Weekly Report for 2026-05-22 to 2026-05-29
May 29, 2026
Weekly Reports
STIX2 Threat Intelligence Feeds (37,975 indicators this week)
Weekly Intelligence Summary
47.3KAttacking IPs This Week
174Source Countries
2.3KPhishing Domains
26.0KProxy/Anon IPs
1.6MTotal IPs in Database
19.6KNetworks Tracked
2.7KWeb Exploit Events
16CVEs Exploited
464OpenCLAW Events
Weekly Comparison
Threat Score Distribution
Average threat score across all tracked IPs: 18.3/100
Attacks by Destination
Attacks By Country & ASN
Attacks By Protocol
SSH (20,630 IPs)
FTP (21 IPs)
SIP (68 IPs)
TELNET (618 IPs)
MSSQL (173 IPs)
MYSQL (60 IPs)
REDIS (117 IPs)
MITRE ATT&CK Techniques
Cloud Provider Abuse
Top Attacking Networks
Attack Classification Tags
Phishing Domains by Category
Top SSH Bruteforce Usernames
Infrastructure Analysis
Tor Exit Nodes (2,357 total)
Infrastructure Type
Anonymous Proxy Hosts (26,011 total)
Emerging Threats (Last 24h)
| IP Address | Threat Score | Country | Tags |
|---|---|---|---|
| 107.189.8.65 | 100 | Luxembourg | attack Bruteforce Brute-Force cowrie cve202229266 cyber security |
| 185.94.111.1 | 100 | Russia | Alaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious |
| 193.107.216.228 | 100 | Hong Kong | bruteforce cyber security digital ocean Energy ICS ioc |
| 193.46.255.60 | 100 | Romania | awsau awsbah awsindia awsjap blacklist botnet |
| 92.63.196.25 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 92.63.196.61 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 89.248.165.202 | 100 | Netherlands | Alaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor |
| 5.61.11.123 | 100 | Russia | blacklist botnet cyber security Energy green ICS |
| 154.89.5.86 | 100 | Hong Kong | cyber security ioc malicious Nextray phishing Scanner |
| 183.136.226.3 | 100 | China | brute force cyber security Energy green ICS ioc |
| 183.136.226.4 | 100 | China | bruteforce cyber security digital ocean Energy green ICS |
| 176.192.99.26 | 100 | Russia | attack awsau bruteforce cyber security Energy green |
| 144.172.118.37 | 100 | United States | attack cve202229266 cyber security description description ip indicator |
| 209.141.34.39 | 100 | United States | Bruteforce Brute-Force cowrie cyber security ioc LokiBot |
| 45.146.165.165 | 100 | Russia | Bot Exploit IOC Malware Nextray Scanner |
| 45.143.203.3 | 100 | Ukraine | admin blacklist botnet green Malicious IP mirai |
| 89.248.163.140 | 100 | United Kingdom | auto-generated security Brute force count cyber security ioc kfsensor |
| 104.16.18.94 | 100 | 0 report 10357 aaaa abuse contact accept access ta0001 | |
| 45.143.200.50 | 100 | Russia | admin Alaska alienvault blacklist botnet cyber security |
| 80.254.126.75 | 100 | Russia | cyber security green ioc kfsensor malicious Nextray |
Highest Risk Networks
| Network | Risk Score | IPs | Risk Level |
|---|---|---|---|
| AS60729 zwiebelfreunde e.v. | 85 | 16 | |
| AS210731 forening for dotsrc | 84 | 11 | |
| AS4224 the calyx institute | 81 | 21 | |
| AS208294 cia triad security llc | 69 | 116 | |
| AS396507 emerald onion | 62 | 34 | |
| AS1101 surfnet bv | 59 | 38 | |
| AS57724 ddos guard ltd | 53 | 20 | |
| AS15736 mobile business solution mbs llp | 49 | 11 | |
| AS138740 citylink broadbnad services pvt ltd | 48 | 13 | |
| AS137280 kingsoft cloud corporation limited | 48 | 102 | |
| AS38345 internet domain name system beijing engineering resrarch center ltd. | 47 | 14 | |
| AS206264 amarutu technology ltd | 46 | 11 | |
| AS39351 31173 services ab | 45 | 15 | |
| AS58541 qingdao 266000 | 45 | 176 | |
| AS263333 vipturbo comrcio & servios de informtica ltda | 45 | 32 |
Web Exploit Detection Summary
2.7KExploit Events
484Unique Attacker IPs
42Rules Triggered
16CVEs Observed
| Source | Rule | Events | Unique IPs | CVEs |
|---|---|---|---|---|
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 1,436 | 304 | — |
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 1,436 | 304 | — |
| ET | ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML | 283 | 23 | — |
| LOCAL | LOCAL OpenWRT Luci CGI RCE Attempt (CVE-2023-1389) | 138 | 4 | CVE-2023-1389 |
| LOCAL | LOCAL Spring Boot Actuator Sensitive Endpoint Probe | 114 | 13 | — |
| ET | ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M1 | 100 | 8 | CVE-2022-22274 CVE-2023-0656 |
| ET | ET EXPLOIT [FIREEYE] Suspicious Pulse Secure HTTP Request (CVE-2021-22893) M1 | 81 | 2 | CVE-2021-22893 |
| LOCAL | LOCAL AWS Credentials File Grab Attempt | 77 | 25 | — |
| ET | ET WEB_SERVER Possible DROP SQL Injection Attempt | 75 | 38 | — |
| ET | ET WEB_SERVER WEB-PHP phpinfo access | 47 | 13 | CVE-2002-1149 |
| ET | GPL WEB_SERVER 403 Forbidden | 36 | 24 | — |
| ET | ET SCAN Google Webcrawler User-Agent (Mediapartners-Google) | 31 | 29 | — |
| ET | ET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body | 28 | 4 | — |
| ET | ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function in HTTP URI | 28 | 4 | — |
| LOCAL | LOCAL Ivanti Connect Secure Admin Interface Probe | 28 | 2 | CVE-2024-21887 |
| LOCAL | LOCAL Microsoft Exchange ECP Admin Probe (ProxyShell/ProxyLogon) | 26 | 6 | CVE-2021-26855 |
| ET | ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt | 24 | 12 | — |
| ET | ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine) | 24 | 1 | — |
| ET | ET SCAN NETWORK Outgoing Masscan detected | 22 | 7 | — |
| ET | ET SCAN NETWORK Incoming Masscan detected | 22 | 7 | — |
CVE Exploitation Activity
CVE-2023-1389 CVE-2022-22274 CVE-2023-0656 CVE-2021-22893 CVE-2002-1149 CVE-2021-26855 CVE-2024-21887 CVE-2021-31207 CVE-2019-5418 CVE-2021-22005 CVE-2021-41773 CVE-2021-42013 CVE-2019-0193 CVE-2000-0868 CVE-2024-3400 CVE-2010-0738
OpenCLAW Dashboard Intelligence
464Total Events
32Unique Attackers
8Days Active
Attack Types
| Type | Count | Share | |
|---|---|---|---|
| generic-probe | 467 | 98.5% | |
| admin-scan | 7 | 1.5% |
Severity Distribution
| Severity | Count | Percentage |
|---|---|---|
| medium | 7 | 1.5% |
| low | 467 | 98.5% |