Initialisation...

Threat intelligence

Suisse

209.99.188.147

Période : 2026-05-07 → 2026-06-06

Retour banlist 24h 7j 30j 90j

Moyen · Risque max (7j)

Événements (filtres)

4,639

First seen

05/06/2026 19:59 UTC

Last seen

06/06/2026 23:34 UTC

Dernière activité (filtres)

06/06/2026 23:34 UTC

Événements 7j

4,639

Ports distincts (7j)

Classifications (7j)

Sévérité max (7j)

Élevée

Géolocalisation

Origine réseau déclarée

Suisse unknown unknown

FAI / réseau

Opérateur et dernière activité ban

SKN Subnet & Telecom Ltd 0 Port 7563 port_probe

Threat Intelligence

Score capteur — surveiller, investiguer ou bloquer.

Recommandation

Stade d'attaque

Sonde / probe

Recommandation

Surveiller

Confiance

50%

Famille de menace

scanner

MITRE ATT&CK

TA0007 TA0001

Filtres

From/To priment sur Days.

proto=ALL service=ALL port=ALL type=ALL

Days

From

Proto

Port (dst)

Service

Classification

Reset

Timeline

4639 événements filtrés

Top ports

SSH 22, RDP 3389, HTTP alternatifs…

Top classifications

Web, SSH, SAP, scans…

Heatmap 24h

Pics d'activité par heure

Chronologie des événements

4639 événement(s) — page 5/93

paris-1

Horodatage	Proto	Port	Service	Classification	Sévérité	WAF	Risque	Recommandation	Tags	Cible HTTP	TLS SNI	Capteur
06/06/2026 23:09:06 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:58 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:50 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:43 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:35 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:27 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:20 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:12 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:08:04 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:56 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:49 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:41 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:33 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:26 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor", "behavior_alert_count": 1, "behavior_priority": 72 }
06/06/2026 23:07:18 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:10 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:07:02 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:55 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:47 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:39 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:31 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:23 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:06:16 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor", "behavior_alert_count": 1, "behavior_priority": 72 }
06/06/2026 23:06:08 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor", "behavior_alert_count": 1, "behavior_priority": 84 }
06/06/2026 23:06:00 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:52 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:44 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:37 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:29 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:21 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:13 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:05:05 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:58 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:50 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:42 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:34 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:26 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:19 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:11 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:04:03 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:55 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:47 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:40 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:32 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:24 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:16 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:08 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:03:01 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:02:53 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }
06/06/2026 23:02:45 UTC	TCP	7563	—	Sonde port	Faible	—	Moyen · 44	Surveiller	—	—	—	paris-1
Preuve / Evidence Méthode — Port 7563 Chemin / cible — Pourquoi cette classification : Type « port_probe » (signaux protocolaires) · confiance 50% User-Agent — Règles WAF — Meta JSON brut { "bytes_in": 0, "payload_entropy": 0, "port_category": "registered", "org": "SKN Subnet & Telecom Ltd", "service": null, "app_proto": null, "asn": 402253, "country": "CH", "dst_port": 7563, "risk_waf": 8, "risk_classification": 48, "risk_behavior": 0, "risk_geo": 0, "risk_protocol": 0, "risk_novelty": 0, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0 }, "risk_score": 44, "tag_count": 0, "anomaly_count": 0, "campaign_key": "1b55b411ab37d1d63dbbd11f7b166cf78d0d1a67", "event_fingerprint": "a8e0d3e60860f22aed441f539d0a06e03331466e", "classification_confidence": 0.5, "confidence": 0.5, "precision_signals": [ "INT-single-port" ], "classification_reason": "Type \u00ab port_probe \u00bb (signaux protocolaires) \u00b7 confiance 50%", "confidence_breakdown": { "waf": 8, "classification": 48, "behavior": 0, "geo": 0, "protocol": 0, "novelty": 0, "risk_score": 44 }, "risk_confidence_factor": 50, "city": null, "is_datacenter": false, "is_tor_hint": false, "geo": { "country": "CH", "asn": 402253, "org": "SKN Subnet & Telecom Ltd", "is_datacenter": false, "is_tor_hint": false }, "fingerprint": { "path_pattern_hash": "49ebffbc8eed300cf9429db1ba4cf66d" }, "target_context": { "dst_port": 7563, "risk_score": 44 }, "attack_stage": "probe", "mitre_tactics": [ "TA0007", "TA0001" ], "threat_family": [ "scanner" ], "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "event_signature": "51b67e96d897919e9eeef6c95809c27260f2941c", "honeypot_persona": { "sensor_id": "sensor-1", "hostname": "mail.sensor-1.internal", "mail_host": "mail.sensor-1.internal", "ldap_dc": "dc.sensor-1.internal", "k8s_cluster": "hp-sensor-1", "domain": "sensor-1.internal", "service_role": "generic", "service_banner": "honeypot", "service_os": "linux", "dst_port": "7563" }, "hostname": "mail.sensor-1.internal", "sensor_id": "sensor-1", "attack_chain_stage": "probe", "matched_patterns": [], "ban_policy": "advisory_monitor" }

209.99.188.147

Géolocalisation

FAI / réseau

Threat Intelligence

Filtres

Timeline

Top ports

Top classifications

Heatmap 24h

Chronologie des événements

Comparaison côte à côte

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence