Weekly Report for 2026-03-15 to 2026-03-22
Mar 22, 2026
Weekly Reports
STIX2 Threat Intelligence Feeds (109,472 indicators this week)
Weekly Intelligence Summary
68.0KAttacking IPs This Week
179Source Countries
1.5KPhishing Domains
17.6KProxy/Anon IPs
8.1KWeb Exploit Events
35CVEs Exploited
1.0KOpenCLAW Events
Weekly Comparison
Attacks by Destination
Attacks By Country & ASN
Attacks By Protocol
SSH (50,300 IPs)
FTP (92 IPs)
SIP (193 IPs)
TELNET (1,830 IPs)
MSSQL (445 IPs)
MYSQL (128 IPs)
REDIS (513 IPs)
MITRE ATT&CK Techniques
Cloud Provider Abuse
Top Attacking Networks
Attack Classification Tags
Phishing Domains by Category
Top SSH Bruteforce Usernames
Infrastructure Analysis
Tor Exit Nodes
No data available.
Infrastructure Type
Anonymous Proxy Hosts (17,598 total)
Emerging Threats (Last 24h)
| IP Address | Threat Score | Country | Tags |
|---|---|---|---|
| 107.189.8.65 | 100 | Luxembourg | attack Bruteforce Brute-Force cowrie cve202229266 cyber security |
| 185.94.111.1 | 100 | Russia | Alaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious |
| 193.107.216.228 | 100 | Hong Kong | bruteforce cyber security digital ocean Energy ICS ioc |
| 193.46.255.60 | 100 | Romania | awsau awsbah awsindia awsjap blacklist botnet |
| 92.63.196.25 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 92.63.196.61 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 89.248.165.202 | 100 | Netherlands | Alaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor |
| 5.61.11.123 | 100 | Russia | blacklist botnet cyber security Energy green ICS |
| 154.89.5.86 | 100 | Hong Kong | cyber security ioc malicious Nextray phishing Scanner |
| 183.136.226.3 | 100 | China | brute force cyber security Energy green ICS ioc |
| 183.136.226.4 | 100 | China | bruteforce cyber security digital ocean Energy green ICS |
| 176.192.99.26 | 100 | Russia | attack awsau bruteforce cyber security Energy green |
| 144.172.118.37 | 100 | United States | attack cve202229266 cyber security description description ip indicator |
| 209.141.34.39 | 100 | United States | Bruteforce Brute-Force cowrie cyber security ioc LokiBot |
| 45.146.165.165 | 100 | Russia | Bot Exploit IOC Malware Nextray Scanner |
| 45.143.203.3 | 100 | Ukraine | admin blacklist botnet green Malicious IP mirai |
| 89.248.163.140 | 100 | United Kingdom | auto-generated security Brute force count cyber security ioc kfsensor |
| 104.16.18.94 | 100 | 0 report 10357 aaaa abuse contact accept access ta0001 | |
| 45.143.200.50 | 100 | Russia | admin Alaska alienvault blacklist botnet cyber security |
| 80.254.126.75 | 100 | Russia | cyber security green ioc kfsensor malicious Nextray |
Highest Risk Networks
| Network | Risk Score | IPs | Risk Level |
|---|---|---|---|
| AS60729 zwiebelfreunde e.v. | 85 | 16 | |
| AS210731 forening for dotsrc | 84 | 11 | |
| AS4224 the calyx institute | 81 | 21 | |
| AS208294 cia triad security llc | 69 | 116 | |
| AS396507 emerald onion | 62 | 34 | |
| AS1101 surfnet bv | 59 | 38 | |
| AS57724 ddos guard ltd | 53 | 20 | |
| AS15736 mobile business solution mbs llp | 49 | 11 | |
| AS138740 citylink broadbnad services pvt ltd | 48 | 13 | |
| AS137280 kingsoft cloud corporation limited | 48 | 102 | |
| AS38345 internet domain name system beijing engineering resrarch center ltd. | 47 | 14 | |
| AS206264 amarutu technology ltd | 46 | 11 | |
| AS39351 31173 services ab | 45 | 15 | |
| AS58541 qingdao 266000 | 45 | 176 | |
| AS263333 vipturbo comrcio & servios de informtica ltda | 45 | 32 |
Web Exploit Detection Summary
8.1KExploit Events
961Unique Attacker IPs
112Rules Triggered
35CVEs Observed
| Source | Rule | Events | Unique IPs | CVEs |
|---|---|---|---|---|
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 4,858 | 666 | — |
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 4,858 | 666 | — |
| ET | ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML | 1,024 | 65 | — |
| ET | ET WEB_SERVER Possible DROP SQL Injection Attempt | 376 | 159 | — |
| ET | ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt | 269 | 25 | CVE-2019-5418 |
| ET | ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine) | 177 | 1 | — |
| ET | ET WEB_SERVER /etc/passwd Detected in URI | 163 | 2 | — |
| ET | GPL WEB_SERVER 403 Forbidden | 130 | 84 | — |
| ET | ET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207) | 126 | 72 | CVE-2021-31207 |
| ET | ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI | 116 | 31 | — |
| ET | ET WEB_SERVER WEB-PHP phpinfo access | 110 | 16 | CVE-2002-1149 |
| LOCAL | LOCAL PHP Source Backup File Grab Attempt | 94 | 7 | — |
| LOCAL | LOCAL Spring Boot Actuator Sensitive Endpoint Probe | 81 | 18 | — |
| LOCAL | LOCAL AWS Credentials File Grab Attempt | 70 | 16 | — |
| ET | ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt | 48 | 23 | — |
| ET | ET EXPLOIT [FIREEYE] Suspicious Pulse Secure HTTP Request (CVE-2021-22893) M1 | 48 | 2 | CVE-2021-22893 |
| LOCAL | LOCAL Microsoft Exchange ECP Admin Probe (ProxyShell/ProxyLogon) | 39 | 15 | CVE-2021-26855 |
| ET | ET WEB_SERVER WebShell Generic - wget http - POST | 33 | 7 | — |
| ET | ET WEB_SERVER Script tag in URI Possible Cross Site Scripting Attempt | 30 | 1 | — |
| ET | ET WEB_SERVER PHP Possible https Local File Inclusion Attempt | 28 | 1 | CVE-2002-0953 |
CVE Exploitation Activity
CVE-2019-5418 CVE-2021-31207 CVE-2002-1149 CVE-2002-0953 CVE-2021-26855 CVE-2021-22893 CVE-2022-22274 CVE-2023-0656 CVE-2021-41773 CVE-2021-42013 CVE-2019-0193 CVE-2024-21887 CVE-2024-4577 CVE-2021-22005 CVE-2022-1388 CVE-2023-1389 CVE-2018-11776 CVE-2020-5902 CVE-2024-3400 CVE-2000-0868
OpenCLAW Dashboard Intelligence
1.0KTotal Events
22Unique Attackers
8Days Active
Attack Types
| Type | Count | Share | |
|---|---|---|---|
| generic-probe | 1,005 | 99.8% | |
| admin-scan | 2 | 0.2% |
Severity Distribution
| Severity | Count | Percentage |
|---|---|---|
| medium | 2 | 0.2% |
| low | 1,005 | 99.8% |