IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community

log4j_exploitation_attempts_crowdsec.md

This list is no longer updated, thus the information is no longer reliable.

You can see the latest version (from october 2022) here

Hello,
New Log4j attack from IP : 98.0.242.10 to an C&C server with this IP 185.8.172.132

The following IPs are registered on behalf of datagridsurface.com which can be checked with a simple lookup

172.104.230.136,scan4.datagridsurface.com.
172.104.230.214,scan5.datagridsurface.com.
172.104.230.234,scan2.datagridsurface.com.
172.104.230.246,scan3.datagridsurface.com.
172.104.230.25,scan1.datagridsurface.com.
194.233.160.160,scan6.datagridsurface.com.
194.233.160.161,scan9.datagridsurface.com.
194.233.160.162,scan7.datagridsurface.com.
194.233.160.164,scan8.datagridsurface.com.
194.233.160.165,scan10.datagridsurface.com.

194.163.182.89 is trying other fuzzing techniques besides log4j

194.163.182.89 is trying other fuzzing techniques besides log4j

You're right @avipars - this is actually reported on CrowdSec CTI page which you can find here : https://app.crowdsec.net/cti/194.163.182.89

194.163.182.89 is trying other fuzzing techniques besides log4j

You're right @avipars - this is actually reported on CrowdSec CTI page which you can find here : https://app.crowdsec.net/cti/194.163.182.89

are you working for them? the page is behind a paywall... please share the details here

194.163.182.89 is trying other fuzzing techniques besides log4j

You're right @avipars - this is actually reported on CrowdSec CTI page which you can find here : https://app.crowdsec.net/cti/194.163.182.89

are you working for them? the page is behind a paywall... please share the details here
Hey @avipars
There is no paywall, it just requires creating a free account (only user email and password are necessary). Then you can use the Console to monitor your CrowdSec instances - if you have any - or to explore the CTI - an API is also available