ACTIVE THREAT: Credential stuffing campaign — 50,000+ automated requests from 1,200+ IPs. Residential proxies detected.

Login Attempts

50,000

Baseline: 3,000/hr

Bot Blocked (JA4)

47,100

94% blocked via JA4 + detection

Bot Block Rate

94%

JA4 + behavioral analysis

IPs Throttled

1,200

Rate-limited suspicious IPs

Brute Force Lockouts

89

Account lockouts triggered

Legit Login Success

97%

No member impact

Real-Time Threat Feed
08:45:32

JA4: Residential proxy flagged — TLS mismatch

IP: 72.34.108.22 | Clean IP, human-like timing | JA4 hash: t13d1517h2_8daaf6152771_02713d6af862 | No matching browser profile

ja4 flagged
08:45:31

Bot detected and blocked

IP: 185.220.101.87 | Confidence: 96% | Automated behavior pattern

bot blocked
08:45:27

JA4: Headless browser detected via TLS fingerprint

IP: 185.220.101.56 | JA4 hash: t13d191000_9dc949149365_e7c285222651 | Puppeteer signature

ja4 flagged
08:45:25

Bot detected and blocked

IP: 185.220.101.34 | Confidence: 98% | Request cadence anomaly

bot blocked
08:45:20

JA4: Scripted HTTP client — not a real browser

IP: 185.220.101.42 | JA4 hash: t12d050700_c47c5f09da06_000000000000 | curl/python-requests signature

ja4 flagged