SCARD

Suspicious activity by IP address 149.50.97.236

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Sat, 11 Apr 2026 04:38:33 (Australia/Brisbane)

Summary of suspicious activity by IP address 149.50.97.236

Description	Count
ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)	2
ET WEB_SERVER /etc/passwd Detected in URI	2
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3	1
ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)	1
ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity	1
ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability	1
ET WEB_SERVER PHP tags in HTTP POST	1
ET INFO Spring Boot Actuator Health Check Request	1
ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228)	1
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965)	1
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965)	1
ET WEB_SERVER SQL Injection Select Sleep Time Delay	1
ET EXPLOIT Apache Struts 2 REST Plugin Vulnerability (CVE-2017-9805)	1
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2	1
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965)	1
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)	1
ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)	1
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965)	1
ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI	1
ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2	1

Detailed activity by IP address 149.50.97.236

Timestamp	Description	Protocol	Destination Port
2026-04-11 04:38:33	ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER /etc/passwd Detected in URI	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)	TCP	80
2026-04-11 04:38:33	ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER PHP tags in HTTP POST	TCP	80
2026-04-11 04:38:33	ET INFO Spring Boot Actuator Health Check Request	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965)	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER SQL Injection Select Sleep Time Delay	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Apache Struts 2 REST Plugin Vulnerability (CVE-2017-9805)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER /etc/passwd Detected in URI	TCP	80
2026-04-11 04:38:33	ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965)	TCP	80
2026-04-11 04:38:33	ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI	TCP	80
2026-04-11 04:38:33	ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2	TCP	80
2026-04-11 04:38:32	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)	TCP	80