Traffic Fingerprint Analysis

🤔
Uncertain
2 anomalies detected • Record #1606
40%

Connection Info

IP Address 216.73.216.138
Country US
City Columbus
Coordinates 39.9612, -82.9988

TCP/IP Fingerprint

OS Guess Chromium OS
Confidence 59%
TTL 109
Window Size 62727
MSS 1460
Window Scaling 7
TCP Options MSTNW

Latency Analysis (JA4L)

Round Trip Time 108.78 ms
JA4L_a (one-way) 54,388 µs
TTL / Hop Count 109 / 19 hops
Propagation Factor ×1.7
Estimated Distance 6,590 km
Expected (GeoIP) 6,829 km
Distance Ratio 0.97x

HTTP Fingerprint

JA4H geth210_65330eb47d01_27ac6ee77f0b
User Agent Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.c
Accept-Language N/A
Accept-Encoding gzip, br, zstd, deflate

TLS Fingerprint

TLS fingerprinting requires HTTPS.
Configure a domain with SSL to enable JA4.

HTTP/2 Fingerprint

Protocol HTTP/2
Client Detected Unknown
Fingerprint Hash N/A
SETTINGS N/A
WINDOW_UPDATE 0

Proxy Detection

Status ✓ Direct Connection
Proxy Score 20%
RTT Variance Ratio 0.068
Connection Reuse Yes (#2)
Indicators:
• High latency (108.777ms) with stable connection (var ratio 0.068) - possible proxy

Detection Flags

  • header_anomaly low
    Missing ACCEPT-LANGUAGE header for browser User-Agent
  • ttl_anomaly medium
    TTL 109 higher than expected 64 for - possible TTL manipulation

HTTP Header Order

1. ACCEPT-ENCODING
2. USER-AGENT
3. ACCEPT
4. HOST
5. X-FORWARDED-FOR
6. X-REAL-IP
7. X-CONNECTION-REQUESTS
8. X-REQUEST-START
9. X-TCP-RTTVAR
10. X-TCP-RTT

Raw Data

View as JSON

{ "avg_score_os_class": { "Android": 8.98, "Chromium OS": 12.14, "Linux": 7.08, "Mac OS": 1.55, "Windows": 3.86, "iOS": 0.81 }, "details": { "client_ip": "::ffff:172.18.0.5", "highest_os_avg": 12.14, "lookup_ip": "216.73.216.138", "num_fingerprints": 6, "os_highest_class": "Chromium OS", "os_mismatch": null, "perfect_score": 20.5 }, "fp": { "cap_len": 74, "dst_ip": "134.209.234.103", "dst_port": 443, "header_len": 74, "ip_checksum": 44004, "ip_df": 1, "ip_hdr_length": 5, "ip_id": 16290, "ip_mf": 0, "ip_nxt": null, "ip_off": 16384, "ip_plen": null, "ip_protocol": 6, "ip_rf": 0, "ip_tos": 40, "ip_total_length": 60, "ip_ttl": 109, "ip_version": 4, "src_ip": "216.73.216.138", "src_port": 42245, "tcp_ack": 0, "tcp_checksum": 21629, "tcp_flags": 2, "tcp_header_length": 20, "tcp_mss": 1460, "tcp_off": 10, "tcp_options": "M1460,S,T,N,W7,", "tcp_options_ordered": "MSTNW", "tcp_seq": 2850905706, "tcp_timestamp": 1251074755, "tcp_timestamp_echo_reply": 0, "tcp_urp": 0, "tcp_window_scaling": 7, "tcp_window_size": 62727, "ts": [ 1766162412, 32012 ] } }