Weekly Report for 2026-06-01 to 2026-06-08
Jun 08, 2026
Weekly Reports
STIX2 Threat Intelligence Feeds (52,773 indicators this week)
Weekly Intelligence Summary
56.2KAttacking IPs This Week
178Source Countries
1.8KPhishing Domains
29.6KProxy/Anon IPs
1.4KWeb Exploit Events
15CVEs Exploited
952OpenCLAW Events
Weekly Comparison
Attacks by Destination
Attacks By Country & ASN
Attacks By Protocol
SSH (26,372 IPs)
FTP (68 IPs)
SIP (152 IPs)
TELNET (815 IPs)
MSSQL (278 IPs)
MYSQL (71 IPs)
REDIS (307 IPs)
Phishing Domains by Category
Top SSH Bruteforce Usernames
Infrastructure Analysis
Tor Exit Nodes
No data available.
Infrastructure Type
No data available.
Anonymous Proxy Hosts (29,555 total)
Web Exploit Detection Summary
1.4KExploit Events
196Unique Attacker IPs
42Rules Triggered
15CVEs Observed
| Source | Rule | Events | Unique IPs | CVEs |
|---|---|---|---|---|
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 489 | 67 | — |
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 489 | 67 | — |
| LOCAL | LOCAL OpenWRT Luci CGI RCE Attempt (CVE-2023-1389) | 232 | 3 | CVE-2023-1389 |
| ET | ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML | 155 | 12 | — |
| LOCAL | LOCAL Spring Boot Actuator Sensitive Endpoint Probe | 91 | 15 | — |
| ET | ET WEB_SERVER WEB-PHP phpinfo access | 82 | 15 | CVE-2002-1149 |
| ET | ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt | 57 | 26 | CVE-2019-5418 |
| ET | ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt | 51 | 26 | — |
| LOCAL | LOCAL AWS Credentials File Grab Attempt | 32 | 22 | — |
| ET | ET WEB_SERVER Possible DROP SQL Injection Attempt | 27 | 13 | — |
| ET | ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 | 26 | 26 | CVE-2021-41773 |
| ET | ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 | 25 | 25 | CVE-2021-42013 |
| ET | ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI | 25 | 24 | — |
| LOCAL | LOCAL PHP Source Backup File Grab Attempt | 22 | 13 | — |
| ET | ET WEB_SERVER WebShell Generic - wget http - POST | 17 | 10 | — |
| ET | ET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body | 17 | 3 | — |
| ET | ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function in HTTP URI | 17 | 3 | — |
| ET | ET SCAN NETWORK Outgoing Masscan detected | 15 | 6 | — |
| ET | ET SCAN NETWORK Incoming Masscan detected | 15 | 6 | — |
| ET | GPL WEB_SERVER .htpasswd access | 12 | 10 | — |
CVE Exploitation Activity
CVE-2023-1389 CVE-2002-1149 CVE-2019-5418 CVE-2021-41773 CVE-2021-42013 CVE-2021-22005 CVE-2021-26855 CVE-2021-22893 CVE-2021-31207 CVE-2019-0193 CVE-2024-21887 CVE-2020-5902 CVE-2024-3400 CVE-2022-22274 CVE-2023-0656
OpenCLAW Dashboard Intelligence
952Total Events
41Unique Attackers
8Days Active
Attack Types
| Type | Count | Share | |
|---|---|---|---|
| generic-probe | 1,243 | 99.8% | |
| admin-scan | 2 | 0.2% |
Severity Distribution
| Severity | Count | Percentage |
|---|---|---|
| medium | 2 | 0.2% |
| low | 1,243 | 99.8% |