Traffic Fingerprint Analysis

🤔
Uncertain
2 anomalies detected • Record #2043
40%

Connection Info

IP Address 216.73.216.138
Country US
City Columbus
Coordinates 39.9612, -82.9988

TCP/IP Fingerprint

OS Guess Chromium OS
Confidence 60%
TTL 112
Window Size 62727
MSS 1460
Window Scaling 7
TCP Options MSTNW

Latency Analysis (JA4L)

Round Trip Time 110.85 ms
JA4L_a (one-way) 55,425 µs
TTL / Hop Count 112 / 16 hops
Propagation Factor ×1.7
Estimated Distance 6,716 km
Expected (GeoIP) 6,829 km
Distance Ratio 0.98x

HTTP Fingerprint

JA4H geth210_65330eb47d01_27ac6ee77f0b
User Agent Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.c
Accept-Language N/A
Accept-Encoding gzip, br, zstd, deflate

TLS Fingerprint

TLS fingerprinting requires HTTPS.
Configure a domain with SSL to enable JA4.

HTTP/2 Fingerprint

Protocol HTTP/2
Client Detected Unknown
Fingerprint Hash N/A
SETTINGS N/A
WINDOW_UPDATE 0

Proxy Detection

Status ✓ Direct Connection
Proxy Score 20%
RTT Variance Ratio 0.091
Connection Reuse Yes (#2)
Indicators:
• High latency (110.851ms) with stable connection (var ratio 0.091) - possible proxy

Detection Flags

  • header_anomaly low
    Missing ACCEPT-LANGUAGE header for browser User-Agent
  • ttl_anomaly medium
    TTL 112 higher than expected 64 for - possible TTL manipulation

HTTP Header Order

1. ACCEPT-ENCODING
2. USER-AGENT
3. ACCEPT
4. HOST
5. X-FORWARDED-FOR
6. X-REAL-IP
7. X-CONNECTION-REQUESTS
8. X-REQUEST-START
9. X-TCP-RTTVAR
10. X-TCP-RTT

Raw Data

View as JSON

{ "avg_score_os_class": { "Android": 9.09, "Chromium OS": 12.25, "Linux": 7.25, "Mac OS": 1.7, "Windows": 3.98, "iOS": 0.94 }, "details": { "client_ip": "::ffff:172.18.0.5", "highest_os_avg": 12.25, "lookup_ip": "216.73.216.138", "num_fingerprints": 9, "os_highest_class": "Chromium OS", "os_mismatch": null, "perfect_score": 20.5 }, "fp": { "cap_len": 74, "dst_ip": "134.209.234.103", "dst_port": 443, "header_len": 74, "ip_checksum": 56578, "ip_df": 1, "ip_hdr_length": 5, "ip_id": 2988, "ip_mf": 0, "ip_nxt": null, "ip_off": 16384, "ip_plen": null, "ip_protocol": 6, "ip_rf": 0, "ip_tos": 0, "ip_total_length": 60, "ip_ttl": 112, "ip_version": 4, "src_ip": "216.73.216.138", "src_port": 41443, "tcp_ack": 0, "tcp_checksum": 61791, "tcp_flags": 2, "tcp_header_length": 20, "tcp_mss": 1460, "tcp_off": 10, "tcp_options": "M1460,S,T,N,W7,", "tcp_options_ordered": "MSTNW", "tcp_seq": 3029769224, "tcp_timestamp": 1297481207, "tcp_timestamp_echo_reply": 0, "tcp_urp": 0, "tcp_window_scaling": 7, "tcp_window_size": 62727, "ts": [ 1766208818, 483952 ] } }