{"asn":16509,"asn_org":"Amazon.com, Inc.","classification":{"bot_type":"webcrawler","color":"#aa55ff","ja4_label":null,"label":"Web Crawler"},"country_code":"US","est_os":"Linux / macOS","human_confidence_pct":50,"ip":"216.73.217.162","ip_ttl":119,"ja4":"t13d1011h2_61a7ad8aa9b6_3fcd1a44f3e3","ja4_analysis":{"cipher_match":null,"exact_match":null,"ext_match":{"application":null,"certificate_authority":null,"device":null,"ja4_fingerprint":"t13d0911h2_f91f431d341e_3fcd1a44f3e3","ja4_fingerprint_string":"t13d0911h2_1301,1302,1303,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0017,0023,002b,002d,0033_0503,0403,0807,0806,0805,0804,0601,0501,0401","ja4h_fingerprint":"ge11nn120000_475eac288c08_000000000000_e3b0c44298fc","ja4s_fingerprint":null,"ja4t_fingerprint":null,"ja4ts_fingerprint":null,"ja4tscan_fingerprint":null,"ja4x_fingerprint":null,"library":null,"notes":null,"observation_count":4567,"os":null,"user_agent_string":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)","verified":false},"field_rows":[{"count":null,"display":"TLS","field":"proto","in_db":null,"label":"Protocol","matched":true,"segment":"prefix","value":"t"},{"count":1252,"display":"TLS 1.3","field":"tls_version","in_db":1618,"label":"TLS version","matched":true,"segment":"prefix","value":"13"},{"count":1402,"display":"domain (SNI present)","field":"sni_flag","in_db":1618,"label":"SNI","matched":true,"segment":"prefix","value":"d"},{"count":22,"display":"10 suites","field":"num_ciphers","in_db":1618,"label":"Cipher suite count","matched":true,"segment":"prefix","value":"10"},{"count":256,"display":"11 extensions","field":"num_exts","in_db":1618,"label":"Extension count","matched":true,"segment":"prefix","value":"11"},{"count":527,"display":"h2 (HTTP/2)","field":"alpn","in_db":1618,"label":"ALPN (first 2 chars)","matched":true,"segment":"prefix","value":"h2"},{"count":0,"display":"61a7ad8aa9b6","field":"cipher_hash","in_db":1618,"label":"Cipher hash (sorted suite IDs)","matched":false,"record":null,"segment":"cipher_hash","value":"61a7ad8aa9b6"},{"count":4,"display":"3fcd1a44f3e3","field":"ext_hash","in_db":1618,"label":"Extension hash (types + sig algs)","matched":true,"record":{"application":null,"certificate_authority":null,"device":null,"ja4_fingerprint":"t13d0911h2_f91f431d341e_3fcd1a44f3e3","ja4_fingerprint_string":"t13d0911h2_1301,1302,1303,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0017,0023,002b,002d,0033_0503,0403,0807,0806,0805,0804,0601,0501,0401","ja4h_fingerprint":"ge11nn120000_475eac288c08_000000000000_e3b0c44298fc","ja4s_fingerprint":null,"ja4t_fingerprint":null,"ja4ts_fingerprint":null,"ja4tscan_fingerprint":null,"ja4x_fingerprint":null,"library":null,"notes":null,"observation_count":4567,"os":null,"user_agent_string":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)","verified":false},"segment":"ext_hash","value":"3fcd1a44f3e3"}],"prefix_match":{"application":null,"certificate_authority":null,"device":null,"ja4_fingerprint":"t13d1011h2_9a30925095c0_e7c285222651","ja4_fingerprint_string":"t13d1011h2_009c,1301,1302,1303,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0012,0017,002b,0033,ff01_0804,0403,0807,0805,0806,0401,0501,0601,0503,0603,0201,0203","ja4h_fingerprint":"ge11nr16enus_eedda98a28da_000000000000_e3b0c44298fc","ja4s_fingerprint":null,"ja4t_fingerprint":null,"ja4ts_fingerprint":null,"ja4tscan_fingerprint":null,"ja4x_fingerprint":null,"library":null,"notes":null,"observation_count":49,"os":null,"user_agent_string":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","verified":false},"segments":{"alpn":"h2","cipher_hash":"61a7ad8aa9b6","ext_hash":"3fcd1a44f3e3","num_ciphers":"10","num_exts":"11","prefix":"t13d1011h2","proto":"t","sni_flag":"d","tls_version":"13"},"total_in_db":1618},"ja4_parsed":{"alpn":"h2","cipher_count":10,"ext_count":11,"protocol":"TLS","sni":"domain","tls_version":"1.3"},"ja4_string":"t13d1011h2_00ff,1301,1302,1303,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0017,0023,002b,002d,0033_0503,0403,0807,0806,0805,0804,0601,0501,0401","ja4db_record":{"application":null,"device":null,"ja4h_fingerprint":"ge11nr16enus_eedda98a28da_000000000000_e3b0c44298fc","ja4s_fingerprint":null,"library":null,"notes":null,"observation_count":49,"os":null,"user_agent_string":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","verified":false},"ja4l":"24914_119","ja4l_note":"consistent with real geographic distance","ja4l_parsed":{"client_ttl":119,"latency_ms":24.91,"latency_us":24914},"ja4l_us":24914,"ja4t":"62727_2-4-8-1-3_1460_7","ja4t_parsed":{"effective_window":8029056,"has_timestamps":true,"mss":1460,"option_kinds_hex":"2-4-8-1-3","options":["MSS","SACK Permitted","Timestamps","Window Scale"],"os_hint":"Linux / macOS","vpn_likely":false,"window_scale":7,"window_size":62727},"signals":[{"detail":"Known fingerprint in ja4db.com","key":"ja4_db_match","name":"JA4 fingerprint matched","result":"match","value":"unknown"},{"detail":"Real browsers inject GREASE extension values automatically. Absent on nearly all bot HTTP libraries.","key":"tls_grease","name":"TLS GREASE (RFC 8701)","result":"bot","value":"Absent"},{"detail":"Standard Ethernet MSS is 1460. Values below 1400 indicate VPN or tunnel encapsulation overhead.","key":"mss","name":"MSS (max segment size)","result":"human","value":"1460 bytes - clean Ethernet"},{"detail":"Windows omits TCP timestamp option (kind 8) from SYN packets. Linux and macOS always include it.","key":"os_tcp","name":"OS inference (TCP timestamps)","result":"info","value":"Linux / macOS"},{"detail":"Windows initial TTL is 128; Linux/macOS is 64. Subtract observed hops to estimate.","key":"os_ttl","name":"OS inference (IP TTL)","result":"info","value":"119 hops remaining - initial TTL suggests Windows"},{"detail":"JA4L-C part A: (TCP ack - TCP synack) / 2, approximated as (Accept - SYN capture) / 2. Measures estimated one-way geographic distance. Part B (TLS layer latency) requires server-side timing and is not available here.","key":"ja4l","name":"Network latency - JA4L-C part A","result":"human","value":"24914 \u00b5s (24.91 ms) - consistent with real geographic distance"},{"detail":"Datacenter and cloud ASNs are heavily associated with automated traffic.","key":"asn_type","name":"ASN / network type","result":"bot","value":"Amazon.com, Inc. (cloud/datacenter)"}],"tls_alpn":"h2","tls_grease":false,"ttl_os_hint":"Windows","user_agent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"}