Weekly Report for 2026-06-08 to 2026-06-15
Jun 15, 2026
Weekly Reports
STIX2 Threat Intelligence Feeds (67,375 indicators this week)
Weekly Intelligence Summary
54.7KAttacking IPs This Week
179Source Countries
1.6KPhishing Domains
24.5KProxy/Anon IPs
11.1KWeb Exploit Events
17CVEs Exploited
64OpenCLAW Events
Weekly Comparison
Threat Score Distribution
Average threat score across all tracked IPs: 18.2/100
Attacks by Destination
Attacks By Country & ASN
Attacks By Protocol
SSH (29,995 IPs)
FTP (50 IPs)
SIP (172 IPs)
TELNET (975 IPs)
MSSQL (342 IPs)
MYSQL (74 IPs)
REDIS (312 IPs)
MITRE ATT&CK Techniques
Cloud Provider Abuse
Top Attacking Networks
Attack Classification Tags
Phishing Domains by Category
Top SSH Bruteforce Usernames
Infrastructure Analysis
Tor Exit Nodes (2,391 total)
Infrastructure Type
Anonymous Proxy Hosts (24,459 total)
Emerging Threats (Last 24h)
| IP Address | Threat Score | Country | Tags |
|---|---|---|---|
| 107.189.8.65 | 100 | Luxembourg | attack Bruteforce Brute-Force cowrie cve202229266 cyber security |
| 185.94.111.1 | 100 | Russia | Alaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious |
| 193.107.216.228 | 100 | Hong Kong | bruteforce cyber security digital ocean Energy ICS ioc |
| 193.46.255.60 | 100 | Romania | awsau awsbah awsindia awsjap blacklist botnet |
| 92.63.196.25 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 92.63.196.61 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 89.248.165.202 | 100 | Netherlands | Alaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor |
| 5.61.11.123 | 100 | Russia | blacklist botnet cyber security Energy green ICS |
| 154.89.5.86 | 100 | Hong Kong | cyber security ioc malicious Nextray phishing Scanner |
| 183.136.226.3 | 100 | China | brute force cyber security Energy green ICS ioc |
| 183.136.226.4 | 100 | China | bruteforce cyber security digital ocean Energy green ICS |
| 176.192.99.26 | 100 | Russia | attack awsau bruteforce cyber security Energy green |
| 144.172.118.37 | 100 | United States | attack cve202229266 cyber security description description ip indicator |
| 209.141.34.39 | 100 | United States | Bruteforce Brute-Force cowrie cyber security ioc LokiBot |
| 45.146.165.165 | 100 | Russia | Bot Exploit IOC Malware Nextray Scanner |
| 45.143.203.3 | 100 | Ukraine | admin blacklist botnet green Malicious IP mirai |
| 89.248.163.140 | 100 | United Kingdom | auto-generated security Brute force count cyber security ioc kfsensor |
| 104.16.18.94 | 100 | 0 report 10357 aaaa abuse contact accept access ta0001 | |
| 45.143.200.50 | 100 | Russia | admin Alaska alienvault blacklist botnet cyber security |
| 80.254.126.75 | 100 | Russia | cyber security green ioc kfsensor malicious Nextray |
Highest Risk Networks
| Network | Risk Score | IPs | Risk Level |
|---|---|---|---|
| AS60729 zwiebelfreunde e.v. | 85 | 16 | |
| AS210731 forening for dotsrc | 84 | 11 | |
| AS4224 the calyx institute | 81 | 21 | |
| AS208294 cia triad security llc | 69 | 116 | |
| AS396507 emerald onion | 62 | 34 | |
| AS1101 surfnet bv | 59 | 38 | |
| AS57724 ddos guard ltd | 53 | 20 | |
| AS15736 mobile business solution mbs llp | 49 | 11 | |
| AS138740 citylink broadbnad services pvt ltd | 48 | 13 | |
| AS137280 kingsoft cloud corporation limited | 48 | 102 | |
| AS38345 internet domain name system beijing engineering resrarch center ltd. | 47 | 14 | |
| AS206264 amarutu technology ltd | 46 | 11 | |
| AS39351 31173 services ab | 45 | 15 | |
| AS58541 qingdao 266000 | 45 | 176 | |
| AS263333 vipturbo comrcio & servios de informtica ltda | 45 | 32 |
Web Exploit Detection Summary
11.1KExploit Events
807Unique Attacker IPs
50Rules Triggered
17CVEs Observed
| Source | Rule | Events | Unique IPs | CVEs |
|---|---|---|---|---|
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 7,833 | 476 | — |
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 7,833 | 476 | — |
| ET | ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML | 857 | 67 | — |
| LOCAL | LOCAL Spring Boot Actuator Sensitive Endpoint Probe | 561 | 33 | — |
| ET | ET WEB_SERVER WEB-PHP phpinfo access | 472 | 41 | CVE-2002-1149 |
| ET | ET WEB_SERVER Possible DROP SQL Injection Attempt | 273 | 57 | — |
| ET | ET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207) | 204 | 36 | CVE-2021-31207 |
| ET | GPL WEB_SERVER 403 Forbidden | 191 | 36 | — |
| LOCAL | LOCAL AWS Credentials File Grab Attempt | 117 | 42 | — |
| LOCAL | LOCAL PHP Source Backup File Grab Attempt | 111 | 29 | — |
| ET | ET SCAN Google Webcrawler User-Agent (Mediapartners-Google) | 67 | 65 | — |
| ET | ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt | 64 | 27 | CVE-2019-5418 |
| ET | ET WEB_SERVER Possible SQL Injection Obfuscated by REVERSE function in HTTP Request Body | 59 | 6 | — |
| ET | ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function in HTTP URI | 59 | 6 | — |
| LOCAL | LOCAL OpenWRT Luci CGI RCE Attempt (CVE-2023-1389) | 57 | 3 | CVE-2023-1389 |
| ET | ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt | 52 | 26 | — |
| ET | ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656) M1 | 43 | 3 | CVE-2022-22274 CVE-2023-0656 |
| ET | ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI | 36 | 26 | — |
| ET | ET SCAN Exabot Webcrawler User Agent | 29 | 25 | — |
| ET | ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 | 27 | 26 | CVE-2021-41773 |
CVE Exploitation Activity
CVE-2002-1149 CVE-2021-31207 CVE-2019-5418 CVE-2023-1389 CVE-2022-22274 CVE-2023-0656 CVE-2021-41773 CVE-2021-42013 CVE-2021-26855 CVE-2020-5902 CVE-2019-0193 CVE-2021-22005 CVE-2002-0953 CVE-2019-19781 CVE-2010-0738 CVE-2022-1388 CVE-2022-22965
OpenCLAW Dashboard Intelligence
64Total Events
24Unique Attackers
8Days Active
Attack Types
| Type | Count | Share | |
|---|---|---|---|
| generic-probe | 192 | 99.0% | |
| admin-scan | 2 | 1.0% |
Severity Distribution
| Severity | Count | Percentage |
|---|---|---|
| medium | 2 | 1.0% |
| low | 192 | 99.0% |