What is an Account-Control Surface?
Understand the account-control surface and why account protection has to cover more than the login form.
Support FAQ
JA3 is a method for summarising a TLS client's ClientHello. It records five ordered groups of values, serialises them as decimal numbers, then takes the MD5 hash of that string. The result is compact and easy to compare across logs.
It is a fingerprint of an observed TLS handshake, not a unique identifier for a person, device or application. Several programs can use the same TLS library and produce the same JA3. A program can also change its handshake and produce a different one.
The canonical JA3 field order is:
SSLVersion,Cipher,SSLExtension,EllipticCurve,EllipticCurvePointFormat
Values inside a field are joined with hyphens and the five fields are joined with commas. The original JA3 specification gives this example:
769,47-53-5-10-49161-49162-49171-49172-50-56-19-4,0-10-11,23-24-25,0
JA3 then applies MD5 to produce a 32-character value. It preserves the advertised order of ciphers and extensions. That order is useful evidence about an implementation, but it also means deliberate or routine reordering changes the hash.
JA3 removes GREASE values before constructing the string. GREASE values therefore do not, by themselves, create a new canonical JA3 fingerprint. This handling is part of the original implementation, not an extension added by later formats.
A JA3 can group connections that advertised the same five groups of values in the same order. That is useful for searching captures, correlating events and comparing traffic with a labelled dataset. In a tightly controlled network, an unexpected value may also be worth investigating.
The label attached to a hash matters as much as the hash. A match against a historical malware sample means that the current connection has the same JA3; it does not prove that the current connection is the same malware. Browser automation, shared libraries and deliberate impersonation all create collisions in attribution.
ClientHello fields.JA3 is still useful when existing logs, detections and historical datasets use it. JA4 changes the representation and normalises ordering, while JA3 versus JA4 explains the operational trade-off.
Understand the account-control surface and why account protection has to cover more than the login form.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.