Weekly Report for 2026-03-25 to 2026-04-01

Apr 01, 2026 Weekly Reports

STIX2 Threat Intelligence Feeds (148,615 indicators this week)

2026-04-01
Wednesday
Pending
Download JSON
2026-03-31
Tuesday
42614 indicators110495 sightings115.9 MB
Download JSON
2026-03-30
Monday
23241 indicators44717 sightings52.9 MB
Download JSON
2026-03-29
Sunday
14510 indicators28952 sightings33.8 MB
Download JSON
2026-03-28
Saturday
14699 indicators26981 sightings32.7 MB
Download JSON
2026-03-27
Friday
18857 indicators46397 sightings49.7 MB
Download JSON
2026-03-26
Thursday
20476 indicators48669 sightings52.8 MB
Download JSON
2026-03-25
Wednesday
14218 indicators29980 sightings34.1 MB
Download JSON

Weekly Intelligence Summary

109.5KAttacking IPs This Week
179Source Countries
1.6KPhishing Domains
21.8KProxy/Anon IPs
1.5MTotal IPs in Database
19.6KNetworks Tracked
4.9KWeb Exploit Events
17CVEs Exploited
27OpenCLAW Events

Weekly Comparison

Threat Score Distribution

Average threat score across all tracked IPs: 17.8/100

Attacks by Destination

Attacks By Country & ASN

Attacks By Protocol

SSH (87,478 IPs)

FTP (109 IPs)

SIP (55 IPs)

TELNET (1,476 IPs)

MSSQL (421 IPs)

MYSQL (128 IPs)

REDIS (392 IPs)

MITRE ATT&CK Techniques

Cloud Provider Abuse

Top Attacking Networks

Attack Classification Tags

Phishing Domains by Category

Top SSH Bruteforce Usernames

Infrastructure Analysis

Tor Exit Nodes (2,286 total)

Infrastructure Type

Anonymous Proxy Hosts (21,825 total)

Emerging Threats (Last 24h)

IP AddressThreat ScoreCountryTags
107.189.8.65100Luxembourgattack Bruteforce Brute-Force cowrie cve202229266 cyber security
185.94.111.1100RussiaAlaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious
193.107.216.228100Hong Kongbruteforce cyber security digital ocean Energy ICS ioc
193.46.255.60100Romaniaawsau awsbah awsindia awsjap blacklist botnet
92.63.196.25100Russiaadmin blacklist botnet brute force Energy green
92.63.196.61100Russiaadmin blacklist botnet brute force Energy green
89.248.165.202100NetherlandsAlaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor
5.61.11.123100Russiablacklist botnet cyber security Energy green ICS
154.89.5.86100Hong Kongcyber security ioc malicious Nextray phishing Scanner
183.136.226.3100Chinabrute force cyber security Energy green ICS ioc
183.136.226.4100Chinabruteforce cyber security digital ocean Energy green ICS
176.192.99.26100Russiaattack awsau bruteforce cyber security Energy green
144.172.118.37100United Statesattack cve202229266 cyber security description description ip indicator
209.141.34.39100United StatesBruteforce Brute-Force cowrie cyber security ioc LokiBot
45.146.165.165100RussiaBot Exploit IOC Malware Nextray Scanner
45.143.203.3100Ukraineadmin blacklist botnet green Malicious IP mirai
89.248.163.140100United Kingdomauto-generated security Brute force count cyber security ioc kfsensor
104.16.18.941000 report 10357 aaaa abuse contact accept access ta0001
45.143.200.50100Russiaadmin Alaska alienvault blacklist botnet cyber security
80.254.126.75100Russiacyber security green ioc kfsensor malicious Nextray

Highest Risk Networks

NetworkRisk ScoreIPsRisk Level
AS60729 zwiebelfreunde e.v.8516
AS210731 forening for dotsrc8411
AS4224 the calyx institute8121
AS208294 cia triad security llc69116
AS396507 emerald onion6234
AS1101 surfnet bv5938
AS57724 ddos guard ltd5320
AS15736 mobile business solution mbs llp4911
AS138740 citylink broadbnad services pvt ltd4813
AS137280 kingsoft cloud corporation limited48102
AS38345 internet domain name system beijing engineering resrarch center ltd.4714
AS206264 amarutu technology ltd4611
AS39351 31173 services ab4515
AS58541 qingdao 26600045176
AS263333 vipturbo comrcio & servios de informtica ltda4532

Web Exploit Detection Summary

4.9KExploit Events
1.1KUnique Attacker IPs
46Rules Triggered
17CVEs Observed
SourceRuleEventsUnique IPsCVEs
ETET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity3,101869
ETET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity3,101869
ETET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML72063
ETET WEB_SERVER Possible DROP SQL Injection Attempt262122
ETET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207)15252CVE-2021-31207
ETET WEB_SERVER WEB-PHP phpinfo access13120CVE-2002-1149
ETGPL WEB_SERVER 403 Forbidden11468
LOCALLOCAL PHP Source Backup File Grab Attempt927
ETET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body612
ETET WEB_SERVER Possible SQL injection obfuscated via REVERSE function in HTTP URI612
LOCALLOCAL AWS Credentials File Grab Attempt6023
ETET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt5123CVE-2019-5418
ETET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt4622
LOCALLOCAL Spring Boot Actuator Sensitive Endpoint Probe3716
ETET WEB_SERVER Possible CREATE SQL Injection Attempt in URI2423
ETET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M22322CVE-2021-41773
ETET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M22322CVE-2021-42013
ETET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M1213CVE-2022-22274 CVE-2023-0656
ETET SCAN Google Webcrawler User-Agent (Mediapartners-Google)2016
LOCALLOCAL OpenWRT Luci CGI RCE Attempt (CVE-2023-1389)145CVE-2023-1389

CVE Exploitation Activity

CVE-2021-31207 CVE-2002-1149 CVE-2019-5418 CVE-2021-41773 CVE-2021-42013 CVE-2022-22274 CVE-2023-0656 CVE-2021-26855 CVE-2023-1389 CVE-2000-0868 CVE-2019-0193 CVE-2021-22005 CVE-2022-1388 CVE-2024-3400 CVE-2000-0778 CVE-2019-19781 CVE-2022-22965

OpenCLAW Dashboard Intelligence

27Total Events
14Unique Attackers
8Days Active

Attack Types

TypeCountShare
generic-probe35100.0%

Severity Distribution

SeverityCountPercentage
low35100.0%
Share on: