{"ip":"34.80.201.206","exported_at":"2026-06-18T09:43:58+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 73\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7396961,"ip":"34.80.201.206","ts":"2026-05-20 10:46:58.000000","proto":"tcp","src_port":50100,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.docker","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022docker\u0022, \u0022http_ua_hash\u0022: \u0022076cd404655c77a72ab549fc271210fbf04b931e\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u0022fffaa1342f06e8670d7edda0bc9461e93e4a0f1f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 202, \u0022payload_entropy\u0022: 5.2874788035825055, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002265a2e824a1250573ee51b1ed338479e227a7eab8\u0022, \u0022event_fingerprint\u0022: \u00228705d6700693af6d7f3562d395c61309230e59e9\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (compatible; Konqueror\/3.5; SunOS) KHTML\/3.5.1 (like Gecko)","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":202},{"id":7396962,"ip":"34.80.201.206","ts":"2026-05-20 10:46:58.000000","proto":"tcp","src_port":50106,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.dev.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u0022aa6b92822cd5e8bc79f4f753be2ac256ed1a542c\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u002212559bd98a78482d9ce7a35ea95030c5164cc18e\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 243, \u0022payload_entropy\u0022: 5.4017601880715596, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002265a2e824a1250573ee51b1ed338479e227a7eab8\u0022, \u0022event_fingerprint\u0022: \u0022672b75514c22b810241938a9a7eefc277d6d2204\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/63.0.3239.132 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":243},{"id":7396963,"ip":"34.80.201.206","ts":"2026-05-20 10:46:58.000000","proto":"tcp","src_port":50116,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":29,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.development.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u0022068159ae0352044b0ee07057fe3703f6e27c9f80\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u002244b27fcf42134edd5dc872c2c6f931dc026ceb76\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 240, \u0022payload_entropy\u0022: 5.308633841127575, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002219a22d1f9dce57cfca03116160d4c65ae78e2c60\u0022, \u0022event_fingerprint\u0022: \u0022d1e43057bcecca43c88c3ae60f269c2a2a88a02a\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (OS\/2; U; OS\/2; en-US) AppleWebKit\/533.3 (KHTML, like Gecko) Arora\/0.11.0 Safari\/533.3","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":240},{"id":7396964,"ip":"34.80.201.206","ts":"2026-05-20 10:46:58.000000","proto":"tcp","src_port":50124,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/app\/.env.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u002286b9f9c31a43f4a5468b8c97fa626c3b4940f1ea\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u00226b35726d908ca1441d48958552cc4f0c6d6cdbcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 220, \u0022payload_entropy\u0022: 5.272381241960111, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022b3bf13d7bebfb8d9bbdfd970695ecd758d214c87\u0022, \u0022event_fingerprint\u0022: \u0022f80cbda00f4ccfd68d0f97cbe0c8b7d2e9ac3210\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko\/20120421 Gecko Firefox\/11.0","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":220},{"id":7396965,"ip":"34.80.201.206","ts":"2026-05-20 10:46:58.000000","proto":"tcp","src_port":50134,"dst_port":8000,"service":"http","classification":"web_probe","waf_score":8,"waf_tags":"[\u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.dev","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022dev\u0022, \u0022http_ua_hash\u0022: \u0022053a64ac57eb62db954180048f85bd3f11fdf3ed\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u0022a499321530f3e4ddd283e6792cf6d67b1e7cfe88\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: true, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 166, \u0022payload_entropy\u0022: 5.121202582774072, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 73, \u0022campaign_key\u0022: \u00226a6c8026277d465ca22a7d443077c3141b27e80d\u0022, \u0022event_fingerprint\u0022: \u0022d2040359e5210d80ec1cd14c85db628c0cb5113f\u0022, \u0022tags_list\u0022: [\u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022http_ua_suspicious\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Wget\/1.9 cvs-stable (Red Hat modified)","http_referer":null,"tags":"[\u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022http_ua_suspicious\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":5,"bytes_in":166},{"id":7396946,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49952,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.913218935620586, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396947,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49956,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.857099046512321, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396948,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49968,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.745006042193166, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396949,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49972,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.9314337649734785, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396950,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49986,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.874783656134017, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396951,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":49992,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.794471721840376, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396952,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50000,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.888532180265404, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396953,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50002,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.837069433778668, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396954,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50014,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.880163979428579, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396955,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50044,"dst_port":8000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.889221707614272, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae821f421b59b1fb13f92ebb069743c4f5ffbb01\u0022, \u0022event_fingerprint\u0022: \u00228f856ec85ec16970313753ca7db67584a3179686\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":239},{"id":7396956,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50028,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":28,"waf_tags":"[\u0022950086:sqli-21\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u00229df2ef81ecf8596abfa6c7a84f7f8bad9fdee5ee\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u00221bd3d14a0dcd500ff7a77dd7b961ff8960851334\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 413, \u0022payload_entropy\u0022: 5.552935875162933, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022fd13b7756d37e71d49cca94d8816e451d1c248f3\u0022, \u0022event_fingerprint\u0022: \u00220e5dba5c4f4cdff502126c06a4ac990487e86f5d\u0022, \u0022tags_list\u0022: [\u0022950086:sqli-21\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env_local\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; Redmi K20 Pro Build\/PKQ1.181121.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/66.0.3359.126 MQQBrowser\/6.2 TBS\/044807 Mobile Safari\/537.36 MMWEBID\/4406 MicroMessenger\/7.0.6.1460(0x27000634) Process\/tools NetType\/WIFI Language\/zh_CN","http_referer":null,"tags":"[\u0022950086:sqli-21\u0022, \u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env_local\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":413},{"id":7396957,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50052,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u00225ea74cb7b4a5df5598af1b2c7eadcbe3cc4c7bc0\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u00229ee0d3f55b39072ba6bec6203d26e470be80afdc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 255, \u0022payload_entropy\u0022: 5.434810503643693, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022db2162b6010a4a16a262897f316d91816849f7d1\u0022, \u0022event_fingerprint\u0022: \u0022aa62cd65092884a1c87676e24ddb0c58a20b5c39\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.100 Safari\/537.36 OPR\/62.0.3331.99","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":255},{"id":7396958,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50064,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/admin\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u0022c3e53d27c2b47060c2c458071b89124554b959a2\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u00229bae73d08848be44521e9c4d49360c6e081f0fff\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 251, \u0022payload_entropy\u0022: 5.3940362455197395, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00222ea32e3c8941b79d366505da90edf7130b23f3e6\u0022, \u0022event_fingerprint\u0022: \u0022de7119238b77257b6da8b7b1dcaf4fbdccae68ae\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Linux; Android 6.0; CAM-L23) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.89 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":251},{"id":7396959,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50080,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/app\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u0022b4e50d21f72ed3da4be8e019b2bb1b2f8b83cb70\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u0022628b9cb47d9f8d6e8fddc1b7d3cebf1133d17f4f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 249, \u0022payload_entropy\u0022: 5.3989194215691185, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022ff139e663c125932b7f214b1db35f8dba53e37f6\u0022, \u0022event_fingerprint\u0022: \u00224e0363fcaf721771c99a3a8059e04295c80684eb\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":249},{"id":7396960,"ip":"34.80.201.206","ts":"2026-05-20 10:46:57.000000","proto":"tcp","src_port":50088,"dst_port":8000,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u00222b98b4a110bfad5cf6fac30f510c4af8cfc617d0\u0022, \u0022http_host_hash\u0022: \u002241a3ed4cfa5a8936a4f11872041ee115510696e1\u0022, \u0022http_target_hash\u0022: \u0022f5b7d21cf92d5caca6cd906725e72730e31bc18c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 238, \u0022payload_entropy\u0022: 5.3838049851495855, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002202e7af1839d370e1b25f8754d7f5dde13bef979a\u0022, \u0022event_fingerprint\u0022: \u00223404cc59f2230944017517bcaacd71d684efc6e9\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.100 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":238},{"id":7390792,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52684,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.877519902249714, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390793,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52696,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.894849230492714, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390794,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52708,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.922287962035536, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390795,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52718,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.787768043238078, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390796,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52726,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.870162475137517, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390797,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52734,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.825162945839766, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390798,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52764,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.802221824790273, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390799,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52748,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.830891501340409, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390800,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52772,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.908844954207968, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390801,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52774,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u0022e81cb2b116e29ca54679925c8da33c49517289d8\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u00221bd3d14a0dcd500ff7a77dd7b961ff8960851334\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 247, \u0022payload_entropy\u0022: 5.313759876946096, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002252a14d8a914b4129e2ce0247ca22ed00f48efa43\u0022, \u0022event_fingerprint\u0022: \u0022156daea313dd260fec4a50728086963e7539d138\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env_local\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/13.0 Safari\/605.1.15","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env_local\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":247},{"id":7390802,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52810,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.development.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u00227708b6f8d8992e141731637684c3dffbb36dfcd0\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u002244b27fcf42134edd5dc872c2c6f931dc026ceb76\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 283, \u0022payload_entropy\u0022: 5.404149118370216, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00222d0e367dc1881956f6e8b1fd9ae4deaef63ec402\u0022, \u0022event_fingerprint\u0022: \u002243cabb7b14b1cd2b5763e2a6163b3b8f92e2d37c\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.145 Safari\/537.36 Vivaldi\/2.6.1566.49","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":283},{"id":7390803,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52794,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.docker","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022docker\u0022, \u0022http_ua_hash\u0022: \u0022b96c617ee8708989ced0612febef74987bfccfb1\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u0022fffaa1342f06e8670d7edda0bc9461e93e4a0f1f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 237, \u0022payload_entropy\u0022: 5.408469490468429, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00222d0e367dc1881956f6e8b1fd9ae4deaef63ec402\u0022, \u0022event_fingerprint\u0022: \u00220baaf86168983eaf053f53ecab1ec2417c790678\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Windows NT 6.2; WOW64) AppleWebKit\/537.36 (KHTML like Gecko) Chrome\/28.0.1469.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":237},{"id":7390804,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52780,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.dev.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u00227208683e849f4c4d343b053f9b3372f9eaac2ae9\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u002212559bd98a78482d9ce7a35ea95030c5164cc18e\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 325, \u0022payload_entropy\u0022: 5.441762659959511, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00222d0e367dc1881956f6e8b1fd9ae4deaef63ec402\u0022, \u0022event_fingerprint\u0022: \u00222dc452bd348b5f316126280c5686f74fbacd9bbc\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Linux; U; Android 6.0; he-il; Redmi Note 4X Build\/MRA58K) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/71.0.3578.141 Mobile Safari\/537.36 XiaoMi\/MiuiBrowser\/10.9.7-g","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":325},{"id":7390805,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52800,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/app\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u00225b7b2e4e70985e0107fe5bb257375bc0686bfd58\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u0022628b9cb47d9f8d6e8fddc1b7d3cebf1133d17f4f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 246, \u0022payload_entropy\u0022: 5.384495217828306, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00225ed4576d155d7b1bfa47f48b12bdf6ebe8415fee\u0022, \u0022event_fingerprint\u0022: \u0022d5360d6cdaebee2d8c41764708d63b8d5ba088f2\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; Pixel) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.111 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":246},{"id":7390806,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52830,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":31,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022]","http_method":"GET","http_target":"\/api\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u00221ed05b2b572aa9e090b6e4edbfa1bbe1743d5a23\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u0022f5b7d21cf92d5caca6cd906725e72730e31bc18c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 214, \u0022payload_entropy\u0022: 5.176432075957002, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022fc13c5b0f17d2c1af512bfa6037145fdf805b988\u0022, \u0022event_fingerprint\u0022: \u0022f0f5233ce3e439d301d24c6c2f38dd5aed50c189\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Opera\/9.80 (Android; Opera Mini\/42.0.2254\/150.36; U; en) Presto\/2.12.423 Version\/12.16","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022950600:k8s-api\u0022, \u0022http_probe_api\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":214},{"id":7390807,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52834,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env.dev","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022dev\u0022, \u0022http_ua_hash\u0022: \u00222353cd7686a3901b6d38c08254dc02f3a7a85d94\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u0022a499321530f3e4ddd283e6792cf6d67b1e7cfe88\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 263, \u0022payload_entropy\u0022: 5.393072972950341, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022863f9a4bdd5484fc43597f7993036915026f2c9b\u0022, \u0022event_fingerprint\u0022: \u002240a5cf518c90e052802e59204101a3f5411dd0d6\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (iPad; CPU OS 10_0 like Mac OS X) AppleWebKit\/601.1 (KHTML, like Gecko) CriOS\/49.0.2623.109 Mobile\/14A5335b Safari\/601.1.46","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":263},{"id":7390808,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52786,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":21,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u00226fdd78ed3beea95b8e82b0c78663c6d2eb67506d\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u00229ee0d3f55b39072ba6bec6203d26e470be80afdc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 211, \u0022payload_entropy\u0022: 5.316528894026281, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e63455ff9ac3c8de81a6fd5fa051fad474d09004\u0022, \u0022event_fingerprint\u0022: \u00228ff67f1b0274de54142a482864c601ee0d99de58\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko\/20061024 Firefox\/2.0 (Swiftfox)","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_probe_env\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":211},{"id":7390809,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52814,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/app\/.env.local","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022local\u0022, \u0022http_ua_hash\u0022: \u00225c9cdca11b6bd63efe5ce8ca727e8f5035d2c6cb\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u00226b35726d908ca1441d48958552cc4f0c6d6cdbcd\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 265, \u0022payload_entropy\u0022: 5.355984949920144, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00225ed4576d155d7b1bfa47f48b12bdf6ebe8415fee\u0022, \u0022event_fingerprint\u0022: \u002254c2e23f4b48bfdb663ac153ffb94c3f0ead70b3\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (X11; U; Linux armv7l like Android; en-us) AppleWebKit\/531.2+ (KHTML, like Gecko) Version\/5.0 Safari\/533.2+ Kindle\/3.0+","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":265},{"id":7390810,"ip":"34.80.201.206","ts":"2026-05-20 09:18:30.000000","proto":"tcp","src_port":52784,"dst_port":5001,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022]","http_method":"GET","http_target":"\/admin\/.env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022env\u0022, \u0022http_ua_hash\u0022: \u0022314574ceea90840d3e7fd5894d8612b1eb25ed9c\u0022, \u0022http_host_hash\u0022: \u0022b4e79994dbf62b32ccd12ea551b214d959713549\u0022, \u0022http_target_hash\u0022: \u00229bae73d08848be44521e9c4d49360c6e081f0fff\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 251, \u0022payload_entropy\u0022: 5.428528049499112, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022dcbe9b170df9b267fddb51a3e464d24792ac962c\u0022, \u0022event_fingerprint\u0022: \u0022e73c02d5687b68938477b032b953006b28e2704d\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5001","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/74.0.3729.157 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950514:leak-1\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_admin\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":251},{"id":7390791,"ip":"34.80.201.206","ts":"2026-05-20 09:18:29.000000","proto":"tcp","src_port":52678,"dst_port":5001,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.803633254850256, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u00222a78aa91dca9eff346b85ee76e7a4f15d879285e\u0022, \u0022event_fingerprint\u0022: \u00227ec072b47e4713fbdb46bb267c785abcf3e841e0\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239}],"total_events":40}