{"ip":"81.16.177.200","exported_at":"2026-06-21T02:29:30+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":100,"attack_stage":"exploit_attempt","attack_chain_stage":null,"threat_family":["unknown"],"recommended_action":"investigate","confidence":0.92,"risk_breakdown":{"waf":100,"classification":100,"behavior":0,"geo":0,"protocol":25,"novelty":15},"mitre_tactics":["TA0001","TA0002"],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":"risque 60\/100","campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":92,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":"OPTIONS sip:62.3.50.33:5060 SIP\/2.0\r\nVia: SIP\/2.0\/TCP 81.16.177.200:15617;branch=z9hG4bK3fc072dcb286436c9e88e56505d18aeb;rport","target_port_label":"5060","emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":"OPTIONS sip:62.3.50.33:5060 SIP\/2.0\r\nVia: SIP\/2.0\/TCP 81.16.177.200:15617;branch=z9hG4bK3fc072dcb286436c9e88e56505d18aeb;rport"},"events":[{"id":8230845,"ip":"81.16.177.200","ts":"2026-06-04 14:51:46.000000","proto":"tcp","src_port":15617,"dst_port":5060,"service":"http","classification":"web_attack","waf_score":28,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]","http_method":"OPTIONS","http_target":"sip:62.3.50.33:5060","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u002233:5060\u0022, \u0022http_ua_hash\u0022: \u0022ce207c59267a635b306413fc472297f88648418f\u0022, \u0022http_host_hash\u0022: null, \u0022http_target_hash\u0022: \u0022798e38d7545b0e7b6561ac7162b981eb0969a3f7\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022OPTIONS\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 374, \u0022payload_entropy\u0022: 5.427368471916497, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022PebbleHost Ltd\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 212027, \u0022country\u0022: \u0022GB\u0022, \u0022dst_port\u0022: 5060, \u0022risk_waf\u0022: 100.0, \u0022risk_classification\u0022: 100.0, \u0022risk_behavior\u0022: 0.0, \u0022risk_geo\u0022: 0.0, \u0022risk_protocol\u0022: 25.0, \u0022risk_novelty\u0022: 15.0, \u0022risk_boost\u0022: 0, \u0022risk_granularity\u0022: 2.5, \u0022risk_breakdown\u0022: {\u0022waf\u0022: 100.0, \u0022classification\u0022: 100.0, \u0022behavior\u0022: 0.0, \u0022geo\u0022: 0.0, \u0022protocol\u0022: 25.0, \u0022novelty\u0022: 15.0}, \u0022risk_score\u0022: 60, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022campaign_key\u0022: \u002217a9335371f674add033e71c57db4b89f4dc52de\u0022, \u0022event_fingerprint\u0022: \u0022e07f670aa764ffb6d966cf47c4072b512e601a00\u0022, \u0022city\u0022: null, \u0022is_datacenter\u0022: false, \u0022is_tor_hint\u0022: false, \u0022geo\u0022: {\u0022country\u0022: \u0022GB\u0022, \u0022asn\u0022: 212027, \u0022org\u0022: \u0022PebbleHost Ltd\u0022, \u0022is_datacenter\u0022: false, \u0022is_tor_hint\u0022: false}, \u0022fingerprint\u0022: {\u0022http_ua_hash\u0022: \u002230586fec1dff35e44e38dd1673d21d18\u0022, \u0022payload_hash\u0022: \u0022c01d0561229af3ac9255da17a55bdfc4\u0022, \u0022path_pattern_hash\u0022: \u0022ab15fc5eaa8a1dcb5d9622a2cdea3004\u0022}, \u0022target_context\u0022: {\u0022dst_port\u0022: 5060, \u0022service\u0022: \u0022http\u0022}, \u0022attack_stage\u0022: \u0022exploit_attempt\u0022, \u0022mitre_tactics\u0022: [\u0022TA0001\u0022, \u0022TA0002\u0022], \u0022threat_family\u0022: [\u0022unknown\u0022], \u0022confidence\u0022: 0.92, \u0022classification_confidence\u0022: 0.92, \u0022recommended_client_action\u0022: \u0022investigate\u0022, \u0022policy_mode\u0022: \u0022intelligence\u0022, \u0022sensor_role\u0022: \u0022threat_intelligence\u0022, \u0022payload_preview\u0022: \u0022OPTIONS sip:62.3.50.33:5060 SIP\/2.0\\r\\nVia: SIP\/2.0\/TCP 81.16.177.200:15617;branch=z9hG4bK3fc072dcb286436c9e88e56505d18aeb;rport\\r\\n\u0022, \u0022event_signature\u0022: \u00220b33fd82530fee85671ce3757190cb9322a49be5\u0022, \u0022ban_policy\u0022: \u0022advisory_investigate\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"SIP\/2.0","http_host":null,"http_user_agent":"Asterisk PBX","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":10,"bytes_in":374},{"id":8052835,"ip":"81.16.177.200","ts":"2026-05-31 17:14:52.000000","proto":"tcp","src_port":23492,"dst_port":5060,"service":"http","classification":"web_attack","waf_score":28,"waf_tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]","http_method":"OPTIONS","http_target":"sip:62.3.50.33:5060","sensor_id":"paris-1","meta":"{\u0022http_header_count\u0022: 9, \u0022http_query_params\u0022: 0, \u0022http_path_depth\u0022: 1, \u0022http_path_ext\u0022: \u002233:5060\u0022, \u0022http_ua_hash\u0022: \u0022ce207c59267a635b306413fc472297f88648418f\u0022, \u0022http_host_hash\u0022: null, \u0022http_target_hash\u0022: \u0022798e38d7545b0e7b6561ac7162b981eb0969a3f7\u0022, \u0022http_referer_hash\u0022: null, \u0022http_method\u0022: \u0022OPTIONS\u0022, \u0022http_ua_is_cli\u0022: false, \u0022http_ua_is_browser\u0022: false, \u0022bytes_in\u0022: 374, \u0022payload_entropy\u0022: 5.453375932139075, \u0022port_category\u0022: \u0022registered\u0022, \u0022org\u0022: \u0022PebbleHost Ltd\u0022, \u0022service\u0022: \u0022http\u0022, \u0022app_proto\u0022: \u0022http\u0022, \u0022asn\u0022: 212027, \u0022country\u0022: \u0022GB\u0022, \u0022tag_count\u0022: 4, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 100, \u0022campaign_key\u0022: \u002217a9335371f674add033e71c57db4b89f4dc52de\u0022, \u0022event_fingerprint\u0022: \u0022e07f670aa764ffb6d966cf47c4072b512e601a00\u0022, \u0022tags_list\u0022: [\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":"SIP\/2.0","http_host":null,"http_user_agent":"Asterisk PBX","http_referer":null,"tags":"[\u0022950318:lfi-14\u0022, \u0022950326:rce-0\u0022, \u0022950382:rce-14\u0022, \u0022950470:nosqli-3\u0022]","anomalies":"[]","severity":10,"bytes_in":374}],"total_events":2}