SCARD

Suspicious activity by IP address 94.26.88.31

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Apr 2026 05:46:19 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 94.26.88.31

Description Count
SERVER-OTHER Apache Log4j logging remote code execution attempt 6
ET WEB_SERVER /etc/passwd Detected in URI 4
ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) 4
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 2
SERVER-WEBAPP PHPUnit PHP remote code execution attempt 2
SERVER-WEBAPP Facade Ignition remote code execution attempt 2
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 2
ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) 2
SERVER-APACHE Apache Struts remote code execution attempt 2
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) 2
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965) 2
ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability 2
ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI 2
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965) 2
ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798) 2
SERVER-WEBAPP Grafana getPluginAssets path traversal attempt 2
ET WEB_SERVER PHP tags in HTTP POST 2
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965) 2
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965) 2
ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity 2
ET INFO Spring Boot Actuator Health Check Request 2
ET EXPLOIT Apache Struts 2 REST Plugin Vulnerability (CVE-2017-9805) 2
ET WEB_SERVER SQL Injection Select Sleep Time Delay 2
ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2 2
ET HUNTING Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) 2
ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) 2

Detailed activity by IP address 94.26.88.31

Timestamp Description Protocol Destination Port
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2 TCP 80
2026-04-14 05:46:19 SERVER-APACHE Apache Struts remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP Grafana getPluginAssets path traversal attempt TCP 80
2026-04-14 05:46:19 ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 TCP 80
2026-04-14 05:46:19 SERVER-APACHE Apache Struts remote code execution attempt TCP 80
2026-04-14 05:46:19 ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 TCP 80
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET WEB_SERVER /etc/passwd Detected in URI TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP Facade Ignition remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 TCP 80
2026-04-14 05:46:19 ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 TCP 80
2026-04-14 05:46:19 ET HUNTING Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER SQL Injection Select Sleep Time Delay TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP Facade Ignition remote code execution attempt TCP 80
2026-04-14 05:46:19 ET WEB_SERVER /etc/passwd Detected in URI TCP 80
2026-04-14 05:46:19 ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity TCP 80
2026-04-14 05:46:19 ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability TCP 80
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET HUNTING Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER /etc/passwd Detected in URI TCP 80
2026-04-14 05:46:19 ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2 TCP 80
2026-04-14 05:46:19 ET WEB_SERVER SQL Injection Select Sleep Time Delay TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache Struts 2 REST Plugin Vulnerability (CVE-2017-9805) TCP 80
2026-04-14 05:46:19 ET INFO Spring Boot Actuator Health Check Request TCP 80
2026-04-14 05:46:19 ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache Struts 2 REST Plugin Vulnerability (CVE-2017-9805) TCP 80
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-14 05:46:19 SERVER-WEBAPP Grafana getPluginAssets path traversal attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER /etc/passwd Detected in URI TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI TCP 80
2026-04-14 05:46:19 ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability TCP 80
2026-04-14 05:46:19 ET INFO Spring Boot Actuator Health Check Request TCP 80
2026-04-14 05:46:19 SERVER-OTHER Apache Log4j logging remote code execution attempt TCP 80
2026-04-14 05:46:19 ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) TCP 80
2026-04-14 05:46:19 ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965) TCP 80
2026-04-14 05:46:18 ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) TCP 80
2026-04-14 05:46:18 ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) TCP 80

 

Back to top