{"ip":"35.200.154.105","exported_at":"2026-06-17T19:14:04+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7358593,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35746,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.prod.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u002262ac45c41cf6caf6d57eb7fee8525038d771ec6e\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e0f4d8c475ba7860adfbc6fce1ef729836b642b1\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 276, \u0022payload_entropy\u0022: 5.36981314926463, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u00220321bf982d17762859216f807d4e4c15199af863\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 8.1.0; Moto G (5S) Plus) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.101 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":276},{"id":7358594,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35760,"dst_port":4000,"service":"http","classification":"slowloris","waf_score":0,"waf_tags":"[]","http_method":"GET","http_target":"\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002244ed0afa8746adac16a171f407fb51bfdd7e4caa\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00227b2b7ebe0d1721daf94292067a4ae0d6cbe8c63f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 149, \u0022payload_entropy\u0022: 5.102582280022817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 1, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 79, \u0022campaign_key\u0022: \u002274f69dae3d8d1c89b267d5c644858133bbbd5e9d\u0022, \u0022event_fingerprint\u0022: \u00222bf524910c2a340f1663e0407da9577230df6797\u0022, \u0022tags_list\u0022: [\u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Web Downloader\/6.9","http_referer":null,"tags":"[\u0022net_slowloris\u0022]","anomalies":"[]","severity":6,"bytes_in":149},{"id":7358595,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35758,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/actuator\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00229c901fc90cec65e9c437a5c159b057ea26d0a3b2\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u002257c7b57505a6059efee991237c1b23d9415a7380\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 253, \u0022payload_entropy\u0022: 5.390616993697966, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00222de32dbc847197afc739042bf2b5b045606b092e\u0022, \u0022event_fingerprint\u0022: \u002232411ee9fece7b8694f0b5a15b06cc2fc2df8d30\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/78.0.3887.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":9,"bytes_in":253},{"id":7358596,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35772,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022f31318025c33d5235f2e347599555fad4f7917a2\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022660c7b4347bf3800a8aad95388e8118ff019e99c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 195, \u0022payload_entropy\u0022: 5.289850555268881, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 8, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00226dcb9a4293b72a39e62351d61879714d4da1ba18\u0022, \u0022event_fingerprint\u0022: \u00226eb5c27383699b86eeb6fcebb82e38d06896f147\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Midori\/0.1.10 (X11; Linux i686; U; en-us) WebKit\/(531).(2)","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":10,"bytes_in":195},{"id":7358597,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35782,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022f5afc8d7c4957c93e4a79f6871fdbcfa35f49089\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e21806654ce2590b315b5416bfe50be110ce70cc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 253, \u0022payload_entropy\u0022: 5.42513026414606, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u0022578298710a9e4a38da475e9f396e9ad1c23a3028\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 8.0.0; SM-G930F) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.111 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":253},{"id":7358598,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35788,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u0022c9506acc9347b55f05450c94707c9cb4aa524734\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022284ed5c0f139fefe102f54c41fbd64a2a9a5ffd9\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 259, \u0022payload_entropy\u0022: 5.395549750761868, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u00229807cfab6bed40f37884804d453b25fcb87075b2\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/73.0.3683.103 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":259},{"id":7358599,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35798,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler\/phpinfo","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022ed9b215da6d1db83e11a82875289d9e0c24c2f00\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00224d5c8cc60e244e010de08df3dccb35229cb291c5\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 258, \u0022payload_entropy\u0022: 5.384065069967996, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022dc4529a97a4c62ef02f0a9c40b0cb17928ca36a7\u0022, \u0022event_fingerprint\u0022: \u00226e8d0f34e88c8dee47eb987511c39175f4a3353e\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 7.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.121 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":9,"bytes_in":258},{"id":7358600,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35822,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002264439aed95b30a235434c6331ba7d89444e2a3d8\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00227cd11541411a8975365dee10f115f2fd3534f499\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 256, \u0022payload_entropy\u0022: 5.422896128367442, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u002215b96fbf63a5a95895c65fbf3b90200442649883\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/78.0.3879.0 Safari\/537.36 Edg\/78.0.249.1","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":256},{"id":7358601,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35838,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022390b16722b73cf7ae62607c2f6523ed529003141\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022ebac263a482818b6e7a922df98cc560bbc808a0a\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 228, \u0022payload_entropy\u0022: 5.462207831520947, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227db6bc616e668b5147238c5baea30a2527790331\u0022, \u0022event_fingerprint\u0022: \u00226e8629d56ae71b1cc987f1b8652bda1fcd12cc2a\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/74.0.3729.169 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":228},{"id":7358602,"ip":"35.200.154.105","ts":"2026-05-19 22:55:38.000000","proto":"tcp","src_port":35814,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00228ba7ee7baf185439b4532ff6d673cb715a8d8932\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e32661bb9cbe8cb5f3660b341b6704d87fd4cb7c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 151, \u0022payload_entropy\u0022: 5.060879082731967, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00228e344149d1ff181173b90318fa271c82d5e9b6fd\u0022, \u0022event_fingerprint\u0022: \u0022fce6212b7a25d511fc7edc2a794d9738bef2ed5e\u0022, \u0022tags_list\u0022: [\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Googlebot-Image\/1.0","http_referer":null,"tags":"[\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":151},{"id":7358573,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35540,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.7845986857692875, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358574,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35608,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.81850587843158, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358575,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35602,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.779274569786521, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358576,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35586,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.8667865084723, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358577,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35556,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.8805205387692006, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358578,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35566,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.97756298214582, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358579,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35588,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.85932527653592, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358580,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35620,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.829490133272218, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358581,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35630,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.9367015329060635, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358582,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35568,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.875751912849108, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358583,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35646,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.prod.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u002262ac45c41cf6caf6d57eb7fee8525038d771ec6e\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e0f4d8c475ba7860adfbc6fce1ef729836b642b1\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 276, \u0022payload_entropy\u0022: 5.36981314926463, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022b6618e5389e09a66b2a3ab19a49b6ccd6854b64d\u0022, \u0022event_fingerprint\u0022: \u00220321bf982d17762859216f807d4e4c15199af863\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 8.1.0; Moto G (5S) Plus) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/75.0.3770.101 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":8,"bytes_in":276},{"id":7358584,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35664,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/actuator\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00229c901fc90cec65e9c437a5c159b057ea26d0a3b2\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u002257c7b57505a6059efee991237c1b23d9415a7380\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 253, \u0022payload_entropy\u0022: 5.390616993697966, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00220086c7802b2d4ad2b7b205c0172f2fa0ac42597f\u0022, \u0022event_fingerprint\u0022: \u002232411ee9fece7b8694f0b5a15b06cc2fc2df8d30\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/78.0.3887.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":253},{"id":7358585,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35654,"dst_port":4000,"service":"http","classification":"http","waf_score":0,"waf_tags":"[]","http_method":"GET","http_target":"\/configprops","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002244ed0afa8746adac16a171f407fb51bfdd7e4caa\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00227b2b7ebe0d1721daf94292067a4ae0d6cbe8c63f\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 149, \u0022payload_entropy\u0022: 5.102582280022817, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 5, \u0022campaign_key\u0022: \u0022cd3179e64ca49020334d73cf2924b4e92989919f\u0022, \u0022event_fingerprint\u0022: \u002298db3b40b3e4d4b63e31bcc4905e849f32b8db62\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Web Downloader\/6.9","http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":149},{"id":7358586,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35668,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":26,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022f31318025c33d5235f2e347599555fad4f7917a2\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022660c7b4347bf3800a8aad95388e8118ff019e99c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 195, \u0022payload_entropy\u0022: 5.289850555268881, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00226fded1d550f343e5dc0f911f686bac7155b2c687\u0022, \u0022event_fingerprint\u0022: \u00226eb5c27383699b86eeb6fcebb82e38d06896f147\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Midori\/0.1.10 (X11; Linux i686; U; en-us) WebKit\/(531).(2)","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":195},{"id":7358587,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35682,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/heapdump","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022f5afc8d7c4957c93e4a79f6871fdbcfa35f49089\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e21806654ce2590b315b5416bfe50be110ce70cc\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 253, \u0022payload_entropy\u0022: 5.42513026414606, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u0022578298710a9e4a38da475e9f396e9ad1c23a3028\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 8.0.0; SM-G930F) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.111 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":253},{"id":7358588,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35690,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler\/phpinfo","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022ed9b215da6d1db83e11a82875289d9e0c24c2f00\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00224d5c8cc60e244e010de08df3dccb35229cb291c5\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 258, \u0022payload_entropy\u0022: 5.384065069967996, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022dc4529a97a4c62ef02f0a9c40b0cb17928ca36a7\u0022, \u0022event_fingerprint\u0022: \u00226e8d0f34e88c8dee47eb987511c39175f4a3353e\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 7.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.121 Mobile Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":9,"bytes_in":258},{"id":7358589,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35702,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/docker-compose.yml","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u0022yml\u0022, \u0022http_ua_hash\u0022: \u0022c9506acc9347b55f05450c94707c9cb4aa524734\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022284ed5c0f139fefe102f54c41fbd64a2a9a5ffd9\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 259, \u0022payload_entropy\u0022: 5.395549750761868, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u00229807cfab6bed40f37884804d453b25fcb87075b2\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/73.0.3683.103 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":259},{"id":7358590,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35724,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/profiler","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002264439aed95b30a235434c6331ba7d89444e2a3d8\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u00227cd11541411a8975365dee10f115f2fd3534f499\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 256, \u0022payload_entropy\u0022: 5.422896128367442, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022e71507cd89c07b5f71360ee41e8f7c6ffad1fe18\u0022, \u0022event_fingerprint\u0022: \u002215b96fbf63a5a95895c65fbf3b90200442649883\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/78.0.3879.0 Safari\/537.36 Edg\/78.0.249.1","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":256},{"id":7358591,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35714,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u0022390b16722b73cf7ae62607c2f6523ed529003141\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022ebac263a482818b6e7a922df98cc560bbc808a0a\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 228, \u0022payload_entropy\u0022: 5.462207831520947, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00227db6bc616e668b5147238c5baea30a2527790331\u0022, \u0022event_fingerprint\u0022: \u00226e8629d56ae71b1cc987f1b8652bda1fcd12cc2a\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/74.0.3729.169 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950470:nosqli-3\u0022, \u0022http_probe_env\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":228},{"id":7358592,"ip":"35.200.154.105","ts":"2026-05-19 22:55:36.000000","proto":"tcp","src_port":35732,"dst_port":4000,"service":"http","classification":"web_attack","waf_score":13,"waf_tags":"[\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022]","http_method":"GET","http_target":"\/actuator\/env","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u00228ba7ee7baf185439b4532ff6d673cb715a8d8932\u0022, \u0022http_host_hash\u0022: \u00225a30b201b081f924484c2a6ee02c44ce0b4f15e6\u0022, \u0022http_target_hash\u0022: \u0022e32661bb9cbe8cb5f3660b341b6704d87fd4cb7c\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 151, \u0022payload_entropy\u0022: 5.060879082731967, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00228e344149d1ff181173b90318fa271c82d5e9b6fd\u0022, \u0022event_fingerprint\u0022: \u0022fce6212b7a25d511fc7edc2a794d9738bef2ed5e\u0022, \u0022tags_list\u0022: [\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:4000","http_user_agent":"Googlebot-Image\/1.0","http_referer":null,"tags":"[\u0022950468:nosqli-3\u0022, \u0022950612:spring-actuator\u0022, \u0022http_actuator_probe\u0022, \u0022http_probe_actuator\u0022, \u0022http_sensitive_path\u0022, \u0022net_slowloris\u0022]","anomalies":"[]","severity":8,"bytes_in":151},{"id":7358561,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35438,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.867251149607744, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358562,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35450,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.95465339087867, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358563,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35462,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.740527446011285, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358564,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35468,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.902752790194091, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358565,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35480,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.850878597064533, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358566,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35494,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.858736781809252, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358567,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35500,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.780989395497642, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358568,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35512,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.817459791742092, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358569,"ip":"35.200.154.105","ts":"2026-05-19 22:55:35.000000","proto":"tcp","src_port":35528,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.863984542699267, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7358560,"ip":"35.200.154.105","ts":"2026-05-19 22:55:34.000000","proto":"tcp","src_port":35434,"dst_port":4000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.8964938321761995, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022dc2d3c16b02f3e52da4c2593d7648b8e46ffb7ef\u0022, \u0022event_fingerprint\u0022: \u0022eaff0b270831f87db62f8fbc717cd80f5931449e\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239}],"total_events":40}