{"ip":"209.50.185.57","exported_at":"2026-06-18T07:30:26+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 28\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":8055446,"ip":"209.50.185.57","ts":"2026-05-31 18:58:49.000000","proto":"tcp","src_port":47109,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022e9491948ae472a9dd3f1d6d936dcba63\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.812798284059519, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022d8368fe9885fdb6c0cee791c94386b23db771179\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"e9491948ae472a9dd3f1d6d936dcba63","tls_ja3":"771,51914-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,60138-23-65281-10-11-35-16-5-13-18-51-45-43-27-35466-21,19018-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":8055445,"ip":"209.50.185.57","ts":"2026-05-31 18:58:48.000000","proto":"tcp","src_port":63991,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u00223bf71509bc183868fee2cbf22178607d\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.9847587549681163, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u002263779fcbb483a49103cd3c0394e1f57507dfaa91\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"3bf71509bc183868fee2cbf22178607d","tls_ja3":"771,35466-4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,19018-23-65281-10-11-16-5-13-18-51-45-43-27-6682-21,39578-29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":8055442,"ip":"209.50.185.57","ts":"2026-05-31 18:58:47.000000","proto":"tcp","src_port":47095,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022fbc0a46f9c2e144fc770fef4de21ffe725652a28\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 593, \u0022payload_entropy\u0022: 5.535295707694337, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":593},{"id":8055440,"ip":"209.50.185.57","ts":"2026-05-31 18:58:46.000000","proto":"tcp","src_port":16555,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u0022a76e08b809549a8ef70acaf7074b5caa8a051858\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 616, \u0022payload_entropy\u0022: 5.560740002705603, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36 Edg\/134.0.0.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":616},{"id":7980969,"ip":"209.50.185.57","ts":"2026-05-30 06:05:29.000000","proto":"tcp","src_port":36157,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u00223f9a7bb254e465551cb2f3adf06d0866\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 1733, \u0022payload_entropy\u0022: 7.73640217456932, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022a97778caa2414413ebc1b5ad3e2b7a0462e9003e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"3f9a7bb254e465551cb2f3adf06d0866","tls_ja3":"771,39578-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,31354-17613-16-5-23-45-65037-35-10-18-27-65281-51-43-11-13-27242,27242-4588-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":1733},{"id":7980968,"ip":"209.50.185.57","ts":"2026-05-30 06:05:28.000000","proto":"tcp","src_port":16937,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022a4a7efb11da858ab9c34dc7fbb241bcb\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 639, \u0022payload_entropy\u0022: 7.166365374229086, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022059a430db5b12d99f648696076d3d18f3d2329a2\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"a4a7efb11da858ab9c34dc7fbb241bcb","tls_ja3":"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,23-65281-10-11-35-16-5-34-51-43-13-45-28-65037,29-23-24-25-256-257,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":639},{"id":7980967,"ip":"209.50.185.57","ts":"2026-05-30 06:05:27.000000","proto":"tcp","src_port":54007,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002261a68d8ae82bc8425114abf48390d06cae6524df\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 411, \u0022payload_entropy\u0022: 5.415033140395489, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:135.0) Gecko\/20100101 Firefox\/135.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":411},{"id":7980966,"ip":"209.50.185.57","ts":"2026-05-30 06:05:26.000000","proto":"tcp","src_port":42321,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u0022a76e08b809549a8ef70acaf7074b5caa8a051858\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 616, \u0022payload_entropy\u0022: 5.560740002705603, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36 Edg\/134.0.0.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":616},{"id":7950253,"ip":"209.50.185.57","ts":"2026-05-29 18:47:42.000000","proto":"tcp","src_port":44375,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022d58eb494d301a4e12600ae986b913b34\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 1797, \u0022payload_entropy\u0022: 7.760103895972367, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u00221c68d558c54819e82422305574015acc8efd5642\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"d58eb494d301a4e12600ae986b913b34","tls_ja3":"771,14906-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,39578-18-43-11-10-65281-5-17613-27-16-65037-13-23-45-51-35-35466,35466-4588-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":1797},{"id":7950252,"ip":"209.50.185.57","ts":"2026-05-29 18:47:41.000000","proto":"tcp","src_port":39677,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022f55d478e7a021f62522ae42f802ebeec\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 1733, \u0022payload_entropy\u0022: 7.74595109812352, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022c1f7bd322f95b50b162937691b6386e32d9e9702\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"f55d478e7a021f62522ae42f802ebeec","tls_ja3":"771,39578-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,39578-51-16-11-23-10-5-27-17613-65281-18-45-43-13-35-65037-51914,51914-4588-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":1733},{"id":7950247,"ip":"209.50.185.57","ts":"2026-05-29 18:47:40.000000","proto":"tcp","src_port":41437,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022e1bd552d7c59ac5400a54b2a889e10afc4986d30\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 583, \u0022payload_entropy\u0022: 5.5525277319974355, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/133.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":583},{"id":7950246,"ip":"209.50.185.57","ts":"2026-05-29 18:47:39.000000","proto":"tcp","src_port":26503,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u0022fbc0a46f9c2e144fc770fef4de21ffe725652a28\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 611, \u0022payload_entropy\u0022: 5.53444790413005, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":611},{"id":7937742,"ip":"209.50.185.57","ts":"2026-05-29 12:25:06.000000","proto":"tcp","src_port":47747,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022b342b769ba3b2900da67aec797459673\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.754812228019845, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u002266f2874513a982be9d573fb75b3bb99930bfccc3\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"b342b769ba3b2900da67aec797459673","tls_ja3":"771,2570-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,23130-23-65281-10-11-35-16-5-13-18-51-45-43-27-14906-21,43690-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":7937741,"ip":"209.50.185.57","ts":"2026-05-29 12:25:05.000000","proto":"tcp","src_port":40797,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022a4a7efb11da858ab9c34dc7fbb241bcb\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 639, \u0022payload_entropy\u0022: 7.151609479909879, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022059a430db5b12d99f648696076d3d18f3d2329a2\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"a4a7efb11da858ab9c34dc7fbb241bcb","tls_ja3":"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,23-65281-10-11-35-16-5-34-51-43-13-45-28-65037,29-23-24-25-256-257,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":639},{"id":7937740,"ip":"209.50.185.57","ts":"2026-05-29 12:25:03.000000","proto":"tcp","src_port":51739,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022a76e08b809549a8ef70acaf7074b5caa8a051858\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 598, \u0022payload_entropy\u0022: 5.563058225392793, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36 Edg\/134.0.0.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":598},{"id":7937739,"ip":"209.50.185.57","ts":"2026-05-29 12:25:02.000000","proto":"tcp","src_port":27121,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u00220703723cf11531696e7769eb22f8d9b281390533\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 593, \u0022payload_entropy\u0022: 5.563580232487383, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":593},{"id":7923226,"ip":"209.50.185.57","ts":"2026-05-29 06:05:16.000000","proto":"tcp","src_port":18361,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u00228db7678021ae1b73330650730200cd24\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.7799858288737216, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022314a470540771b3b96b30c4aa4703c9971b7b21e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"8db7678021ae1b73330650730200cd24","tls_ja3":"771,23130-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,64250-23-65281-10-11-35-16-5-13-18-51-45-43-27-6682-21,51914-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":7923223,"ip":"209.50.185.57","ts":"2026-05-29 06:05:15.000000","proto":"tcp","src_port":9137,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u00228aab9cb4b5ddfb1346c4d3570262a34c\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.9413791609642126, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022e805809a01a557295e69f7145773fbf495de64e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"8aab9cb4b5ddfb1346c4d3570262a34c","tls_ja3":"771,19018-4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,43690-23-65281-10-11-16-5-13-18-51-45-43-27-10794-21,2570-29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":7923222,"ip":"209.50.185.57","ts":"2026-05-29 06:05:14.000000","proto":"tcp","src_port":47129,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022645a13880dcb9457505909b589edb4ec45ef293f\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 421, \u0022payload_entropy\u0022: 5.411277501617233, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko\/20100101 Firefox\/136.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":421},{"id":7923220,"ip":"209.50.185.57","ts":"2026-05-29 06:05:13.000000","proto":"tcp","src_port":48073,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u00221c1f86ba252c0c8ebc250acab48718f12d6d1efd\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 589, \u0022payload_entropy\u0022: 5.567672247102516, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":589},{"id":7911941,"ip":"209.50.185.57","ts":"2026-05-28 23:54:51.000000","proto":"tcp","src_port":29695,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002260db9cf688ef37dd64fa2058b8730702\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 1765, \u0022payload_entropy\u0022: 7.753130372443226, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022d32b86d48109b05367b2ae434ebd468bc173955e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"60db9cf688ef37dd64fa2058b8730702","tls_ja3":"771,60138-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,27242-10-16-13-43-65281-18-35-17613-51-45-11-27-65037-5-23-56026,64250-4588-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":1765},{"id":7911937,"ip":"209.50.185.57","ts":"2026-05-28 23:54:50.000000","proto":"tcp","src_port":28173,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022a4a7efb11da858ab9c34dc7fbb241bcb\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 639, \u0022payload_entropy\u0022: 7.169020329642658, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022059a430db5b12d99f648696076d3d18f3d2329a2\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"a4a7efb11da858ab9c34dc7fbb241bcb","tls_ja3":"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,23-65281-10-11-35-16-5-34-51-43-13-45-28-65037,29-23-24-25-256-257,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":639},{"id":7911935,"ip":"209.50.185.57","ts":"2026-05-28 23:54:49.000000","proto":"tcp","src_port":47447,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00221560e35decbcf1542ae720d76e3937642edcc47f\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 452, \u0022payload_entropy\u0022: 5.452728221970459, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.3 Safari\/605.1.15","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":452},{"id":7911932,"ip":"209.50.185.57","ts":"2026-05-28 23:54:47.000000","proto":"tcp","src_port":17323,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u00228447a2dfcfbbdcc75d5b5272da958411ec73dd1a\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 605, \u0022payload_entropy\u0022: 5.551991835212482, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/134.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":605},{"id":7892761,"ip":"209.50.185.57","ts":"2026-05-28 17:52:41.000000","proto":"tcp","src_port":28959,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002213425f6df8d878140e1511bd39fb37ab\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.952476122443811, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022176e1d1c0da95aedeb0ece86ce794b09f18d2c97\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"13425f6df8d878140e1511bd39fb37ab","tls_ja3":"771,64250-4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,43690-23-65281-10-11-16-5-13-18-51-45-43-27-6682-21,2570-29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":7892760,"ip":"209.50.185.57","ts":"2026-05-28 17:52:40.000000","proto":"tcp","src_port":18541,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022cb952da52f404ed97025aa55e4ab5221\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 1797, \u0022payload_entropy\u0022: 7.752934362842958, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022b7abc5c045c4db71928f50a3888abaa9912327bf\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"cb952da52f404ed97025aa55e4ab5221","tls_ja3":"771,14906-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,14906-16-11-65281-18-45-13-35-27-5-17613-65037-43-51-23-10-2570,60138-4588-29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":1797},{"id":7892757,"ip":"209.50.185.57","ts":"2026-05-28 17:52:39.000000","proto":"tcp","src_port":64481,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022b537a727b7efcfbf59f3097a4594fe49e8499b9b\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 421, \u0022payload_entropy\u0022: 5.411277501617233, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko\/20100101 Firefox\/135.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":421},{"id":7892756,"ip":"209.50.185.57","ts":"2026-05-28 17:52:38.000000","proto":"tcp","src_port":51419,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u0022f5a33d0f730ef5dfbb1133b1daf97081b118f0f8\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 604, \u0022payload_entropy\u0022: 5.536058393907296, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/135.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":604},{"id":7878835,"ip":"209.50.185.57","ts":"2026-05-28 11:51:01.000000","proto":"tcp","src_port":12347,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022a4a7efb11da858ab9c34dc7fbb241bcb\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 639, \u0022payload_entropy\u0022: 7.150516923140246, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022059a430db5b12d99f648696076d3d18f3d2329a2\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"a4a7efb11da858ab9c34dc7fbb241bcb","tls_ja3":"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,23-65281-10-11-35-16-5-34-51-43-13-45-28-65037,29-23-24-25-256-257,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":639},{"id":7878834,"ip":"209.50.185.57","ts":"2026-05-28 11:51:00.000000","proto":"tcp","src_port":56227,"dst_port":3000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022c9b59fec1d9167c08fad455b10f13bdd\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 517, \u0022payload_entropy\u0022: 3.959740384744868, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 28, \u0022campaign_key\u0022: \u0022347c13c75955668cc76666024684b4f0247cce5b\u0022, \u0022event_fingerprint\u0022: \u0022a14b1d9e3e97554fb8082ac05f4aae9efbed9472\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"c9b59fec1d9167c08fad455b10f13bdd","tls_ja3":"771,64250-4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,6682-23-65281-10-11-16-5-13-18-51-45-43-27-2570-21,43690-29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":517},{"id":7878832,"ip":"209.50.185.57","ts":"2026-05-28 11:50:59.000000","proto":"tcp","src_port":62947,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v4\/teams","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022e1bd552d7c59ac5400a54b2a889e10afc4986d30\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u0022fbd71fc0ebad6f12ed78e06fc8e45f4a88a68a29\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 583, \u0022payload_entropy\u0022: 5.5525277319974355, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227e1252916af524a67b983e05c3b9ea5b7440cc99\u0022, \u0022event_fingerprint\u0022: \u0022125495609452b33a79914a88f3243d5fc83c5a40\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/133.0.0.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":583},{"id":7878831,"ip":"209.50.185.57","ts":"2026-05-28 11:50:57.000000","proto":"tcp","src_port":46905,"dst_port":3000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/v1\/channels.list?count=100","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 12, \u0022http_query_params\u0022: 1, \u0022http_path_depth\u0022: 3, \u0022http_path_ext\u0022: \u0022list\u0022, \u0022http_ua_hash\u0022: \u00220630b87aaa3e749af3eb1147feb5ee67126097fa\u0022, \u0022http_host_hash\u0022: \u002246f5955a67387b75de712e640b0687c888a438e5\u0022, \u0022http_target_hash\u0022: \u002289b4515999bf33c656b05fa536b56bcad43cec39\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 615, \u0022payload_entropy\u0022: 5.5543159285135975, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u00223xK Tech GmbH\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 200373, \u0022country\u0022: \u0022TH\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022feb908294bb8458d9ec90407856230daf53e9310\u0022, \u0022event_fingerprint\u0022: \u00225c9510391250458efac64ff953bd30a45b71c003\u0022, \u0022tags_list\u0022: [\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:3000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/135.0.0.0 Safari\/537.36 Edg\/135.0.0.0","http_referer":null,"tags":"[\u0022950316:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950600:k8s-api\u0022, \u0022http_k8s_probe\u0022, \u0022http_probe_api\u0022]","anomalies":"[]","severity":10,"bytes_in":615}],"total_events":32}