{"ip":"171.244.41.203","exported_at":"2026-06-18T20:50:18+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":76,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 76\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7956934,"ip":"171.244.41.203","ts":"2026-05-29 21:25:20.000000","proto":"tcp","src_port":62500,"dst_port":3389,"service":"rdp","classification":"mongodb_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 43, \u0022payload_entropy\u0022: 3.9545388822568817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Viettel Group\u0022, \u0022service\u0022: \u0022rdp\u0022, \u0022app_proto\u0022: \u0022rdp\u0022, \u0022asn\u0022: 7552, \u0022country\u0022: \u0022VN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 76, \u0022campaign_key\u0022: \u0022a42a85418ba7e623f431cf85bdfeaefe326e0b78\u0022, \u0022event_fingerprint\u0022: \u0022b7bcfe13e15e18817b7ffa4b6ad9d133a357356e\u0022, \u0022tags_list\u0022: [\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]","anomalies":"[]","severity":6,"bytes_in":43},{"id":7955521,"ip":"171.244.41.203","ts":"2026-05-29 20:52:46.000000","proto":"tcp","src_port":53476,"dst_port":3389,"service":"rdp","classification":"mongodb_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 43, \u0022payload_entropy\u0022: 3.9545388822568817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Viettel Group\u0022, \u0022service\u0022: \u0022rdp\u0022, \u0022app_proto\u0022: \u0022rdp\u0022, \u0022asn\u0022: 7552, \u0022country\u0022: \u0022VN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 76, \u0022campaign_key\u0022: \u0022a42a85418ba7e623f431cf85bdfeaefe326e0b78\u0022, \u0022event_fingerprint\u0022: \u0022b7bcfe13e15e18817b7ffa4b6ad9d133a357356e\u0022, \u0022tags_list\u0022: [\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]","anomalies":"[]","severity":6,"bytes_in":43},{"id":7955330,"ip":"171.244.41.203","ts":"2026-05-29 20:49:10.000000","proto":"tcp","src_port":57065,"dst_port":3389,"service":"rdp","classification":"mongodb_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 43, \u0022payload_entropy\u0022: 3.9545388822568817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Viettel Group\u0022, \u0022service\u0022: \u0022rdp\u0022, \u0022app_proto\u0022: \u0022rdp\u0022, \u0022asn\u0022: 7552, \u0022country\u0022: \u0022VN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 76, \u0022campaign_key\u0022: \u0022a42a85418ba7e623f431cf85bdfeaefe326e0b78\u0022, \u0022event_fingerprint\u0022: \u0022b7bcfe13e15e18817b7ffa4b6ad9d133a357356e\u0022, \u0022tags_list\u0022: [\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]","anomalies":"[]","severity":6,"bytes_in":43},{"id":7945566,"ip":"171.244.41.203","ts":"2026-05-29 16:23:02.000000","proto":"tcp","src_port":53408,"dst_port":3389,"service":"rdp","classification":"mongodb_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 43, \u0022payload_entropy\u0022: 3.9545388822568817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Viettel Group\u0022, \u0022service\u0022: \u0022rdp\u0022, \u0022app_proto\u0022: \u0022rdp\u0022, \u0022asn\u0022: 7552, \u0022country\u0022: \u0022VN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 76, \u0022campaign_key\u0022: \u0022a42a85418ba7e623f431cf85bdfeaefe326e0b78\u0022, \u0022event_fingerprint\u0022: \u0022b7bcfe13e15e18817b7ffa4b6ad9d133a357356e\u0022, \u0022tags_list\u0022: [\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022mongodb_hello_probe\u0022, \u0022rdp_cookie\u0022]","anomalies":"[]","severity":6,"bytes_in":43}],"total_events":4}