Weekly Report for 2026-07-01 to 2026-07-08
Jul 08, 2026
Weekly Reports
STIX2 Threat Intelligence Feeds (114,222 indicators this week)
Weekly Intelligence Summary
108.4KAttacking IPs This Week
174Source Countries
1.5KPhishing Domains
19.5KProxy/Anon IPs
10.0KWeb Exploit Events
23CVEs Exploited
218OpenCLAW Events
Weekly Comparison
Threat Score Distribution
Average threat score across all tracked IPs: 18.3/100
Attacks by Destination
Attacks By Country & ASN
Attacks By Protocol
SSH (88,848 IPs)
FTP (6 IPs)
SIP (119 IPs)
TELNET (35 IPs)
MSSQL (23 IPs)
MYSQL (16 IPs)
REDIS (33 IPs)
MITRE ATT&CK Techniques
Cloud Provider Abuse
Top Attacking Networks
Attack Classification Tags
Phishing Domains by Category
Top SSH Bruteforce Usernames
Infrastructure Analysis
Tor Exit Nodes (2,445 total)
Infrastructure Type
Anonymous Proxy Hosts (19,527 total)
Emerging Threats (Last 24h)
| IP Address | Threat Score | Country | Tags |
|---|---|---|---|
| 107.189.8.65 | 100 | Luxembourg | attack Bruteforce Brute-Force cowrie cve202229266 cyber security |
| 185.94.111.1 | 100 | Russia | Alaska cowrie ddos denial of service IPs Attacking Alaskan Hosts malicious |
| 193.107.216.228 | 100 | Hong Kong | bruteforce cyber security digital ocean Energy ICS ioc |
| 193.46.255.60 | 100 | Romania | awsau awsbah awsindia awsjap blacklist botnet |
| 92.63.196.25 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 92.63.196.61 | 100 | Russia | admin blacklist botnet brute force Energy green |
| 89.248.165.202 | 100 | Netherlands | Alaska auto-generated security botnet green IPs Attacking Alaskan Hosts kfsensor |
| 5.61.11.123 | 100 | Russia | blacklist botnet cyber security Energy green ICS |
| 154.89.5.86 | 100 | Hong Kong | cyber security ioc malicious Nextray phishing Scanner |
| 183.136.226.3 | 100 | China | brute force cyber security Energy green ICS ioc |
| 183.136.226.4 | 100 | China | bruteforce cyber security digital ocean Energy green ICS |
| 176.192.99.26 | 100 | Russia | attack awsau bruteforce cyber security Energy green |
| 144.172.118.37 | 100 | United States | attack cve202229266 cyber security description description ip indicator |
| 209.141.34.39 | 100 | United States | Bruteforce Brute-Force cowrie cyber security ioc LokiBot |
| 45.146.165.165 | 100 | Russia | Bot Exploit IOC Malware Nextray Scanner |
| 45.143.203.3 | 100 | Ukraine | admin blacklist botnet green Malicious IP mirai |
| 89.248.163.140 | 100 | United Kingdom | auto-generated security Brute force count cyber security ioc kfsensor |
| 104.16.18.94 | 100 | 0 report 10357 aaaa abuse contact accept access ta0001 | |
| 45.143.200.50 | 100 | Russia | admin Alaska alienvault blacklist botnet cyber security |
| 80.254.126.75 | 100 | Russia | cyber security green ioc kfsensor malicious Nextray |
Highest Risk Networks
| Network | Risk Score | IPs | Risk Level |
|---|---|---|---|
| AS60729 zwiebelfreunde e.v. | 85 | 16 | |
| AS210731 forening for dotsrc | 84 | 11 | |
| AS4224 the calyx institute | 81 | 21 | |
| AS208294 cia triad security llc | 69 | 116 | |
| AS396507 emerald onion | 62 | 34 | |
| AS1101 surfnet bv | 59 | 38 | |
| AS57724 ddos guard ltd | 53 | 20 | |
| AS15736 mobile business solution mbs llp | 49 | 11 | |
| AS138740 citylink broadbnad services pvt ltd | 48 | 13 | |
| AS137280 kingsoft cloud corporation limited | 48 | 102 | |
| AS38345 internet domain name system beijing engineering resrarch center ltd. | 47 | 14 | |
| AS206264 amarutu technology ltd | 46 | 11 | |
| AS39351 31173 services ab | 45 | 15 | |
| AS58541 qingdao 266000 | 45 | 176 | |
| AS263333 vipturbo comrcio & servios de informtica ltda | 45 | 32 |
Web Exploit Detection Summary
10.0KExploit Events
5.4KUnique Attacker IPs
62Rules Triggered
23CVEs Observed
| Source | Rule | Events | Unique IPs | CVEs |
|---|---|---|---|---|
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 5,986 | 4,638 | — |
| ET | ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity | 5,986 | 4,638 | — |
| ET | ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML | 1,987 | 110 | — |
| ET | ET WEB_SERVER WEB-PHP phpinfo access | 426 | 61 | CVE-2002-1149 |
| ET | GPL WEB_SERVER 403 Forbidden | 262 | 171 | — |
| ET | ET SCAN Google Webcrawler User-Agent (Mediapartners-Google) | 186 | 185 | — |
| LOCAL | LOCAL Spring Boot Actuator Sensitive Endpoint Probe | 148 | 47 | — |
| LOCAL | LOCAL AWS Credentials File Grab Attempt | 147 | 54 | — |
| ET | ET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207) | 145 | 128 | CVE-2021-31207 |
| LOCAL | LOCAL PHP Source Backup File Grab Attempt | 131 | 27 | — |
| ET | ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M1 | 104 | 13 | CVE-2022-22274 CVE-2023-0656 |
| ET | ET WEB_SERVER Possible DROP SQL Injection Attempt | 101 | 72 | — |
| ET | ET SCAN SFTP/FTP Password Exposure via sftp-config.json | 56 | 10 | — |
| ET | ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt | 44 | 19 | CVE-2019-5418 |
| ET | ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt | 42 | 19 | — |
| LOCAL | LOCAL Microsoft Exchange ECP Admin Probe (ProxyShell/ProxyLogon) | 39 | 26 | CVE-2021-26855 |
| ET | GPL WEB_SERVER .htpasswd access | 26 | 10 | — |
| ET | ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI | 20 | 19 | — |
| ET | ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 | 19 | 18 | CVE-2021-41773 |
| ET | ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 | 19 | 18 | CVE-2021-42013 |
CVE Exploitation Activity
CVE-2002-1149 CVE-2021-31207 CVE-2022-22274 CVE-2023-0656 CVE-2019-5418 CVE-2021-26855 CVE-2021-41773 CVE-2021-42013 CVE-2023-1389 CVE-2000-0778 CVE-2021-22893 CVE-2019-0193 CVE-2021-22005 CVE-2024-32114 CVE-2000-0868 CVE-2024-21887 CVE-2020-5902 CVE-2022-1388 CVE-2002-0953 CVE-2010-0738
OpenCLAW Dashboard Intelligence
218Total Events
37Unique Attackers
8Days Active
Attack Types
| Type | Count | Share | |
|---|---|---|---|
| generic-probe | 220 | 97.3% | |
| admin-scan | 6 | 2.7% |
Severity Distribution
| Severity | Count | Percentage |
|---|---|---|
| medium | 6 | 2.7% |
| low | 220 | 97.3% |