Actual CVE-2021-44228 payloads captured in the wild

Cloudflare has observed a continuous increase in scanning and attempted exploitation of the CVE-2021-44228 vulnerability in Log4j since its discovery. The largest number of scans or exploitation attempts have come from Canada and then the United States. Most of the blocked requests appear to be reconnaissance to determine if a server is vulnerable. Cloudflare's security teams are working continuously to update WAF and firewall rules as needed in response to evolving exploit attempts.