{"ip":"35.229.210.209","exported_at":"2026-06-19T03:38:45+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7394629,"ip":"35.229.210.209","ts":"2026-05-20 10:14:59.000000","proto":"tcp","src_port":54930,"dst_port":5000,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022]","http_method":"GET","http_target":"\/.git\/config","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022git\/config\u0022, \u0022http_ua_hash\u0022: \u00229faced58df8301c5ac44eb79f34b75907bd11f44\u0022, \u0022http_host_hash\u0022: \u0022b3fecad1903fbad7bf672cc5a25c971b97553846\u0022, \u0022http_target_hash\u0022: \u0022e2f253eab0d0cf5422d24d22ae2a4954398768df\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 256, \u0022payload_entropy\u0022: 5.449099099113465, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002213fbc768237b8b19a7a8a2417db672383c4e2553\u0022, \u0022event_fingerprint\u0022: \u002219b151d5c66aba1fbfa6792edc3cf3cec820932b\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:5000","http_user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/74.0.3729.158 Safari\/537.36 Vivaldi\/2.5.1525.43","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":256},{"id":7394626,"ip":"35.229.210.209","ts":"2026-05-20 10:14:56.000000","proto":"tcp","src_port":54920,"dst_port":5000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.780325554192812, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u0022a8a8387c46fb822ec0fee64988716327e7947622\u0022, \u0022event_fingerprint\u0022: \u0022d1c9a45570fa3d0555d1a174b49578334476bf81\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239},{"id":7390974,"ip":"35.229.210.209","ts":"2026-05-20 09:20:55.000000","proto":"tcp","src_port":58964,"dst_port":9000,"service":"http","classification":"web_attack","waf_score":27,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022]","http_method":"GET","http_target":"\/.git\/config","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022git\/config\u0022, \u0022http_ua_hash\u0022: \u002242aff5147cf7c08a0557db4155e4cb2be8b6bd1a\u0022, \u0022http_host_hash\u0022: \u0022064fbdc555932d23d67bf2591639f6b292b96102\u0022, \u0022http_target_hash\u0022: \u0022e2f253eab0d0cf5422d24d22ae2a4954398768df\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 250, \u0022payload_entropy\u0022: 5.367921602432462, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 7, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022f15572a3bb008ef01fc5ad1220c7af02b62d6720\u0022, \u0022event_fingerprint\u0022: \u0022dbe80d29f7ea5f245ac72c81736ea079f5c68f9d\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:9000","http_user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit\/527  (KHTML, like Gecko, Safari\/419.3) Arora\/0.6 (Change: )","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022950513:leak-0\u0022, \u0022http_git_exposure\u0022, \u0022http_probe_git\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":10,"bytes_in":250},{"id":7390970,"ip":"35.229.210.209","ts":"2026-05-20 09:20:53.000000","proto":"tcp","src_port":58950,"dst_port":9000,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u002219e29534fd49dd27d09234e639c4057e\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 239, \u0022payload_entropy\u0022: 5.82911908009712, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Google LLC\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 396982, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 33, \u0022campaign_key\u0022: \u002218b593716f896b20639f8677ff8ebe3b2b7240f6\u0022, \u0022event_fingerprint\u0022: \u0022bb101e6d879071449f55e7c10b9e973a2843328f\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"19e29534fd49dd27d09234e639c4057e","tls_ja3":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,5-10-11-13-65281-18-43-51,29-23-24-25,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":2,"bytes_in":239}],"total_events":4}