Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

CloudIntel Attacks Monitoring Project

Cloud Intel

This repository hosts resources and findings from a project aimed at monitoring attacks on Public Cloud infrastructure, particularly focusing on cloud-native and cloud-only threats.


  • Real-time data on malicious IP addresses, updated every 24 hours.
  • (Under development) Malicious file detection API.
  • Ongoing publication of data on GitHub.

Consuming IOCs from this Repository

This repository is structured to aid in the monitoring of Public Cloud infrastructure attacks, with a focus on cloud-native and cloud-only threats. It includes:

  • Indicators of Compromise (IOCs)
  • Malware Analysis
  • Malware Samples


To retrieve a comprehensive list of malicious IPs, which is about 30 times larger than the public list on GitHub, use the cloudintel API as follows:

Demo credentials

Feel free to use demo key and Email for testing (This key/Email can change without any notice for andy prod usage please ask for the key) The Email and key are enclosed between double "quotes"

Demo Email : "" Demo Key : "key{democloudintel}"

For your API key please Email OR fill this form

curl -X GET \
  '' \
  -H 'x-api-key: [Your_API_Key]' \
  -H 'x-email: [Your_Email]'


Replace MM-DD-YYYY with the specific date for which you want to fetch IP addresses. For example, to fetch IPs for December 25, 2023, replace MM-DD-YYYY it with 12-25-2023. Ensure to include your API key and email in the respective placeholders [Your_API_Key] and [Your_Email].

Response format: JSON containing all observed malicious IP addresses.

Case Study/Success Stories

  1. My findings are published over :
  2. TBD (If you have any new findings then please do share it with us, will link it here)

How to Use this Repository

  1. Understanding the Repository Structure: Each folder is named with a date (DD-MM-YYYY) and contains daily collected IOCs.
  2. Reviewing Usage Warning: Before using these IOCs, be aware of the risks. Executing code without understanding could be harmful.
  3. Accessing Malware Analysis: For insights into the malware samples and their analysis, refer to the corresponding dated folders.
  4. Consuming IOCs: Detailed instructions on how to consume these IOCs in your security operations will be provided in the IOC Consumption Guide. This guide will offer step-by-step instructions on how to integrate, automate, and utilize these IOCs with cloud services.
  5. Contributing: If you have updates or additional IOCs, see the Contribution Guidelines.
  6. Getting Support: For questions or support, open an issue or reach out to me[at]


For full details, visit our Wiki.

Feature Requests and Contributions

For feature requests or contributions, open an issue.

Media Coverage

Our project, CloudIntel, has been featured in various publications. Here's one of the articles discussing the impact and importance of CloudIntel in cloud security:


Special thanks to Michel Bamps for his expertise and assistance in integrating Cloudflare Workers with R2, a crucial part of the AWSAttacks infrastructure.

Remember to use the IOCs within the bounds of the MIT License and understand that this is a personal project, not associated with any employer.

For deeper insights into the project's purpose and methodology, refer to the accompanying blog post.


No releases published

Sponsor this project