Alibaba Cloud and AWS host the anonymous bot harvesting our site. Yours could be next.

We run an independent observatory that measures how bots and AI agents behave on the open web. Last week we caught something that's worth writing about. The pattern It started with a TLS fingerprint that kept showing up across different IP addresses. Same handshake, same parameters, same JA4 hash: t13d311100_e8f1e7e78f70_d41ae481755e. That fingerprint is interesting on its own. It tells you the client uses TLS 1.3, with 31 cipher suites and 11 extensions. But the part that matters is the ALPN field. It's empty. Real browsers always advertise ALPN. Chrome sends h2. Firefox sends h2.