Skip to main content
Back to Security Snacks
Blooms
Log4J
Log4Shell

A Domain Bloom in Progress: log4j Domains

Published on: 
December 15, 2021
On This Page
Share:

Indicator List: log4j domains as of 12/15/21

What’s interesting here from the perspective of Internet infrastructure is that the domain registrations that are occurring, where the domain name contains the string “log4j,” seem to be following the pattern of Domain Blooms. A Domain Bloom is a pattern where the number of domains containing a specific n-gram (or, in more practical terms, a word or word fragment) rises above a previous baseline and remains higher for some period of time before tailing off to either the original baseline (in the case of relatively common words) or a new baseline (in the case of words basically new to the lexicon, such as “COVID”).

For defenders, the low numbers of log4j-themed domains thus far means that you’re not too likely, statistically speaking, to see traffic from your environment to one of these domains, and if you do, there’s no guarantee that you’ll hit a bad one.

Indicator List: log4j domains as of 12/15/21:

alanlog4j[.]xyz
ast-log4j-shell[.]es
canilog4j[.]com
dlog4j[.]cn
icanhazlog4j[.]com
ihatelog4j[.]com
lg4j[.]com
log4[.]dev
log4[.]org
log4j-check[.]com
log4j-fix[.]de
log4j-help[.]com
log4j-poc[.]com
log4j-test[.]xyz
log4j-testing[.]com
log4j[.]cc
log4j[.]co
log4j[.]co.kr
log4j[.]dev
log4j[.]fi
log4j[.]fun
log4j[.]help
log4j[.]io
log4j[.]is
log4j[.]it
log4j[.]link
log4j[.]live
log4j[.]ninja
log4j[.]online
log4j[.]pro
log4j[.]site
log4j[.]tk
log4j[.]top
log4j[.]xyz
log4j1[.]com
log4j2[.]cn
log4j2[.]com
log4j2[.]icu
log4j2[.]net
log4j2[.]store
log4jail[.]com
log4java[.]com
log4jay[.]com
log4jbug[.]com
log4jbugs[.]com
log4jcheck[.]com
log4jesus[.]com
log4jexploit[.]com
log4jfix[.]cf
log4jfix[.]com
log4jgear[.]com
log4jhack[.]com
log4jhelp[.]com
log4jmemes[.]com
log4jnerds[.]com
log4jrce[.]org
log4jscrape[.]com
log4jshell[.]com
log4jshirts[.]com
log4jsurvivor[.]com
log4jtest[.]co
log4jtest[.]tk
log4jtest[.]xyz
log4jvuln[.]com
log4jvulnerability[.]com
log4rj[.]com
lol4j[.]com
patchlog4j2live[.]xyz
testlog4j[.]com
vdelog4jcheck[.]click
zblog4jfinal[.]com

Related Content

SecuritySnacks
Cybersecurity Reading List - Week of 2026-02-02
Commentary followed by links to cybersecurity articles and resources that caught our interest internally.
Learn More
SecuritySnacks
SecuritySnack: Phishing Interviews
Phishing campaign targets job seekers with fake career portals and interview invites, stealing ID.me credentials and deploying malware since August 2025.
Learn More
SecuritySnacks
Pay to Lose: Dubious Online Gambling Games
Be wary of "real money" games this New Year. This report uncovers hundreds of fake Android gambling apps using spoofed reviews, fake win declarations, and "waistcoat" shells to trick users into sideloading unregulated, predatory gambling software.
Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.