Weekly Report for 2026-04-24 to 2026-05-01

STIX2 Threat Intelligence Feeds (109,673 indicators this week)

Weekly Intelligence Summary

Weekly Comparison

Attacks by Destination

Attacks By Country & ASN

Attacks By Protocol

Cloud Provider Abuse

Phishing Domains by Category

Top SSH Bruteforce Usernames

Infrastructure Analysis

Anonymous Proxy Hosts (27,115 total)

Emerging Threats (Last 24h)

IP Address	Threat Score	Country	Tags
107.189.8.65	100	Luxembourg	attack Bruteforce Brute-Force cowrie cve202229266 cyber security
185.94.111.1	100	Russia	Alaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious
193.107.216.228	100	Hong Kong	bruteforce cyber security digital ocean Energy ICS ioc
193.46.255.60	100	Romania	awsau awsbah awsindia awsjap blacklist botnet
92.63.196.25	100	Russia	admin blacklist botnet brute force Energy green
92.63.196.61	100	Russia	admin blacklist botnet brute force Energy green
89.248.165.202	100	Netherlands	Alaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor
5.61.11.123	100	Russia	blacklist botnet cyber security Energy green ICS
154.89.5.86	100	Hong Kong	cyber security ioc malicious Nextray phishing Scanner
183.136.226.3	100	China	brute force cyber security Energy green ICS ioc
183.136.226.4	100	China	bruteforce cyber security digital ocean Energy green ICS
176.192.99.26	100	Russia	attack awsau bruteforce cyber security Energy green
144.172.118.37	100	United States	attack cve202229266 cyber security description description ip indicator
209.141.34.39	100	United States	Bruteforce Brute-Force cowrie cyber security ioc LokiBot
45.146.165.165	100	Russia	Bot Exploit IOC Malware Nextray Scanner
45.143.203.3	100	Ukraine	admin blacklist botnet green Malicious IP mirai
89.248.163.140	100	United Kingdom	auto-generated security Brute force count cyber security ioc kfsensor
104.16.18.94	100		0 report 10357 aaaa abuse contact accept access ta0001
45.143.200.50	100	Russia	admin Alaska alienvault blacklist botnet cyber security
80.254.126.75	100	Russia	cyber security green ioc kfsensor malicious Nextray

Web Exploit Detection Summary

Source	Rule	Events	Unique IPs	CVEs
ET	ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity	1,880	783	—
ET	ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity	1,880	783	—
ET	ET WEB_SERVER WEB-PHP phpinfo access	725	34	CVE-2002-1149
ET	ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML	628	70	—
ET	ET WEB_SERVER Possible DROP SQL Injection Attempt	151	103	—
LOCAL	LOCAL PHP Source Backup File Grab Attempt	109	11	—
LOCAL	LOCAL AWS Credentials File Grab Attempt	99	48	—
ET	GPL WEB_SERVER 403 Forbidden	65	45	—
ET	ET SCAN Google Webcrawler User-Agent (Mediapartners-Google)	55	55	—
ET	ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	53	25	—
ET	ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt	52	25	CVE-2019-5418
ET	ET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207)	49	24	CVE-2021-31207
ET	GPL WEB_SERVER .htpasswd access	30	14	—
ET	ET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body	29	5	—
ET	ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function in HTTP URI	29	5	—
ET	ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2	27	25	CVE-2021-41773
ET	ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2	26	24	CVE-2021-42013
ET	ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI	25	23	—
LOCAL	LOCAL Spring Boot Actuator Sensitive Endpoint Probe	23	5	—
ET	ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M1	16	7	CVE-2022-22274 CVE-2023-0656

CVE Exploitation Activity

OpenCLAW Dashboard Intelligence