{"ip":"59.120.121.145","exported_at":"2026-06-19T10:10:09+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 100\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":8148276,"ip":"59.120.121.145","ts":"2026-06-01 18:04:10.000000","proto":"tcp","src_port":2786,"dst_port":8082,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/pmd\/index.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00222c635ad650d01cbd2c0fc2f45522f3404c434adb\u0022, \u0022http_host_hash\u0022: \u00227a8d0e6c280b76f893f1d973fb51ae53b8bb4673\u0022, \u0022http_target_hash\u0022: \u00228d1717e978103288d9531d8d7a2d4c48c6174cd4\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 346, \u0022payload_entropy\u0022: 5.530366818608647, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002231097debb340a2b99818a06ccc5a387951904819\u0022, \u0022event_fingerprint\u0022: \u002296cee9d3ab15a61dd4fd090a7624849055050662\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8082","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3464.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":9,"bytes_in":346},{"id":8148275,"ip":"59.120.121.145","ts":"2026-06-01 18:04:08.000000","proto":"tcp","src_port":2227,"dst_port":8082,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/phpmyadmin\/index.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00222c635ad650d01cbd2c0fc2f45522f3404c434adb\u0022, \u0022http_host_hash\u0022: \u00227a8d0e6c280b76f893f1d973fb51ae53b8bb4673\u0022, \u0022http_target_hash\u0022: \u0022d9d69039afb2ecff72da068cd4d55fa567bb6898\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 353, \u0022payload_entropy\u0022: 5.533784343332826, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u00225f3c046566bd7e26e6ac4368ccc20bbd801c4547\u0022, \u0022event_fingerprint\u0022: \u00228e32d819d01cbaf2f9352f3d8427331bac080bf8\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_phpmyadmin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8082","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3464.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_phpmyadmin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":353},{"id":7776366,"ip":"59.120.121.145","ts":"2026-05-27 05:01:45.000000","proto":"tcp","src_port":57352,"dst_port":8080,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022fc54e0d16d9764783542f0146a98b300\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 95, \u0022payload_entropy\u0022: 4.635464058053652, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae8aaa5d2da047e9d18bfdd1c0dcf377a2a56573\u0022, \u0022event_fingerprint\u0022: \u0022da224639bd626ae7101449b5874b9d57a6abe066\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"fc54e0d16d9764783542f0146a98b300","tls_ja3":"769,49162-49161-49172-49171-53-47-10,10-11-35-23-65281,29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":95},{"id":7776367,"ip":"59.120.121.145","ts":"2026-05-27 05:01:45.000000","proto":"tcp","src_port":57362,"dst_port":8080,"service":"tls","classification":"tls_probe","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022tls_ja3_hash\u0022: \u0022fc54e0d16d9764783542f0146a98b300\u0022, \u0022tls_sni\u0022: null, \u0022bytes_in\u0022: 95, \u0022payload_entropy\u0022: 4.560691394393017, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022tls\u0022, \u0022app_proto\u0022: \u0022tls\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 2, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 57, \u0022campaign_key\u0022: \u0022ae8aaa5d2da047e9d18bfdd1c0dcf377a2a56573\u0022, \u0022event_fingerprint\u0022: \u0022da224639bd626ae7101449b5874b9d57a6abe066\u0022, \u0022tags_list\u0022: [\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]}","tls_sni":null,"tls_ja3_hash":"fc54e0d16d9764783542f0146a98b300","tls_ja3":"769,49162-49161-49172-49171-53-47-10,10-11-35-23-65281,29-23-24,0","http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[\u0022tls_ja3\u0022, \u0022tls_no_sni\u0022]","anomalies":"[]","severity":4,"bytes_in":95},{"id":7776365,"ip":"59.120.121.145","ts":"2026-05-27 05:01:44.000000","proto":"tcp","src_port":57338,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022]","http_method":"GET","http_target":"\/manager\/html","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002271582f7cec1d198915fac5fc7c73ef396f2954d6\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u0022471948290e7410d0a5241ee075d920bc17a92486\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 219, \u0022payload_entropy\u0022: 5.400365626619456, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022777879c8e8fdb85566f8be70f1c83b9cc1faacca\u0022, \u0022event_fingerprint\u0022: \u0022c43fe5976edbb9a5155cc5cb78aedb31eb61dc82\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022, \u0022http_probe_manager\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"User-Agent:Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022, \u0022http_probe_manager\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":219},{"id":7776364,"ip":"59.120.121.145","ts":"2026-05-27 05:01:43.000000","proto":"tcp","src_port":57326,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022]","http_method":"GET","http_target":"\/manager\/html","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: null, \u0022http_ua_hash\u0022: \u002271582f7cec1d198915fac5fc7c73ef396f2954d6\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u0022471948290e7410d0a5241ee075d920bc17a92486\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 219, \u0022payload_entropy\u0022: 5.400365626619456, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 5, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022777879c8e8fdb85566f8be70f1c83b9cc1faacca\u0022, \u0022event_fingerprint\u0022: \u0022c43fe5976edbb9a5155cc5cb78aedb31eb61dc82\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022, \u0022http_probe_manager\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"User-Agent:Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950613:tomcat-manager\u0022, \u0022http_probe_manager\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":219},{"id":7763804,"ip":"59.120.121.145","ts":"2026-05-26 20:44:12.000000","proto":"tcp","src_port":36801,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/pmd\/index.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00222c635ad650d01cbd2c0fc2f45522f3404c434adb\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u00228d1717e978103288d9531d8d7a2d4c48c6174cd4\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 346, \u0022payload_entropy\u0022: 5.521447262749745, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 3, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022c5a240e262a7bc63e8f70a890dc3374543b32b4a\u0022, \u0022event_fingerprint\u0022: \u00224204fa87c54cabce0ee7b00dd47f82d6544f6260\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3464.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":9,"bytes_in":346},{"id":7763802,"ip":"59.120.121.145","ts":"2026-05-26 20:44:10.000000","proto":"tcp","src_port":36462,"dst_port":8080,"service":"http","classification":"web_attack","waf_score":19,"waf_tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022]","http_method":"GET","http_target":"\/phpmyadmin\/index.php","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 5, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 2, \u0022http_path_ext\u0022: \u0022php\u0022, \u0022http_ua_hash\u0022: \u00222c635ad650d01cbd2c0fc2f45522f3404c434adb\u0022, \u0022http_host_hash\u0022: \u0022c9908f9a31aefa5902e21ee9fa132cbe056c536d\u0022, \u0022http_target_hash\u0022: \u0022d9d69039afb2ecff72da068cd4d55fa567bb6898\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022GET\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: true, \u0022bytes_in\u0022: 353, \u0022payload_entropy\u0022: 5.525041662519284, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022Data Communication Business Group\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 3462, \u0022country\u0022: \u0022TW\u0022, \u0022tag_count\u0022: 6, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u0022071a4502963db20849ef2471001bb156443e27e0\u0022, \u0022event_fingerprint\u0022: \u0022621dc338ba2bbc25988f0f04b290f37b8d11d17e\u0022, \u0022tags_list\u0022: [\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_phpmyadmin\u0022, \u0022http_sensitive_path\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"HTTP\/1.1","http_host":"62.3.50.33:8080","http_user_agent":"Mozilla\/5.0 (Windows NT 10.0; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3464.0 Safari\/537.36","http_referer":null,"tags":"[\u0022950326:rce-0\u0022, \u0022950468:nosqli-3\u0022, \u0022950470:nosqli-3\u0022, \u0022http_admin_panel_probe\u0022, \u0022http_probe_phpmyadmin\u0022, \u0022http_sensitive_path\u0022]","anomalies":"[]","severity":9,"bytes_in":353}],"total_events":8}