many addresses on very few networks, which is what a single coordinated operation tends to look like.

Top networks

Countries

FR 24TH 1

Ports targeted

Source IPCCNetworkEvents
185.177.72.38FRAS211590 Bucklog SARL15.0K
185.177.72.24FRAS211590 Bucklog SARL15.0K
185.177.72.54FRAS211590 Bucklog SARL12.0K
185.177.72.205FRAS211590 Bucklog SARL12.0K
185.177.72.22FRAS211590 Bucklog SARL12.0K
185.177.72.12FRAS211590 Bucklog SARL9.0K
185.177.72.51FRAS211590 Bucklog SARL7.8K
185.177.72.68FRAS211590 Bucklog SARL6.5K
185.177.72.23FRAS211590 Bucklog SARL6.0K
185.177.72.11FRAS211590 Bucklog SARL6.0K
185.177.72.29FRAS211590 Bucklog SARL6.0K
185.177.72.70FRAS211590 Bucklog SARL6.0K
185.177.72.56FRAS211590 Bucklog SARL6.0K
185.177.72.52FRAS211590 Bucklog SARL3.5K
185.177.72.69FRAS211590 Bucklog SARL3.5K
185.177.72.10FRAS211590 Bucklog SARL3.0K
185.177.72.5FRAS211590 Bucklog SARL3.0K
185.177.72.13FRAS211590 Bucklog SARL3.0K
185.177.72.53FRAS211590 Bucklog SARL3.0K
185.177.72.30FRAS211590 Bucklog SARL3.0K

About this fingerprint

JA4H fingerprints the shape of an HTTP request: method, version, the ordered set of headers and the cookie and language handling. It identifies the HTTP client independently of the URL it asks for.