{"ip":"172.105.52.160","exported_at":"2026-06-18T08:21:08+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7391197,"ip":"172.105.52.160","ts":"2026-05-20 09:24:35.000000","proto":"tcp","src_port":57122,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":35,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022]","http_method":"GET","http_target":"\/.git\/config","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 4, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022git\/config\u0022, \u0022http_ua_hash\u0022: \u0022c79f1fcccb231bd9b0790bca9dc0ef464bb730e2\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022e2f253eab0d0cf5422d24d22ae2a4954398768df\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 151, \u0022payload_entropy\u0022: 5.145533031412112, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Akamai Connected Cloud\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 63949, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002236c5abbdebb2dc7a08c29a4f157da40089ce383d\u0022, \u0022event_fingerprint\u0022: \u002221bfc1dee32f969497e199470f03907cb5d0bbdd\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0; Keydrop.io\/1.0(onlyscans.com\/about);","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":151},{"id":7391196,"ip":"172.105.52.160","ts":"2026-05-20 09:24:34.000000","proto":"tcp","src_port":57114,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":29,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 4, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u0022c79f1fcccb231bd9b0790bca9dc0ef464bb730e2\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u00229ee0d3f55b39072ba6bec6203d26e470be80afdc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 144, \u0022payload_entropy\u0022: 5.165483682625625, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Akamai Connected Cloud\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 63949, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002248b835820b48841dc8ba196b12cda1d4885c0279\u0022, \u0022event_fingerprint\u0022: \u0022d2516b5ad31e474025461a536723f4b8d0536cd6\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0; Keydrop.io\/1.0(onlyscans.com\/about);","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":144},{"id":7302412,"ip":"172.105.52.160","ts":"2026-05-19 09:55:32.000000","proto":"tcp","src_port":60628,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":35,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022]","http_method":"GET","http_target":"\/.git\/config","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 4, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022git\/config\u0022, \u0022http_ua_hash\u0022: \u0022c79f1fcccb231bd9b0790bca9dc0ef464bb730e2\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u0022e2f253eab0d0cf5422d24d22ae2a4954398768df\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 151, \u0022payload_entropy\u0022: 5.179607515039441, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Akamai Connected Cloud\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 63949, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002230ab291f29a739e39a0a8c4af7b1527461ee6fd0\u0022, \u0022event_fingerprint\u0022: \u00224777418bc57d83ac0dc142843329b335de36f27e\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"Mozilla\/5.0; Keydrop.io\/1.0(onlyscans.com\/about);","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":151},{"id":7302411,"ip":"172.105.52.160","ts":"2026-05-19 09:55:31.000000","proto":"tcp","src_port":60612,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":29,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 4, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u0022c79f1fcccb231bd9b0790bca9dc0ef464bb730e2\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u00229ee0d3f55b39072ba6bec6203d26e470be80afdc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 144, \u0022payload_entropy\u0022: 5.201214564762616, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Akamai Connected Cloud\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 63949, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022cbfeff426004bfd343a21b4ebdba6babdcd6d7d5\u0022, \u0022event_fingerprint\u0022: \u002214b6d4faa0f1fe5d2233548508193fe8e4038d6c\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"Mozilla\/5.0; Keydrop.io\/1.0(onlyscans.com\/about);","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":144}],"total_events":4}