big dump from known log4j/log4shell malicious ip adresses unique and sorted update once a hour only if changes were made! (CVE-2021-44228) happy hunting
This script is parsing a lot of Source so this list maybe has a lot of false positives don't block all ips in your firewall!
- add Whitelist [ONGOING]
- better regex exclude local ip adresses [X]
- add support for domains []
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
- https://github.com/Akikazuu/Apache-Log4j-RCE-Attempt
- https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
- https://gist.github.com/ycamper/26e021a2b5974049d113738d51e7641d
- https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
- https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
- https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
- https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
- https://tweetfeed.live/search.html
- https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
- https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/master/log4j_ip.intel
- https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
- https://urlhaus.abuse.ch/browse/tag/log4j/
- https://threatfox.abuse.ch/browse/tag/CVE-2021-44228/ ( and log4j)
- https://github.com/threatmonit/Log4j-IOCs
- https://raw.githubusercontent.com/eromang/researches/main/CVE-2021-44228/README.md
- https://github.com/Humoud/log4j_payloads
- https://gist.github.com/yt0ng/8a87f4328c8c6cde327406ef11e68726
- https://github.com/LogRhythm-Labs/log4Shell