Fox IO develops JA4+ (and its predecessor JA3), a suite of network fingerprinting standards used to identify and classify network traffic at the protocol layer — without requiring client-side JavaScript. JA4+ consists of 12+ distinct fingerprinting methods, each targeting a specific protocol or traffic characteristic: - JA4: TLS client fingerprinting - JA4S: TLS server response / session fingerprinting - JA4H: HTTP client fingerprinting - JA4L / JA4LS: Client-to-server and server-to-client latency / light distance estimation - JA4X: X.509 TLS certificate fingerprinting - JA4SSH: SSH traffic fingerprinting - JA4T: TCP client fingerprinting - JA4TS: TCP server response fingerprinting - Plus additional methods beyond the above The technology analyzes how connections behave at the protocol layer rather than relying on self-reported identity, enabling detection of bots, proxies, VPNs, malware, command-and-control (C2) infrastructure, and attacker tooling. It also includes patent-pending capabilities to estimate a client's true geographic location behind proxies or VPNs. JA4+ is deployed via libraries, SDKs, or direct SIEM integration. It supports open-source integration and is compatible with platforms including Zeek and Suricata. It functions on APIs, edge devices, and SCADA systems where JavaScript-based fingerprinting is not available. Known enterprise users include Walmart, Amazon, and McKesson. Fox IO is also developing a broader traffic intelligence platform built on top of the JA4+ fingerprinting foundation.