{"ip":"189.84.238.246","exported_at":"2026-06-18T01:39:27+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7709754,"ip":"189.84.238.246","ts":"2026-05-25 10:42:45.000000","proto":"tcp","src_port":45523,"dst_port":8044,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00220c33d7bc8b55dfba7892825ade42948310af6276\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 158, \u0022payload_entropy\u0022: 5.265937741961828, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022af3a353ab945cdd65982fe2832c1240d14e769de\u0022, \u0022event_fingerprint\u0022: \u0022682ecfdc8526d346b439ce6a1ad47935aeeb2d47\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:107.0) Gecko\/20100101 Firefox\/107.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":158},{"id":7677421,"ip":"189.84.238.246","ts":"2026-05-24 21:29:47.000000","proto":"tcp","src_port":38101,"dst_port":8087,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u002243f3f89759e0a5b5b7bee093ee569bceebd74cf3\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 155, \u0022payload_entropy\u0022: 5.353435903217914, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e2802c99e1b72cc039c7370f3e1148c283c0dbfe\u0022, \u0022event_fingerprint\u0022: \u00228dda67c3560a0951ea29cc09c29dc1f171c7dd55\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko\/20100101 Firefox\/86.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":155},{"id":7537598,"ip":"189.84.238.246","ts":"2026-05-22 20:19:51.000000","proto":"tcp","src_port":57235,"dst_port":8850,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u0022e9a91504f751f7bd41826ec36e1910924a77a345\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 195, \u0022payload_entropy\u0022: 5.380958955607035, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022d4006c78a11d8a5ef505230616a812d0076e67b5\u0022, \u0022event_fingerprint\u0022: \u00222c3c2af3f9771b88073d692ff3059e85e2cff62f\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/110.0.1054.126 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":195},{"id":7499629,"ip":"189.84.238.246","ts":"2026-05-22 06:31:05.000000","proto":"tcp","src_port":50502,"dst_port":8144,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u0022d118223f8a4db29c3a5de79fe8e26219fc4dbae5\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 157, \u0022payload_entropy\u0022: 5.327286540031732, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022aa0d935b0a303c90da00bf75b694c58d0792477c\u0022, \u0022event_fingerprint\u0022: \u00223e696508b9adc05cde29d5a72ba42e8dcfc1823f\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:114.0) Gecko\/20100101 Firefox\/114.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":157},{"id":7419665,"ip":"189.84.238.246","ts":"2026-05-20 22:03:16.000000","proto":"tcp","src_port":45371,"dst_port":4120,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00225148318bf9fcd0adca91f7a33f016c953fc7f108\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 156, \u0022payload_entropy\u0022: 5.321216781618549, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022246264ea302a8899cea9704d2a6b5f809f70296b\u0022, \u0022event_fingerprint\u0022: \u0022b01484dbec7b8b27a6f147e3768d0644b415ebe1\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:98.0) Gecko\/20100101 Firefox\/98.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":156},{"id":7383486,"ip":"189.84.238.246","ts":"2026-05-20 06:56:49.000000","proto":"tcp","src_port":50484,"dst_port":8833,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/admin\/config.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 3, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u002243f3f89759e0a5b5b7bee093ee569bceebd74cf3\u0022, \u0022http_host_hash\u0022: \u00220991dad1e85d945fa26d249d6238901b89cb8349\u0022, \u0022http_target_hash\u0022: \u0022d56b1a05959828284b2f82de68035f0901a81dcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 155, \u0022payload_entropy\u0022: 5.353435903217914, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022UFINET PANAMA S.A.\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 52468, \u0022country\u0022: \u0022BR\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022d0366d5a1c91a13a15f94085fd1d6c927bd07990\u0022, \u0022event_fingerprint\u0022: \u0022117b7888b63bc17b4864d0d6a9eaaedaaeb74f41\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.0","http_host":"62.3.50.33","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko\/20100101 Firefox\/86.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":155}],"total_events":6}