{"ip":"104.199.164.115","exported_at":"2026-06-17T22:09:49+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7393305,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42644,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00224996afede96769271083b405bc52f923a47dc922\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022660c7b4347bf3800a8aad95388e8118ff019e99c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 262, \u0022payload_entropy\u0022: 5.444725023952634, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00224887f6f54d1ed548dbb819e19708180866a1b955\u0022, \u0022event_fingerprint\u0022: \u00227da9ffcb5b1b62bcab830f898ca7096744e3cd9b\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; ONEPLUS A6003) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.89 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":262},{"id":7393306,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42656,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":12,"waf_tags":"[\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/actuator\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002279fcf70203b529772ca6088bc07c51a2a51bfd2e\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u002257c7b57505a6059efee991237c1b23d9415a7380\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 241, \u0022payload_entropy\u0022: 5.374636053921615, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002294c0dd534e7a286a0fcfb5f3d1d81b846c91fd2a\u0022, \u0022event_fingerprint\u0022: \u0022be21d4354a19ef78d0a4ff60899050f4735eca0b\u0022, \u0022tags_list\u0022: [\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.0) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/45.0.2454.93 Safari\/537.36","http_referer":null,"tags":"[\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":241},{"id":7393307,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42678,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022140affaa6d24bfd74c4e8062e6617a4929c8cc96\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e32661bb9cbe8cb5f3660b341b6704d87fd4cb7c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 301, \u0022payload_entropy\u0022: 5.49594179951079, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00224887f6f54d1ed548dbb819e19708180866a1b955\u0022, \u0022event_fingerprint\u0022: \u0022f22340cef3887ad05973ad4f477a6054511e1ef5\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; SAMSUNG SM-G965U Build\/PPR1.180610.011) AppleWebKit\/537.36 (KHTML, like Gecko) SamsungBrowser\/9.0 Chrome\/67.0.3396.87 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":301},{"id":7393308,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42688,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022ec914b4f2e5748c1c72bd42fb71d3dcedf183507\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022ebac263a482818b6e7a922df98cc560bbc808a0a\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 267, \u0022payload_entropy\u0022: 5.368058743262844, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e05e2e6c85e92d5948c401a1ecc4f12c0e1cadcd\u0022, \u0022event_fingerprint\u0022: \u0022f8851c76c01f845b4efd2c3d1d30ed4443445971\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) AppleWebKit\/600.1.4 (KHTML, like Gecko) GSA\/18.0.130791545 Mobile\/14A5345a Safari\/600.1.4","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":267},{"id":7393309,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42668,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022b862332fe64f5510fb6ebb4b4a7781f802965def\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e21806654ce2590b315b5416bfe50be110ce70cc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 240, \u0022payload_entropy\u0022: 5.420281071064123, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u0022ebc89716b29b2bd5850400a649c0a322f8a74491\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3804.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":240},{"id":7393310,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42692,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00228ab8a68e4cc646859ff84dddfd26ed68c5d9cf52\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00227cd11541411a8975365dee10f115f2fd3534f499\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 249, \u0022payload_entropy\u0022: 5.383045483467884, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u00227d0ca93ed4bbed98074a9c02e993f6c3bf1ecbee\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.142 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":249},{"id":7393311,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42684,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002216d7f5fbf21be04c58fa9ce619bf2fbeca73b85a\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00227b2b7ebe0d1721daf94292067a4ae0d6cbe8c63f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 251, \u0022payload_entropy\u0022: 5.400241880723341, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u00228da4cd6327483d5aa649568b47252748210b239c\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; EML-L29) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.111 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":251},{"id":7393312,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42694,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.prod.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u00225bc70baab351d41a1ec75fc9a774f3c5d441f90a\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e0f4d8c475ba7860adfbc6fce1ef729836b642b1\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 248, \u0022payload_entropy\u0022: 5.435230182831965, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u002281c0a18512a8838230cc5246650e2a81c32dd10f\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.108 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":248},{"id":7393313,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42702,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u0022a662c2610146cfbed485fa980b4b7b0a9f9c9314\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022284ed5c0f139fefe102f54c41fbd64a2a9a5ffd9\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 252, \u0022payload_entropy\u0022: 5.4306787597462804, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u00221685439f20ed2373cafd706db6e70311cc3b7447\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.119 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":252},{"id":7393314,"ip":"104.199.164.115","ts":"2026-05-20 09:53:48.000000","proto":"tcp","src_port":42712,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler\/phpinfo","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022a348673b05db4fa7a3f414c9b5c0d6501c853c53\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00224d5c8cc60e244e010de08df3dccb35229cb291c5\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 256, \u0022payload_entropy\u0022: 5.431181070922941, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227b9fc79c097b66f1d532eb18860b308368ce5e69\u0022, \u0022event_fingerprint\u0022: \u00224379a1784fa9800d0c12addc1b9af41a1cbc2a92\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) SFive\/64.0 Chrome\/64.0.3282.204 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":9,"bytes_in":256},{"id":7393283,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42468,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.887164847200157, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393284,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42474,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.824017486168776, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393285,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42514,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.891937904962932, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393286,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42476,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.835865275708951, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393287,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42470,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.812776044969022, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393288,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42498,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.818881208577315, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393289,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42492,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.89244792105503, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393290,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42528,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.837183916085939, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393291,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42530,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.878638757769165, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393292,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42544,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.8506069168709285, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393293,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42556,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00224996afede96769271083b405bc52f923a47dc922\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022660c7b4347bf3800a8aad95388e8118ff019e99c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 262, \u0022payload_entropy\u0022: 5.444725023952634, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002212d20d5fb401e10b701aa44642f94f3099a1d230\u0022, \u0022event_fingerprint\u0022: \u00227da9ffcb5b1b62bcab830f898ca7096744e3cd9b\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; ONEPLUS A6003) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.89 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":262},{"id":7393294,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42562,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":12,"waf_tags":"[\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/actuator\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002279fcf70203b529772ca6088bc07c51a2a51bfd2e\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u002257c7b57505a6059efee991237c1b23d9415a7380\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 241, \u0022payload_entropy\u0022: 5.374636053921615, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022f51aed98166b84ef0127eef2343c08141f5f3fea\u0022, \u0022event_fingerprint\u0022: \u0022be21d4354a19ef78d0a4ff60899050f4735eca0b\u0022, \u0022tags_list\u0022: [\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.0) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/45.0.2454.93 Safari\/537.36","http_referer":null,"tags":"[\u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":8,"bytes_in":241},{"id":7393295,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42572,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00228ab8a68e4cc646859ff84dddfd26ed68c5d9cf52\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00227cd11541411a8975365dee10f115f2fd3534f499\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 249, \u0022payload_entropy\u0022: 5.383045483467884, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022c42adc6baa818d59e1901d2d217a58746068744d\u0022, \u0022event_fingerprint\u0022: \u00227d0ca93ed4bbed98074a9c02e993f6c3bf1ecbee\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.142 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":8,"bytes_in":249},{"id":7393296,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42604,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022b862332fe64f5510fb6ebb4b4a7781f802965def\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e21806654ce2590b315b5416bfe50be110ce70cc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 240, \u0022payload_entropy\u0022: 5.420281071064123, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022c42adc6baa818d59e1901d2d217a58746068744d\u0022, \u0022event_fingerprint\u0022: \u0022ebc89716b29b2bd5850400a649c0a322f8a74491\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3804.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":8,"bytes_in":240},{"id":7393297,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42586,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002216d7f5fbf21be04c58fa9ce619bf2fbeca73b85a\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00227b2b7ebe0d1721daf94292067a4ae0d6cbe8c63f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 251, \u0022payload_entropy\u0022: 5.400241880723341, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u00228da4cd6327483d5aa649568b47252748210b239c\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; EML-L29) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.111 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":251},{"id":7393298,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42590,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022140affaa6d24bfd74c4e8062e6617a4929c8cc96\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e32661bb9cbe8cb5f3660b341b6704d87fd4cb7c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 301, \u0022payload_entropy\u0022: 5.49594179951079, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00224887f6f54d1ed548dbb819e19708180866a1b955\u0022, \u0022event_fingerprint\u0022: \u0022f22340cef3887ad05973ad4f477a6054511e1ef5\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; SAMSUNG SM-G965U Build\/PPR1.180610.011) AppleWebKit\/537.36 (KHTML, like Gecko) SamsungBrowser\/9.0 Chrome\/67.0.3396.87 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":301},{"id":7393299,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42610,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022ec914b4f2e5748c1c72bd42fb71d3dcedf183507\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022ebac263a482818b6e7a922df98cc560bbc808a0a\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 267, \u0022payload_entropy\u0022: 5.368058743262844, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e05e2e6c85e92d5948c401a1ecc4f12c0e1cadcd\u0022, \u0022event_fingerprint\u0022: \u0022f8851c76c01f845b4efd2c3d1d30ed4443445971\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) AppleWebKit\/600.1.4 (KHTML, like Gecko) GSA\/18.0.130791545 Mobile\/14A5345a Safari\/600.1.4","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":267},{"id":7393300,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42612,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.prod.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u00225bc70baab351d41a1ec75fc9a774f3c5d441f90a\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022e0f4d8c475ba7860adfbc6fce1ef729836b642b1\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 248, \u0022payload_entropy\u0022: 5.435230182831965, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u002281c0a18512a8838230cc5246650e2a81c32dd10f\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.108 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":248},{"id":7393301,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42624,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u0022a662c2610146cfbed485fa980b4b7b0a9f9c9314\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u0022284ed5c0f139fefe102f54c41fbd64a2a9a5ffd9\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 252, \u0022payload_entropy\u0022: 5.4306787597462804, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022413f20c0f67c9a78549fefa5be2c8ccc7e1847f9\u0022, \u0022event_fingerprint\u0022: \u00221685439f20ed2373cafd706db6e70311cc3b7447\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.119 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":252},{"id":7393302,"ip":"104.199.164.115","ts":"2026-05-20 09:53:46.000000","proto":"tcp","src_port":42636,"dst_port":8001,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler\/phpinfo","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022a348673b05db4fa7a3f414c9b5c0d6501c853c53\u0022, \u0022http_host_hash\u0022: \u002229d114ae8a3567c5f1863f5bd79c5d398a432fe8\u0022, \u0022http_target_hash\u0022: \u00224d5c8cc60e244e010de08df3dccb35229cb291c5\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 256, \u0022payload_entropy\u0022: 5.431181070922941, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227b9fc79c097b66f1d532eb18860b308368ce5e69\u0022, \u0022event_fingerprint\u0022: \u00224379a1784fa9800d0c12addc1b9af41a1cbc2a92\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) SFive\/64.0 Chrome\/64.0.3282.204 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":9,"bytes_in":256},{"id":7393280,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42442,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.762023720178092, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393281,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42452,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.721022687275168, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393282,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42456,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.899852762893563, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393273,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42364,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.817985537906132, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393274,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42368,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.815366124123049, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393275,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42384,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.874736862153851, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393276,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42400,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.857582613324942, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393277,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42406,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.816727719469682, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393278,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42416,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.821669991969884, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7393279,"ip":"104.199.164.115","ts":"2026-05-20 09:53:44.000000","proto":"tcp","src_port":42426,"dst_port":8001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.768677591981039, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022acd5b5bb327c8bee58fb4962bdc5a2af4817ce5c\u0022, \u0022event_fingerprint\u0022: \u002258a1607c3c28288c56f8f5aead1215b9b5489576\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239}],"total_events":40}