JA4 database lookup
A JA4 database maps a fingerprint to the software that produces it — "this JA4 is Chrome on macOS", "this one is curl", "this one is the Go HTTP client". Matching a live fingerprint against the database turns an opaque hash into an identity.
How the lookup works
detectip.ai bundles the open FoxIO JA4+ mapping and matches across the whole suite: JA4 (TLS), JA4H (HTTP headers), JA4T (TCP) and a QUIC JA4. A single client identity confirmed by multiple layers is far stronger evidence than one hash alone.
Known-good vs known-bad
If a JA4 maps to a known automation library, that is a strong bot signal. If it maps to a real browser but the User-Agent or Client Hints disagree, that contradiction is itself suspicious. Fingerprints seen across many IPs in a short window indicate a proxy pool or botnet.
Beyond static lookup
Static databases age. detectip.ai layers a data-driven reputation on top: the historical bot-rate of each JA4, visitor key and ASN in your own traffic, Bayesian-smoothed and continuously recalibrated.