Détails IP 34.93.237.238

Synthèse exécutive

Profil de menace

Score de risque 70/100 Élevé

Première observation 04/06/2026 09:33 UTC

Dernière observation 04/06/2026 09:33 UTC

Événements (période) 128

MITRE ATT&CK principal —

risque 52/100

Pourquoi listée

Synthèse décisionnelle honeypot — seuil de listing maintenu à 1 événement qualifié.

web_attack

Comparaison ASN / FAI

ASN 396982 · 34.93.224.0/20 · ARIN — 8 pair(s) ASN/FAI listé(s) — activité locale élevée vs pairs · 128 événements sur la période pour cette IP.

162.216.149.142 Sonde PostgreSQL 18/06/2026 22:07 UTC
147.185.133.167 Scanner web 18/06/2026 22:06 UTC
35.203.210.21 Scanner web 18/06/2026 22:05 UTC
162.216.149.47 Scanner web 18/06/2026 22:04 UTC
198.235.24.222 Sonde port 18/06/2026 22:04 UTC
162.216.150.92 Scanner web 18/06/2026 22:03 UTC
162.216.150.232 Scanner web 18/06/2026 22:03 UTC
198.235.24.129 Sonde PostgreSQL 18/06/2026 22:03 UTC

Événements (filtres)

128

Première observation

04/06/2026 09:33 UTC

Dernière observation

04/06/2026 09:33 UTC

Dernière activité (filtres)

04/06/2026 09:33 UTC

Événements 7j

Ports distincts (7j)

Classifications (7j)

Sévérité max (7j)

—

Activité multi-protocole

Cette IP touche plusieurs services simulés (pas seulement le web).

HTTP TCP 64 TLS TCP 64

HTTP

TLS

Géolocalisation

Origine réseau déclarée

Inde unknown unknown

FAI / réseau

Opérateur et dernière activité ban

Google LLC 0 Port 6443 web_attack

Renseignement menaces

Score capteur — surveiller, investiguer ou bloquer.

Recommandation

Stade d'attaque

Tentative d'exploit

Aperçu payload

GET / HTTP/1.1 Host: 62.3.50.33:9990 User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3 like Mac OS X; de-de) AppleWebKit/5

Port / service

9990

Recommandation

Investiguer

Confiance

92%

Famille de menace

unknown

MITRE ATT&CK — tactiques

Reconnaissance Développement Accès Exécution Persistance Élévation Contournement Accès Découverte Mouvement Collecte Commande Exfiltration Impact

Filtres

Les dates De/À priment sur la période. Affinez protocole, port, service et classification.

proto=Tous service=Tous port=Tous type=Tous sév.=Toutes

Période

Protocole

Port (dst)

Service

Classification

Sévérité min

Sévérité max

Réinitialiser

Timeline

128 événements filtrés — activité quotidienne

Ports 24 h

Top ports ciblés sur les dernières 24 heures

Top ports

SSH 22, RDP 3389, HTTP alternatifs…

Top classifications

Web, SSH, SAP, scans…

Heatmap attaques 7j

Intensité par jour et heure (UTC capteur)

Chronologie des événements

128 événement(s) — page 1/3

Horodatage	Proto	Port	Service	Classification	Sévérité	Risque
04/06/2026 09:33:23 UTC	TCP	10000	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 10000 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Maxthon/5.2.7.5000 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:10000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "45095c0af340e5c824540e9bfe1ce7a7a42adbfa", "http_host_hash": "08ba06a3067b7b908f83ce02b0e95a4941ea7cbc", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 249, "payload_entropy": 5.391749549777197, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 10000, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.3, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "c431f4a7b8bf3dfb460e5d9e70596f1ed4cc32ff", "event_fingerprint": "2c4650b438929878b52554b77f28fcecffe086ef", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "39cc8f64148674182bd43fee10055c9a", "payload_hash": "d66cd8650d7af3c83596c3c8995e65f6", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 10000, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:10000\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) ", "event_signature": "130676c7a005c0ba6a333a00f2515042b51407dc", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true, "behavior_alert_count": 1, "behavior_priority": 96 }
04/06/2026 09:33:23 UTC	TCP	10443	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 10443 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 530) like Gecko Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:10443 User-Agent: Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/1 Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "253c736ddac82508286dee2924e7dcd234fd2086", "http_host_hash": "2cf5af0b13931b66cab59dd3d82974768acd327c", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 230, "payload_entropy": 5.34836651876419, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 10443, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "f08731247eafb25c82462942b20b021cdb2410e4", "event_fingerprint": "abab8689f9cd2396c292ea70c91cf9363a23bbce", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "2c9fedcc266aef2717fb1b3d1ba14f86", "payload_hash": "71ec4e99cc77000fa78b62c149172e17", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 10443, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:10443\r\nUser-Agent: Mozilla\/5.0 (Windows Phone 8.1; ARM; Trident\/7.0; Touch; rv:11.0; IEMobile\/1", "event_signature": "df0415f8acb5c47a4a72b5b7b1951a2dfbbdfd69", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	2375	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 2375 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows; U; Windows CE 5.1; rv:1.8.1a3) Gecko/20060610 Minimo/0.016 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:2375 User-Agent: Mozilla/5.0 (Windows; U; Windows CE 5.1; rv:1.8.1a3) Gecko/20060610 Minimo/0. Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "90d6c4912e7e494eb4846f08534d8ebe5bbb2cd8", "http_host_hash": "f67360d9d8752052e6957433375dedea23e1b2f8", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 200, "payload_entropy": 5.249224098974021, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 2375, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.4, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "486343eac7fb2c5e60756bffa3c637a035f9577d", "event_fingerprint": "b948f0d43a8cf28f926f399aa7c0d0f5fbd25ec4", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "e24b49412436d9c347ccfabf59739d33", "payload_hash": "3c595141b3f970872ea2a23fcd27c04c", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 2375, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUser-Agent: Mozilla\/5.0 (Windows; U; Windows CE 5.1; rv:1.8.1a3) Gecko\/20060610 Minimo\/0.", "event_signature": "06dba4ff476ae8fa296ee0e56f63ac64fcc357a6", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	16686	http	web attack	Élevée	Moyen · 52
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 16686 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 4.4.2; LGMS323 Build/KOT49I.MS32310b) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.103 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:16686 User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; LGMS323 Build/KOT49I.MS32310b) AppleWebKi Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d82ab0faecaad77cf954d38ae9390fdfb5e7055d", "http_host_hash": "a7b93806961c414cf4e954dcf75b99f79bd7eafd", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 267, "payload_entropy": 5.4730276031401575, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 16686, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 2.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 52, "tag_count": 4, "anomaly_count": 0, "campaign_key": "2c895869939256c6d1fa2dc3d26c31b9d98f10d9", "event_fingerprint": "13d950a3e12a241d122fadfa3c4e65aea6443bdf", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "83345b8927d5b950b885688fcf1a7549", "payload_hash": "fe8e0b0d393d81949890834c32b9c1ed", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 16686, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:16686\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 4.4.2; LGMS323 Build\/KOT49I.MS32310b) AppleWebKi", "event_signature": "3db3e31efb5555bb8da002878889f4c42b0e7468", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	2380	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 2380 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:2380 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "52886032f7b54ffde5c3ed27b5deec4e377a47af", "http_host_hash": "462261d450c052c5a1785a2a3019efb3756a7def", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 202, "payload_entropy": 5.272934630503208, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 2380, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "cfd3e9bba872c6e3a778c155791f4ae15f765ef1", "event_fingerprint": "df8fc46b27cc15124c84fe3739e4d6ac35faea4f", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "f3490eb54b88c8a44b5f6a7cfd0bb35f", "payload_hash": "81c753a2ac2f3b694250623b2a2198ba", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 2380, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:2380\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko\/20100101 Firefox", "event_signature": "1992442b96fe98471ff2258f69027426ab4d2349", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	2376	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 2376 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch) Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:2376 User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/ Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "c5a05ac5304d0cb4c26c697fc52b514a67b3cf37", "http_host_hash": "77a8d0234e193486a4c915d7d49e953396d2fc8d", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 214, "payload_entropy": 5.2694946976563415, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 2376, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "6a1f6628a08550cb1339ae0d56aa1a2d0e84083b", "event_fingerprint": "0267cf4ac8bad38ec4e6522c8189488ecb366e27", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "d0b98642086a38b6bec45082a94883fd", "payload_hash": "817201ee6a4a0f8ec7676449ca9a6004", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 2376, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:2376\r\nUser-Agent: Mozilla\/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident\/6.0; IEMobile\/", "event_signature": "3fee87578d30a74ecb4ef207655859287e9fbe2f", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	3128	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 3128 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 8.1.0; Phone 2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:3128 User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; Phone 2) AppleWebKit/537.36 (KHTML, like G Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "406eb81ad0f9cf031a58481327ceae6827edffe0", "http_host_hash": "0004f205c8c9eec39df22e7d5c19060a1bc84a1b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 244, "payload_entropy": 5.367924793530183, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 3128, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "15aef7245921221abaf04f73ef400ba3ce4f2428", "event_fingerprint": "32ec052994599dfd5856be62f51e4d9bb02fc3aa", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "d8cd6c67bae736fdd5cbc1e58837c5b4", "payload_hash": "5f05299c1e7b48e89cddca28dee650f0", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 3128, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:3128\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 8.1.0; Phone 2) AppleWebKit\/537.36 (KHTML, like G", "event_signature": "97bf9dccee53c462fb7a60edc200123dcc06963e", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	11434	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 11434 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0) Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:11434 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0) Accept-Char Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "ed06f2f1b1802b2bf443a12fa33354de95410b0f", "http_host_hash": "0edcf6ab7022a3c1a90b1ad0670bd95a56782eca", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 184, "payload_entropy": 5.257589231922454, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 11434, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "0c6107c2950d50f6d814fb73d723c3964025f585", "event_fingerprint": "da78c22d3ffbb7e89070f222d5b58cdc903a8d3e", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "432b20c082f564bb8f0a327579c69c0e", "payload_hash": "cd1ed63af20d662c93aec6a6b5b4cb29", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 11434, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:11434\r\nUser-Agent: Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0)\r\nAccept-Char", "event_signature": "6de2eb421dcaf3df5a3b2f963cb0812bb32942dd", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	4443	http	web attack	Élevée	Moyen · 53
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 4443 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.102 Safari/537.36 Vivaldi/2.0.1309.3 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:4443 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Geck Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "a63172665061b0f61f227d1ec8895b459c0a117a", "http_host_hash": "e950df8a5a68e4dcc53c2ea4813456e73c1d6fc9", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 253, "payload_entropy": 5.435948900701017, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 4443, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 53, "tag_count": 4, "anomaly_count": 0, "campaign_key": "52d0e234dd05a0794f0227336aa88ac4c91384c1", "event_fingerprint": "46787207b8bb4667f0a216f439d637abf48dc130", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "ce9f16be94b34234b32369cfbc5e948d", "payload_hash": "6cc5d062abd06cfb2be53dbe0fb9567b", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 4443, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:4443\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Geck", "event_signature": "83315fad2b9f316d961671ce5cb7f106f7271de5", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	3001	http	port scan fast	Élevée	Faible · 30
Étape Reconnaissance MITRE TA0043 WAF 3 Recommandation Surveiller Tags 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 3001 Chemin / cible / Confiance classification 71% Tactiques MITRE TA0043 Ligne de requête `GET / HTTP/1.1` User-Agent SuperBot/4.4.0.60 (Windows XP) Règles WAF 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:3001 User-Agent: SuperBot/4.4.0.60 (Windows XP) Accept-Charset: utf-8 Accept-Encoding: gzip Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "03445952c518f6755b1bc6de6b84e5c811b4f8a5", "http_host_hash": "68964bd149320edbceb0d6a222e6bc3e0bdb74e3", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": false, "bytes_in": 150, "payload_entropy": 5.1641746057920015, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 3001, "risk_waf": 20, "risk_classification": 50, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.7, "risk_breakdown": { "waf": 20, "classification": 50, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 30, "tag_count": 2, "anomaly_count": 0, "campaign_key": "4ffe4b65d907ae4df6fe65eb9a4bb858b9da0e5b", "event_fingerprint": "c498f46ecbeeaf6fc2e39e347811c9d16b1d1959", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "82a0cea2412ff8dfa5f8ad72409a36a9", "payload_hash": "a5ff5aebe4036363967b049376cd1b26", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 3001, "service": "http" }, "attack_stage": "recon", "mitre_tactics": [ "TA0043" ], "threat_family": [ "scanner" ], "confidence": 0.71, "classification_confidence": 0.71, "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:3001\r\nUser-Agent: SuperBot\/4.4.0.60 (Windows XP)\r\nAccept-Charset: utf-8\r\nAccept-Encoding: gzip\r", "event_signature": "b7b68951af06b0c6eb956fd7d6dba07c6e4d68fe", "ban_policy": "advisory_monitor", "tags_list": [ "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	4200	http	web attack	Élevée	Moyen · 53
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 4200 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/28.0.1469.0 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:4200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chr Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "7185f30ba8440ebb308eea46fb7df79899b4d4c0", "http_host_hash": "202dfa5994cddfa4461947e8f26132d28ea51d2e", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 226, "payload_entropy": 5.413331491745344, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 4200, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3.8, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 53, "tag_count": 4, "anomaly_count": 0, "campaign_key": "117b5e74c21c880d9cbeb224f9c6eb0b6360be67", "event_fingerprint": "2668f4ba1fa4af5378d720481e0599565102757e", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "824933b0322176a6594c6fb50705a2c3", "payload_hash": "c5ab4ce1bc2e994cc699bc49df950c01", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 4200, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:4200\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML like Gecko) Chr", "event_signature": "44bbb4ae53a80f4290ca1aaed9348b95fd20a74d", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	3000	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 3000 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:3000 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Geck Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "a662c2610146cfbed485fa980b4b7b0a9f9c9314", "http_host_hash": "46f5955a67387b75de712e640b0687c888a438e5", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 234, "payload_entropy": 5.408271795713656, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 3000, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "22bf0ff0a3d38a90be30df96f412ab4c299e256d", "event_fingerprint": "0a214565a1a673fa2b423a6100124922e6892757", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "51e44e403dbf8886f2d3f77a0b2e42bc", "payload_hash": "1be8a1db3b01dd373bfd22b17cbab7fd", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 3000, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:3000\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Geck", "event_signature": "481bbe60461ad576f517c4658a160fa7b72455c5", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	15672	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 15672 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:15672 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, l Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "414c1ce4a2a36fefd6389dff6fb7eb1d5eb7d6b9", "http_host_hash": "e20166832ab649ed459a27600c089133ceb1b121", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 242, "payload_entropy": 5.39202740150976, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 15672, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.1, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "c570f6bf644266bd4194108d9f04185525bb1e1a", "event_fingerprint": "41206d74dac44439f5d9683cf64f215af82fdaba", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "0d8b125df587cd5ef24619bc5800fad0", "payload_hash": "9a3e289ee1dd6db3d0be2a2f86e0125f", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 15672, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:15672\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit\/537.36 (KHTML, l", "event_signature": "3afb37c89cc57c43bb59a52e4507dd24e85fe835", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	4000	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 4000 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.105 Safari/537.36 Vivaldi/2.4.1488.38 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:4000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) C Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "e42d9b25b33a9a965e2b098812cb7ba945c1afb7", "http_host_hash": "5a30b201b081f924484c2a6ee02c44ce0b4f15e6", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 250, "payload_entropy": 5.421824697238707, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 4000, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "bdf383433b715874629fd59859f34d506d56cc95", "event_fingerprint": "0ea067270d2e316b585bfc66ffca155fa7845982", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "045c5d4b351689587ee026560a8d4b18", "payload_hash": "ee4f5987d7d12a486e5dd90f2abb5b32", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 4000, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:4000\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) C", "event_signature": "394b3b72425fd35737c267bec9b76887e0afd050", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	4848	http	port scan fast	Élevée	Faible · 36
Étape Reconnaissance MITRE TA0043 WAF 9 Recommandation Surveiller Tags 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 4848 Chemin / cible / Confiance classification 74% Tactiques MITRE TA0043 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) baidu.sogo.uc.Chrome/36.0.1985.125 Safari/537.36 Règles WAF 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:4848 User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) baidu.sog Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "3631e44fcff0a9bb51648feb6c3bc8b25b47bc1d", "http_host_hash": "cf5ec6180d41be2eb2189c72200cd50a6617bc53", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 236, "payload_entropy": 5.3917076659449386, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 4848, "risk_waf": 44, "risk_classification": 50, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3, "risk_breakdown": { "waf": 44, "classification": 50, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 36, "tag_count": 3, "anomaly_count": 0, "campaign_key": "1a15640706f2ce04695dd053e4808c6c6d5b8ca0", "event_fingerprint": "7981a32e4fb8cf4c802cd0a3acc26d413412ccb2", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "ed7b71d4e5b0e277368163929280adf3", "payload_hash": "34b4e0702e087be9cc33a0388388d5aa", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 4848, "service": "http" }, "attack_stage": "recon", "mitre_tactics": [ "TA0043" ], "threat_family": [ "scanner" ], "confidence": 0.74, "classification_confidence": 0.74, "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:4848\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) baidu.sog", "event_signature": "7225169c3a04ec69f4a16f5a96cf22b09cceb525", "ban_policy": "advisory_monitor", "tags_list": [ "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	2379	http	web attack	Élevée	Moyen · 56
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 17 Recommandation Investiguer Tags 950318:lfi-14 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 2379 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent NokiaN73-1/3.0649.0.0.1 Series60/3.0 Profile/MIDP2.0 Configuration/CLDC-1.1 Règles WAF 950318:lfi-14 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:2379 User-Agent: NokiaN73-1/3.0649.0.0.1 Series60/3.0 Profile/MIDP2.0 Configuration/CLDC-1.1 Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "dca4d3bdabad517f73120fdabe50623bbba6237b", "http_host_hash": "5d6a0f825efad99b3fccf17c8b6d0547385a0b8b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": false, "bytes_in": 195, "payload_entropy": 5.2371447832589455, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 2379, "risk_waf": 76, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.1, "risk_breakdown": { "waf": 76, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 56, "tag_count": 4, "anomaly_count": 0, "campaign_key": "d98135074935cfbd8a0e1ecd1291ca3117686c5a", "event_fingerprint": "9a5680c5bfc317ccb0391ddc03e976dd307321e8", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "c87d3d1e213ad2db8b6f072ad7c7329e", "payload_hash": "1e3346c7b6dd54509a2c63084211819e", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 2379, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:2379\r\nUser-Agent: NokiaN73-1\/3.0649.0.0.1 Series60\/3.0 Profile\/MIDP2.0 Configuration\/CLDC-1.1\r\n", "event_signature": "ceff6e819641f732a9b671ec63fb239319b97a8e", "ban_policy": "advisory_investigate", "tags_list": [ "950318:lfi-14", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	5000	http	web attack	Élevée	Moyen · 52
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 5000 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:5000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "08e4a8b80e9d1a46010f8fc07ad2584ec744a301", "http_host_hash": "b3fecad1903fbad7bf672cc5a25c971b97553846", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 235, "payload_entropy": 5.396094480712291, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 5000, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 2.8, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 52, "tag_count": 4, "anomaly_count": 0, "campaign_key": "79b88d03425ae685b2ed866e11e8fc1139265034", "event_fingerprint": "3024d9920f2996e17c5a46971074636df84fe371", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "5a523d50e5ef7b3e09dbe85aa141e148", "payload_hash": "62324019f82ac5f386e38bcc32be4de5", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 5000, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:5000\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gec", "event_signature": "f1660e11ac1f1fd225c7a4f577864377fc38fc7b", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7070	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7070 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 YaBrowser/19.7.2.516 Yowser/2.5 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7070 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) C Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "3193618939b6335e1b558e3963348f9119abb96c", "http_host_hash": "4a5cd81ea3b5d66e331d177417c1b6ed0067dc7d", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 262, "payload_entropy": 5.422922543390782, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7070, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "131d9935351d5bac312081b44140b2b40bcfcc92", "event_fingerprint": "e65e077a249adbc6a0ab7dc31a2ba31ce54de52c", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "679e177f8419850897b7d280f4c5074c", "payload_hash": "b3d17b430356972d2ae3b5cbe3907241", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7070, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7070\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) C", "event_signature": "4dd6f4a79d2ffde209a81eee5bda04caf0d053e6", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7001	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7001 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36 OPR/63.0.3368.17 (Edition beta) Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7001 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "a02c0f8b84ba7493f7f8f97d10eb0c0de20724dc", "http_host_hash": "1e75f7b986cff91f40ab57cbc92b6aed66f05c5b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 260, "payload_entropy": 5.411670109128055, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7001, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "842c39bc5e03b7338b3df4a0ac1134accd324ddc", "event_fingerprint": "33f23c22a886c7c924e60d1573d46a86664e1fa3", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "5ad202994ca4cdcc7e2c2766b8644362", "payload_hash": "a9b551091aeac1421e92162ff24ebdf9", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7001, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7001\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Ch", "event_signature": "c6fc3d7e12cf210984bccb8544e9f7741afb189c", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	5601	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 5601 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3876.0 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:5601 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "32327fff8b51993e2a11eaa1f03a55f19f9a3e6a", "http_host_hash": "0e6e37a3aba52797339f42933431830756a0515c", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 223, "payload_entropy": 5.414455130133447, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 5601, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "f83d912a80e1dc591fa0ca4693469f24cffc867f", "event_fingerprint": "e8d0b41de628ce83f53aa1d89bff66cb69bd84c6", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "374e594fff7d90fcc3f4c27b624d5da4", "payload_hash": "eea4ddf296c06493baa8ba67efa507cf", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 5601, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:5601\r\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome", "event_signature": "3771565ec4d2662fab6292a81e23a3e1dae16b66", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	6080	http	web attack	Élevée	Moyen · 52
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 6080 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:6080 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Geck Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "89ad0029b2143d93cc8b33793d4548b188b94014", "http_host_hash": "7ebe258015f7d693a75a6850de5051866e607999", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 234, "payload_entropy": 5.400688729428113, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 6080, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 52, "tag_count": 4, "anomaly_count": 0, "campaign_key": "6b96a0c0391abb4eaad6d67530abeef7427d8a57", "event_fingerprint": "8cce53d7f8d52795e2f6adcfe89bea24e0cfe9e0", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "3cb77f1b08fff0e3aa55b35e3dcb3934", "payload_hash": "2f773f07ef64483ed162d02cd0b3877f", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 6080, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:6080\r\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Geck", "event_signature": "14e7e69dc8e178760951dc4b973f22f1630b7711", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7443	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7443 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 7.0; SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7443 User-Agent: Mozilla/5.0 (Linux; Android 7.0; SM-G930F) AppleWebKit/537.36 (KHTML, like Ge Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d52ae5fd0587f0a8d63d73f658e4cfe1f696d2c4", "http_host_hash": "3207cc58a88e4dd65c61f1b1f14e699cc0722bbe", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 243, "payload_entropy": 5.424193959173766, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7443, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "c8dea1c7afaba528320eed455ef84c2105c6ddca", "event_fingerprint": "65a6aec2c286f04b92c6b204a513895455fd7b36", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "34d1b3e31734a3b6e2d4550317d88d1a", "payload_hash": "a30b6e581965d5ebea691c2efe6e044a", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7443, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7443\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 7.0; SM-G930F) AppleWebKit\/537.36 (KHTML, like Ge", "event_signature": "808804938769259c5464f2090ed2759e76f3a849", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	591	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 591 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3722.400 QQBrowser/10.5.3739.400 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:591 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d3186112ff4871be51d5d4d848cdbdff5c2acfde", "http_host_hash": "d63885d1f1b06da9a39b56d573e583c2216d3a11", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 271, "payload_entropy": 5.413027530089921, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 591, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "f981ee96a4b901a71c5cf7842dd55c43be091300", "event_fingerprint": "42264efc2417173e4ad004caae8735b1735baa75", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "3db18e6622666e10d6e284295d9ee94e", "payload_hash": "0d39b53df0ff915fd7cb0d1466573d85", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 591, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:591\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Ch", "event_signature": "88805002f86811f5b125d5cd80d94cc3233ad83e", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7000	http	port scan fast	Élevée	Faible · 38
Étape Reconnaissance MITRE TA0043 WAF 9 Recommandation Surveiller Tags 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7000 Chemin / cible / Confiance classification 74% Tactiques MITRE TA0043 Ligne de requête `GET / HTTP/1.1` User-Agent Nokia3230/2.0 (5.0614.0) SymbianOS/7.0s Series60/2.1 Profile/MIDP-2.0 Configuration/CLDC-1.0 Règles WAF 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7000 User-Agent: Nokia3230/2.0 (5.0614.0) SymbianOS/7.0s Series60/2.1 Profile/MIDP-2.0 Configu Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "ca029386f37c458f005b38decae94ad3bec334e5", "http_host_hash": "f4cd03bd384ec9c074f88197b1bd825ace7739f8", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": false, "bytes_in": 212, "payload_entropy": 5.306374315279915, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7000, "risk_waf": 44, "risk_classification": 50, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5, "risk_breakdown": { "waf": 44, "classification": 50, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 38, "tag_count": 3, "anomaly_count": 0, "campaign_key": "11d891e343746139dd1522dbe66762d366010fdf", "event_fingerprint": "0d8139cee07d7bfad8c0e0be83adc1bcaf8a4775", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "3bd8e3ae6c2d0c3cf652daf12fc343d9", "payload_hash": "199451fcca0833e1cb0f900282ff6030", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7000, "service": "http" }, "attack_stage": "recon", "mitre_tactics": [ "TA0043" ], "threat_family": [ "scanner" ], "confidence": 0.74, "classification_confidence": 0.74, "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7000\r\nUser-Agent: Nokia3230\/2.0 (5.0614.0) SymbianOS\/7.0s Series60\/2.1 Profile\/MIDP-2.0 Configu", "event_signature": "3b0493667194a3a6166de179c5cbda0178c2d2e7", "ban_policy": "advisory_monitor", "tags_list": [ "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7860	http	web attack	Élevée	Moyen · 45
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 10 Recommandation Surveiller Tags 950326:rce-0 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7860 Chemin / cible / Confiance classification 89% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/4.77 [en] (X11; I; IRIX;64 6.5 IP30) Règles WAF 950326:rce-0 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7860 User-Agent: Mozilla/4.77 [en] (X11; I; IRIX;64 6.5 IP30) Accept-Charset: utf-8 Accept-E Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d9dbb92bc335b22f6ec5b04e7d5bbbbabdebda3e", "http_host_hash": "2c150a2d584bc4a893931e17fa43c152a5272207", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 164, "payload_entropy": 5.298488278152828, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7860, "risk_waf": 48, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3.8, "risk_breakdown": { "waf": 48, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 45, "tag_count": 3, "anomaly_count": 0, "campaign_key": "3e18911a7c58eda4c5660017724355a5e935c02c", "event_fingerprint": "2008c8a336a5f73fca65415aa78afacf59906693", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "6ea8bcede07d0daa1ddae621e82e36c4", "payload_hash": "3677476529624d2d4821649e42733cfd", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7860, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.89, "classification_confidence": 0.89, "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7860\r\nUser-Agent: Mozilla\/4.77 [en] (X11; I; IRIX;64 6.5 IP30)\r\nAccept-Charset: utf-8\r\nAccept-E", "event_signature": "bfbe27dabd56acb76a95080ce48ca96d1471e8d1", "ban_policy": "advisory_monitor", "tags_list": [ "950326:rce-0", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	6443	http	web attack	Élevée	Élevé · 70
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 24 Recommandation Investiguer Tags 950318:lfi-14 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 6443 Chemin / cible / Confiance classification 95% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; U; Android 2.3.3; en-us ; LS670 Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1/UCBrowser/8.6.1.262/145/355 Règles WAF 950318:lfi-14 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:6443 User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; en-us ; LS670 Build/GRI40) AppleWebKit/ Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "b206f54df7518d0d9989d507d00c471c2aa25c95", "http_host_hash": "351fc269988a63c4812bddbab1cd3e029c6e78ed", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 282, "payload_entropy": 5.4264763263371645, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 6443, "risk_waf": 100, "risk_classification": 100, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 25, "risk_boost": 0, "risk_granularity": 5.9, "risk_breakdown": { "waf": 100, "classification": 100, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 25 }, "risk_score": 70, "tag_count": 5, "anomaly_count": 0, "campaign_key": "1b107561876cbe6006224797840ebc2723394be0", "event_fingerprint": "8ce03c4f9964eafcbc207b01d08505124632be23", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "c3056adb2656f1a981d9b647821a6fa7", "payload_hash": "16c802f95c42012f1f7c810533cf4cbd", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 6443, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.95, "classification_confidence": 0.95, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:6443\r\nUser-Agent: Mozilla\/5.0 (Linux; U; Android 2.3.3; en-us ; LS670 Build\/GRI40) AppleWebKit\/", "event_signature": "985777091ec7dd44cc918925b8c6a0e1c3df5be1", "ban_policy": "advisory_investigate", "tags_list": [ "950318:lfi-14", "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8000	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8000 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092814 (Debian-3.0.1-1) Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8000 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092814 (Debia Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "af95654136764219f3e1be062b59f67c138da948", "http_host_hash": "41a3ed4cfa5a8936a4f11872041ee115510696e1", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 207, "payload_entropy": 5.340939302934183, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8000, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "c71aabd419a9a5f18a85f0a673c3de22d88ce0b1", "event_fingerprint": "bb53a50fb9f27e39f24daebf0514a384aa0f2730", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "6ad009cbfe015d0ea51aa1bd68d4dfd3", "payload_hash": "94288016de1c09167e909b7f0f0fbdfa", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8000, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8000\r\nUser-Agent: Mozilla\/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko\/2008092814 (Debia", "event_signature": "62295ab668e45ef600b58d48b9a17e7918965845", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	7474	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 7474 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:7474 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, li Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "26256ae137bd4c078bf51108cfca2a4811363f6e", "http_host_hash": "2df95539a96a20738833a48b75074144966cdea9", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 241, "payload_entropy": 5.411896038499979, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 7474, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "d1f2cfeb6b78518206d5e0ad395dd88ec7ea16ee", "event_fingerprint": "e07e56880ad29abb412a430b78e44b63d38742f8", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "4efa66e4bf9401c2f006c800e3c5ba2f", "payload_hash": "c76a6775310a1369687c0221d10f193f", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 7474, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:7474\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit\/537.36 (KHTML, li", "event_signature": "5763f11defed2d35d43728c33f5543c2cfd7e72c", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8001	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8001 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8001 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "e927dd779001199eaf2d6efd910fcf650cf2b826", "http_host_hash": "29d114ae8a3567c5f1863f5bd79c5d398a432fe8", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 239, "payload_entropy": 5.31275606440804, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8001, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "72ee582be739903b9878b98062397e30380b9881", "event_fingerprint": "0d3b59414d6a560b38d5aca940caf62deadce2f4", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "11475c2e17a7d058b47d1364ed362417", "payload_hash": "e5887894c64fde09b3d7c4543f707224", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8001, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8001\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/605.1.15 (KHTML, ", "event_signature": "723c010dbce24b3cad637bec15ac30ecb60e48f0", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8081	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8081 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 9; Moto Z3 Play) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8081 User-Agent: Mozilla/5.0 (Linux; Android 9; Moto Z3 Play) AppleWebKit/537.36 (KHTML, like Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "b5f3cfc9aac8f40ab78abbd74d626a60daca3aa9", "http_host_hash": "1994c0ff95f3f16c5fa9177d852edc4f1a4a8a24", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 245, "payload_entropy": 5.396362598491809, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8081, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "b79bed7e967366f94aa5d0447683e4fc63845127", "event_fingerprint": "5d6ad92d251d9193b43dda092fbbeb5706c0ab69", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "b8b4cdbcca20c508aff568ee71d510f9", "payload_hash": "5c61b4d439a89dc56bc80aa87e1f3636", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8081, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8081\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 9; Moto Z3 Play) AppleWebKit\/537.36 (KHTML, like ", "event_signature": "daf735ccb216738a17af11746d79091e0e6d209b", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true, "behavior_alert_count": 1, "behavior_priority": 72 }
04/06/2026 09:33:23 UTC	TCP	8082	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8082 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8082 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "59cac4dd88a7d21e151f6fa41e61a51abfc618f5", "http_host_hash": "7a8d0e6c280b76f893f1d973fb51ae53b8bb4673", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 235, "payload_entropy": 5.4074547778176365, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8082, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "bbad2eea22cad851308c7bf7f2d9a7742d49e196", "event_fingerprint": "1a1c461561c8747fdaef68cb4e18c2288e532d82", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "f65ab56be44f2c108e3a23f2ae2af7f9", "payload_hash": "7ea03665fbf0dbabb1436cccfc5e3292", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8082, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8082\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gec", "event_signature": "c7d9094641b6493707d118137f5ceea033fc86c2", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8080	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8080 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 9; COL-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8080 User-Agent: Mozilla/5.0 (Linux; Android 9; COL-L29) AppleWebKit/537.36 (KHTML, like Gecko Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "a7adbc6c50877ad0889851c6d3849498adc7bb64", "http_host_hash": "c9908f9a31aefa5902e21ee9fa132cbe056c536d", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 240, "payload_entropy": 5.420466405943125, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8080, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "d1fc0d6d438870de795062ee290dc42e7294b662", "event_fingerprint": "5d0b1f96b1f1257fd0e98e0d537c9ec89e8e500b", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "0721c80a11d0dcf46b9e47f21bcd3d98", "payload_hash": "8dc360f0e759a57ded579917251e81cd", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8080, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8080\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 9; COL-L29) AppleWebKit\/537.36 (KHTML, like Gecko", "event_signature": "92a307ebde88d154da43a22027e3b8a915735b4b", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8085	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8085 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 8.0.0; SM-G935F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8085 User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G935F) AppleWebKit/537.36 (KHTML, like Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "a7ef0bcebe0bdc9f8d9ce22bcf1aac4b6aab624c", "http_host_hash": "8307e910dac7083f4f0d52abcc8375f89d55b254", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 245, "payload_entropy": 5.40466845116054, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8085, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.4, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "6a7f69891c02e9940ab9847c570f834438254854", "event_fingerprint": "39b0e5af9c5a517e28c065fe67fd86bf8be318fa", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "df15bd5e6457d72adcbd668478fbb1ca", "payload_hash": "452029cdf231d55d71f9061d6014f1f9", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8085, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8085\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 8.0.0; SM-G935F) AppleWebKit\/537.36 (KHTML, like ", "event_signature": "5533ec44b5d0bdc9e3be63e595ca339fe5101353", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8084	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8084 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8084 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, li Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "0b6fd7af11bb38000a0c46abf9f5d62b3f261250", "http_host_hash": "52139ff216422f6e734a2f69155b92f0ec67e9f8", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 241, "payload_entropy": 5.427557604934905, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8084, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "904122db41003032462e728a53bcc69346eebdb3", "event_fingerprint": "48a526e05534d8539f5d9361c06873fd5b78138c", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "1914ace14bafaf2ce57443cbe6bfee4e", "payload_hash": "0cf7c65c6b571eb365e88eac5cfaaf06", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8084, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8084\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, li", "event_signature": "6fd9f64c3ac96b8562173482ba38495b91f14a3f", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true, "behavior_alert_count": 1, "behavior_priority": 72 }
04/06/2026 09:33:23 UTC	TCP	8083	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8083 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.6 (Change: ) Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8083 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/527 (KHTML, like Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "42aff5147cf7c08a0557db4155e4cb2be8b6bd1a", "http_host_hash": "21e69ce58b85e5f3297487d2897913a40772a115", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 239, "payload_entropy": 5.387893372607403, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8083, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.1, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "5de211acafd6ed1366db7d49cee6b23ecec60294", "event_fingerprint": "62d4eeba1cc4b5ca47438af904934b965571dcd1", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "63e64dde5b9c5fc25e241813b9c3ce69", "payload_hash": "5c922bc9927082530b357010f2fad728", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8083, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8083\r\nUser-Agent: Mozilla\/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit\/527 (KHTML, like", "event_signature": "1216e4b4c4a5563f6d083c0421453297162630be", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8088	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8088 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML/4.8.4 (like Gecko) Konqueror/4.8 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8088 User-Agent: Mozilla/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML/4.8.4 (like Gecko) Ko Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "1142aace171bdc96dab7feede9d4ef7bf73b6f94", "http_host_hash": "5af561107125d8ccc4aac442a3b8b5dee6769a85", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 208, "payload_entropy": 5.317585074648807, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8088, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "e35a576fea19b3e077bc167da8920c419b5fdf68", "event_fingerprint": "a563300b1d474c823109704c2548b5e19c7e5c6b", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "16fa4c68e54b2d26a3caf99a15f514fb", "payload_hash": "b6bdd40b633d1d714b3ebd5f1baf9607", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8088, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8088\r\nUser-Agent: Mozilla\/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML\/4.8.4 (like Gecko) Ko", "event_signature": "928007fee2ad1a57661091b5b2970bf4239086fb", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8091	http	web attack	Élevée	Moyen · 51
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8091 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3829.0 Safari/537.36 Edg/77.0.197.1 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8091 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, li Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d5bc7869cd4fbd2ef273bcf056088d910a4af1f7", "http_host_hash": "b22ca25a7baac25858e9bd99f69f5034d25af4fc", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 254, "payload_entropy": 5.42742639274239, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8091, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 1.4, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 51, "tag_count": 4, "anomaly_count": 0, "campaign_key": "87e9cc3ca967b7506b0cc70cc3a5cdb8e69bf5ad", "event_fingerprint": "88d2f3dee6266b3a2f2af8ec77c07acbac1dc626", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "5cf5617683bc9b549fa51ba45dc47ac3", "payload_hash": "5cfe32ddf84ba082f180c5f7018a21c4", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8091, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8091\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit\/537.36 (KHTML, li", "event_signature": "abacbde5cee84988c71b9bbf5236047d11ebe982", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8086	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8086 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML like Gecko) Version/6.0.2 Safari/536.26.17 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8086 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML l Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "18baebc31ef70b1e291af230dc7070ad6a4b261f", "http_host_hash": "dca14bd323afb7abea7bafa539fc0b23ad09cfc0", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 238, "payload_entropy": 5.355037491885072, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8086, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "57b1b0f667cc5aa6546fd7f78dc587d2ce878056", "event_fingerprint": "a1073d6e7312f4509bc9c7edf9f3762a646af123", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "48e0655d0896428817e0482c143e4968", "payload_hash": "282f7c1adafa5b9ec03bc6a635aac8ff", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8086, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8086\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit\/536.26.17 (KHTML l", "event_signature": "01fc062c78f76644a9ea3158ec9f625bda2e05fa", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8089	http	web attack	Élevée	Moyen · 56
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8089 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3887.0 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8089 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "9c901fc90cec65e9c437a5c159b057ea26d0a3b2", "http_host_hash": "6e7855f9d1ec5b350040e6a7fa2c7046d35c68a6", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 233, "payload_entropy": 5.415701096908449, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8089, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 56, "tag_count": 4, "anomaly_count": 0, "campaign_key": "9f837a2817ba15cf5327a458d4c39edf030ecf23", "event_fingerprint": "eaf2aa1b99fdff53af5f8e89713c79ce3cae66d9", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "6da193ba001c53441a3e1f1fa1205dc4", "payload_hash": "03d11cb8ac40cf7fe7072b0b65b5056a", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8089, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8089\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gec", "event_signature": "170c0e15a53b548955d589aa6dca2bb73ef9bd5f", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8090	http	web attack	Élevée	Moyen · 56
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8090 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 9; ELE-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8090 User-Agent: Mozilla/5.0 (Linux; Android 9; ELE-L09) AppleWebKit/537.36 (KHTML, like Gecko Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "d4213e87f50f2b1ff1f423219d60cd9df84a9cee", "http_host_hash": "112b403ea5b0e3a7d0d331ab96d728785c3ab96b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 240, "payload_entropy": 5.400063918642125, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8090, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 6.2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 56, "tag_count": 4, "anomaly_count": 0, "campaign_key": "2e28f266e1237e4a48c51224c22b0966ebc91c99", "event_fingerprint": "5c9c041aa25f12c34da0e1a5056d4cabea430c86", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "f8e440f448c37585e3d439a7ebcaf6f8", "payload_hash": "1e03211258e3a0a92de0999abf8886f1", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8090, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8090\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 9; ELE-L09) AppleWebKit\/537.36 (KHTML, like Gecko", "event_signature": "f96f9e62f501c3255ebf2f8b518953a1a012a801", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	81	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 81 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; Linux) KHTML/4.9.1 (like Gecko) Konqueror/4.9 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:81 User-Agent: Mozilla/5.0 (X11; Linux) KHTML/4.9.1 (like Gecko) Konqueror/4.9 Accept-Charset Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "7f300c248d821d7fe29523ff69b76363ae596c11", "http_host_hash": "f257870e26046e30cbd03e9d5726ca53aa58b86f", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 181, "payload_entropy": 5.292790272932393, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 81, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.4, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "5bbba6aeade62bd31c141463736dc8f6d08bf776", "event_fingerprint": "03badc3551a4f44339f123528b3672cbfed8ce84", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "a781b6646114f735c52343f8ebb40337", "payload_hash": "1401c3e32a51a337971fd8a586260689", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 81, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:81\r\nUser-Agent: Mozilla\/5.0 (X11; Linux) KHTML\/4.9.1 (like Gecko) Konqueror\/4.9\r\nAccept-Charset", "event_signature": "2e6a6375fd40e60a7ab3f2394d17e9b99ee5c952", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	82	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 82 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20091020 Linux Mint/8 (Helena) Firefox/3.5.3 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:82 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20091020 Linux Mint Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "038d67f7cb15cee33be4e05dc9be2e1b9da8accb", "http_host_hash": "b00c56701bd04898edc8a488547d32d613363649", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 222, "payload_entropy": 5.336555473939456, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 82, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.6, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "71f4d351eec7d9f4da635bedd8ec7ab357ee6e26", "event_fingerprint": "3910520ce2e27dc60ec47f904bd09e741f7a5b25", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "0d3250f8bf779602760ccd8f5d62701b", "payload_hash": "673b4e40fa4e69ec02bd5e5f1464b701", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 82, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:82\r\nUser-Agent: Mozilla\/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko\/20091020 Linux Mint", "event_signature": "a185ffd4b7aa57dba62265d4084671d76c1b7c5a", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8161	http	web attack	Élevée	Moyen · 52
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8161 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8161 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, li Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "7382b5f3b254c99a0d40bda7aefd386539e0be7a", "http_host_hash": "66eb19834a7c23530413a6e482ea0316c4442029", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 241, "payload_entropy": 5.410786468088572, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8161, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 2.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 52, "tag_count": 4, "anomaly_count": 0, "campaign_key": "2778520de0b100d1f58e80a7cbdd8256b0773c9f", "event_fingerprint": "234f2d90290caec885bb8b2a023e8a7cb06ea436", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "6a2411e8c5387a0c6ebf7396c4178f0a", "payload_hash": "b4bd8bde0aab14b0e6e3758c621e3b8d", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8161, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8161\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, li", "event_signature": "4ef9577077b1332e50b10b1f4d6e58881888aa46", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8181	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8181 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8181 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, li Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "fdaa4c1e1de66370701fdf4860e77b1c763f15b4", "http_host_hash": "ee4df8d877d42e60dadcf85bc1e968589c2d406f", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 241, "payload_entropy": 5.41229903230683, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8181, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "1f28e80a9ac594863a4a8a3306fcbd771776b48b", "event_fingerprint": "e7cfe430b8ff4cf059638c3bb986c75c2cecbb9f", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "c3bbdc96b5aa6b0b36251a9ea5cdb741", "payload_hash": "398c5045907a8924b25e76796fd69a87", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8181, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8181\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit\/537.36 (KHTML, li", "event_signature": "09ddc1b3d4f2656b793c3316e27e9e5955a18fae", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8099	http	web attack	Élevée	Moyen · 52
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8099 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Opera/9.80 (Android; Opera Mini/42.0.2254/150.36; U; en) Presto/2.12.423 Version/12.16 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8099 User-Agent: Opera/9.80 (Android; Opera Mini/42.0.2254/150.36; U; en) Presto/2.12.423 Vers Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "1ed05b2b572aa9e090b6e4edbfa1bbe1743d5a23", "http_host_hash": "611196ff5d5ba8288e3fb0ff9b6947637bff1fee", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": false, "bytes_in": 206, "payload_entropy": 5.189356955068222, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8099, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 2.7, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 52, "tag_count": 4, "anomaly_count": 0, "campaign_key": "da2dfaa784c87b07ceeb537eb3ff566b69b4e414", "event_fingerprint": "4157c06c1244d8ab43e52742eb1932a4162102ab", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "3ac9346159c9f73d2efa53e116b09720", "payload_hash": "c8fe7197fc227b0b55296bb056ff2f27", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8099, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8099\r\nUser-Agent: Opera\/9.80 (Android; Opera Mini\/42.0.2254\/150.36; U; en) Presto\/2.12.423 Vers", "event_signature": "0579bfaf78be5ce9cdb1fb8f9638f9360eed8f39", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	84	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 84 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:84 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "6f17a13af1cc2638fa53211ad072064c1467da80", "http_host_hash": "de907e50aa859065aaba4f80e4cfc6d5e637955d", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 233, "payload_entropy": 5.424713395063427, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 84, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.9, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "0f8a08fc0dabb721acc892cdecc2c47bed13aa8b", "event_fingerprint": "2df48adaba64bd53fdae2973fad5f0570b3ec59e", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "8cfbdf0bbf2eb578e80b9a525490baed", "payload_hash": "b64ca2954da125930b8482859a7dce33", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 84, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:84\r\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko", "event_signature": "bab31d60fdf78bf202eb1a7eb472e989d92ea250", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	83	http	web attack	Élevée	Moyen · 54
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 83 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 9; Redmi Note 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.89 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:83 User-Agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 7) AppleWebKit/537.36 (KHTML, like Ge Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "34ca293b30dcd30d0b19b0257f6282c416f50fb0", "http_host_hash": "694048aafc409256f88bc22a99ef68d4a126a60b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 242, "payload_entropy": 5.374494215565617, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 83, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 4.8, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 54, "tag_count": 4, "anomaly_count": 0, "campaign_key": "14de645bd59d1b5262b0032403868de3b45399a3", "event_fingerprint": "5c0a54d5926f9cbe9b07d022dc66268bf40f900b", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "b5d3de5a91b310cca721e869d16b9803", "payload_hash": "33b7e74c85ca49d76a5befe338f11fcb", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 83, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:83\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 9; Redmi Note 7) AppleWebKit\/537.36 (KHTML, like Ge", "event_signature": "ea8037bedccf6767c4d1b7ecb9352d89036325e4", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8443	http	web attack	Élevée	Moyen · 53
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8443 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8443 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "996641f78ada5ff12803e09839c97ee755e0bc7d", "http_host_hash": "ca23b5d84feb2280b2be7602d1fc165f90b06f00", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 224, "payload_entropy": 5.440835253402854, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8443, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3.2, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 53, "tag_count": 4, "anomaly_count": 0, "campaign_key": "ee2413ddad3fd5b233fedb37b674d6557572db32", "event_fingerprint": "4154ab47dfda1f3ac2c7c41e23b448ef31b46bbb", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "1756293008967ecc9f3456953a631f41", "payload_hash": "f4b0da934990b7a487f1ba9ffb872df4", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8443, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8443\r\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome", "event_signature": "5e69beadfe67d368ef85f0f5d32ea045f59c365e", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	8200	http	web attack	Élevée	Moyen · 45
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 10 Recommandation Surveiller Tags 950326:rce-0 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 8200 Chemin / cible / Confiance classification 89% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0 ) Règles WAF 950326:rce-0 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:8200 User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0 ) Accept-Charset: utf-8 A Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "7691ebc02be0c1bcb39b1eb7d6d21e416d6d4ce7", "http_host_hash": "1b085ed71e3453f90e6fb0c42be126e42e28af3b", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 171, "payload_entropy": 5.250150393851231, "port_category": "registered", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 8200, "risk_waf": 48, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 3.6, "risk_breakdown": { "waf": 48, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 45, "tag_count": 3, "anomaly_count": 0, "campaign_key": "4de977822a40add743b5c36bf6611a57c4bd9fbb", "event_fingerprint": "6c4768aa538d866c5a90b33482cd6c18bfb8d868", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "8bb1926c067b589520f38c26dca8d31c", "payload_hash": "b1e6c7ce3f6931070844b060d955e447", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 8200, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.89, "classification_confidence": 0.89, "recommended_client_action": "monitor", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:8200\r\nUser-Agent: Mozilla\/4.0 (compatible; MSIE 5.5; Windows NT 5.0 )\r\nAccept-Charset: utf-8\r\nA", "event_signature": "18ca033b3df8bad3e06bc8332c4d6c09cfffc08f", "ban_policy": "advisory_monitor", "tags_list": [ "950326:rce-0", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }
04/06/2026 09:33:23 UTC	TCP	85	http	web attack	Élevée	Moyen · 55
Étape Tentative d'exploit MITRE TA0001 TA0002 WAF 16 Recommandation Investiguer Tags 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path net_port_scan_fast Cible HTTP GET / TLS SNI — Capteur paris-1
Preuve / Evidence Méthode GET Port 85 Chemin / cible / Confiance classification 92% Tactiques MITRE TA0001 TA0002 Ligne de requête `GET / HTTP/1.1` User-Agent Mozilla/5.0 (Linux; Android 9; SM-G965F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 Règles WAF 950326:rce-0 950470:nosqli-3 950734:sap-sapcontrol-path Payload (extrait) GET / HTTP/1.1 Host: 62.3.50.33:85 User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G965F) AppleWebKit/537.36 (KHTML, like Gecko) Meta JSON brut { "http_header_count": 5, "http_query_params": 0, "http_path_depth": 0, "http_path_ext": null, "http_ua_hash": "b3d22f895da9c2c4215ef423052260fc316ffda8", "http_host_hash": "29631142709d39bee607e41cbb81ae54d3741f51", "http_target_hash": "42099b4af021e53fd8fd4e056c2568d7c2e3ffa8", "http_referer_hash": null, "http_method": "GET", "http_ua_is_cli": false, "http_ua_is_browser": true, "bytes_in": 238, "payload_entropy": 5.412709336754602, "port_category": "well_known", "org": "Google LLC", "service": "http", "app_proto": "http", "asn": 396982, "country": "IN", "dst_port": 85, "risk_waf": 72, "risk_classification": 80, "risk_behavior": 0, "risk_geo": 40, "risk_protocol": 25, "risk_novelty": 15, "risk_boost": 0, "risk_granularity": 5.1, "risk_breakdown": { "waf": 72, "classification": 80, "behavior": 0, "geo": 40, "protocol": 25, "novelty": 15 }, "risk_score": 55, "tag_count": 4, "anomaly_count": 0, "campaign_key": "bb24f644bdb00ef56d8428289b8e158844ea7c85", "event_fingerprint": "4ec847958addbdd4cda218c4ffc4dc2090ae484a", "city": null, "is_datacenter": true, "is_tor_hint": false, "geo": { "country": "IN", "asn": 396982, "org": "Google LLC", "is_datacenter": true, "is_tor_hint": false }, "fingerprint": { "http_ua_hash": "d20b07ded14e724ade48f5e902451797", "payload_hash": "99fdc421bd4e22ca8b9cb62fc3559b53", "path_pattern_hash": "8a5edab282632443219e051e4ade2d1d" }, "target_context": { "dst_port": 85, "service": "http" }, "attack_stage": "exploit_attempt", "mitre_tactics": [ "TA0001", "TA0002" ], "threat_family": [ "unknown" ], "confidence": 0.92, "classification_confidence": 0.92, "recommended_client_action": "investigate", "policy_mode": "intelligence", "sensor_role": "threat_intelligence", "payload_preview": "GET \/ HTTP\/1.1\r\nHost: 62.3.50.33:85\r\nUser-Agent: Mozilla\/5.0 (Linux; Android 9; SM-G965F) AppleWebKit\/537.36 (KHTML, like Gecko)", "event_signature": "f6cf7ed2c4ce16ef5a4a0065ff71c00960cada40", "ban_policy": "advisory_investigate", "tags_list": [ "950326:rce-0", "950470:nosqli-3", "950734:sap-sapcontrol-path", "net_port_scan_fast" ], "asn_dc_heuristic": true }

34.93.237.238

Pourquoi listée

Comparaison ASN / FAI

IPs apparentées

Activité multi-protocole

Géolocalisation

FAI / réseau

Renseignement menaces

Filtres

Timeline

Ports 24 h

Top ports

Top classifications

Heatmap attaques 7j

Chronologie des événements

Comparaison côte à côte

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence

Preuve / Evidence