🦞 OpenClaw Exposure Watchboard
This page lists publicly reachable active OpenClaw instances for defensive awareness. If this is your deployment, enable authentication, remove direct public exposure, and patch immediately.
Exposed Instances: 683295 Page: 1344 / 6833 (100 per page) Showing: 134301-134400 Last Imported: 19/04/2026, 08:41:00
🇨🇳 364,448
🇺🇸 188,265
Build With Vivgrid
Explore Vivgrid Ship Secure Enterprise AI Agents 10× Faster with vivgrid.com
Vivgrid gives you authentication, model gateway, tool control, cost tracking, and enterprise observability — everything you need to ship AI agents safely at scale.
| Endpoint | Assistant Name | Country | auth_required | is_active | has_leaked_creds | asn | asn_name | org | first_seen | last_seen | asi_has_breach | asi_has_threat_actor | asi_threat_actors | asi_cves | asi_enriched_at | asi_domains |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 154.9.243.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS979 | NetLab Global | Cogent Communications | 01/04/2026, 00:45:03 | 16/04/2026, 13:00:55 | Yes | Yes | APT1 Comment Crew, APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-11022, CVE-2020-11023, CVE-2020-14145, CVE-2020-15778, CVE-2020-23064, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-1322, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 12:30:59 | cogentco.com, hyper3d.ai, galaxea-ai.com, icphoto.cn, wuqisec.com |
| 106.15.185.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:03 | 15/04/2026, 23:59:33 | Yes | Yes | APT-C-23, APT15, APT28, APT29, APT31, APT34, APT36, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Equation Group, Gamaredon Group, Gaza Cybergang, Ghostwriter, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Turla APT Group, Volt Typhoon | CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-28708, CVE-2023-38408, CVE-2023-41080, CVE-2023-42795, CVE-2023-44487, CVE-2023-45648, CVE-2023-46589, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 07/04/2026, 04:25:26 | aliyun.com |
| 165.154.41.•••:18789 | - | 🇭🇰 Hong Kong | Yes | true | Clean | AS135377 | UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED | Ucloud Information Technology HK | 01/04/2026, 00:45:03 | 09/04/2026, 22:51:36 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 07/04/2026, 09:36:37 | - |
| 47.92.195.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:03 | 16/04/2026, 17:33:26 | No | No | - | - | 10/04/2026, 16:02:32 | - |
| 159.223.94.•••:443 | - | 🇸🇬 Singapore | Yes | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:45:03 | 01/04/2026, 08:08:59 | - | - | - | - | - | - |
| 36.138.204.•••:18789 | Assistant | 🇨🇳 China mainland | Yes | true | Clean | AS9808 | China Mobile Communications Group Co., Ltd. | China Mobile | 01/04/2026, 00:45:03 | 16/04/2026, 01:22:19 | - | - | - | - | - | - |
| 43.143.111.•••:9001 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:45:03 | 04/04/2026, 09:29:11 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 | 04/04/2026, 08:48:48 | tencent.com |
| 117.72.32.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS141679 | China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch | JD.com | 01/04/2026, 00:45:03 | 12/04/2026, 15:02:36 | Yes | - | - | CVE-2015-9251, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-11358, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-11022, CVE-2020-11023, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 09/04/2026, 11:38:15 | jdl.cn, vackbot.com, vg.com, jdfinance.com, 51buy.com, blackdragon.com, jddj.com, 7fresh.com, jd.com, 360buy.com, chinabank.com.cn, 360buyimg.com, imdada.cn, jdh.com |
| 149.50.128.•••:443 | - | 🇦🇷 Argentina | Yes | true | Leaked | AS27823 | Dattatec.com | Dattatec | 01/04/2026, 00:45:03 | 16/04/2026, 11:29:50 | Yes | Yes | APT-C-23, APT40, APT41, Donot Team, Lazarus Group, MuddyWater Group, TA428, Volt Typhoon | CVE-2015-9253, CVE-2017-7272, CVE-2017-7963, CVE-2017-8923, CVE-2017-9225, CVE-2017-9229, CVE-2018-19395, CVE-2018-19396, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9641, CVE-2022-31628, CVE-2022-31629, CVE-2022-4900, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-4577, CVE-2024-5458, CVE-2024-6387, CVE-2024-7347, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/04/2026, 09:40:52 | emeingenieria.com.ar, molinosagro.com.ar, cogentco.com, angelesromero.com.ar, adhoc.ar, toyotatransport.com.ar, olc.com.ar, urbanisma.com.ar, guidomogetta.com.ar, nutrienagsolutions.com.ar, ctcrabogados.ar, centennialdigital.com.ar, farmacias.com.ar, brandformance.com.ar, institutocardiovascularsanluis.com.ar, conceptocreativo.com.ar, centrolinux.com.ar, corasa.com.ar, fundacionsiemens.com.ar, aumax.com.ar, rokisoft.com.ar |
| 107.172.59.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | RackNerd | 01/04/2026, 00:45:03 | 16/04/2026, 12:15:32 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 14:05:35 | racknerd.com |
| 81.70.36.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:45:03 | 09/04/2026, 08:38:36 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, El-Machete, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-10708, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 | 09/04/2026, 08:43:46 | - |
| 103.80.3.•••:18789 | - | 🇧🇩 Bangladesh | Yes | true | Clean | AS136014 | SS Online | [name redacted] | 01/04/2026, 00:45:03 | 17/04/2026, 10:06:03 | No | No | - | CVE-2023-44487, CVE-2024-7347, CVE-2025-23419 | 07/04/2026, 00:34:45 | - |
| 47.92.137.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:03 | 16/04/2026, 01:23:34 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-32036, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 | 09/04/2026, 21:34:40 | - |
| 101.201.64.•••:443 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:03 | 03/04/2026, 23:11:54 | - | - | - | - | - | - |
| 180.76.243.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS38365 | Beijing Baidu Netcom Science and Technology Co., Ltd. | Baidu | 01/04/2026, 00:45:03 | 16/04/2026, 23:35:58 | Yes | Yes | APT17, APT37, DragonFly, El-Machete, Gozi, Packrat | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 09/04/2026, 23:31:54 | baidu.com |
| 3.80.42.•••:443 | - | 🇺🇸 United States | Yes | true | Clean | AS14618 | Amazon.com, Inc. | Amazon Web Services | 01/04/2026, 00:45:03 | 16/04/2026, 19:04:20 | No | No | - | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316, CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 | 07/04/2026, 20:37:52 | - |
| 240e:3a5:31cc:2100:a266:10ff:fe13:2a10:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS4134 | Chinanet | China Telecom IPv6 Broadband Address | 01/04/2026, 00:45:03 | 04/04/2026, 09:29:12 | - | - | - | - | - | - |
| 117.72.114.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS141679 | China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch | JD.com | 01/04/2026, 00:45:03 | 09/04/2026, 14:37:15 | - | - | - | - | - | - |
| 183.23.61.•••:8008 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | CHINANET Guangdong | 01/04/2026, 00:45:02 | 04/04/2026, 07:20:49 | No | No | - | - | 29/03/2026, 06:06:45 | - |
| 47.121.200.•••:443 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:02 | 13/04/2026, 21:01:57 | No | Yes | APT1 Comment Crew, APT15, APT27, APT28, APT29, APT31, APT34, APT35, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Earth Longzhi, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Turla APT Group, Volt Typhoon | CVE-2015-9251, CVE-2016-20012, CVE-2019-11358, CVE-2019-16905, CVE-2020-11022, CVE-2020-11023, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385 | 10/04/2026, 09:44:32 | - |
| 34.243.246.•••:443 | - | 🇮🇪 Ireland | Yes | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Data Services Ireland | 01/04/2026, 00:45:02 | 01/04/2026, 08:08:58 | - | - | - | - | - | - |
| 39.98.90.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:02 | 17/04/2026, 10:07:15 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Packrat, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-10708, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 | 07/04/2026, 17:00:54 | aliyun.com |
| 129.159.177.•••:443 | - | 🇺🇸 United States | Yes | true | Leaked | AS31898 | Oracle Corporation | Oracle | 01/04/2026, 00:45:02 | 04/04/2026, 19:11:16 | Yes | No | - | CVE-2023-44487, CVE-2024-7347, CVE-2025-23419 | 04/04/2026, 19:17:53 | healtheintent.com, purewellness.com, cerner.ae, retek.com, tryfoexnow.com, moatads.com, oraclefusion.com, connectinc.com, inquira.com, portal.com, oracle.com, hiedirectconnect.org, maxymiser.net, oraclecloudservices.com, rsys2.net, hyperroll.com, nor1.com, oxygen.systems, oraclegovcloud.com, orcale.com, oraclemobile.com, sun.co.in, openair.co, oraclepdemos.com, stellent.com, siebel.com, cerner.net, oracle-cloud.com, docucorp.com, mvalent.com, elementfusion.com, netsuiteforms.com, oraclecloud.com, en25.com, solaris.com, rightnowtech.com, think.com, ipapp.com, jdedwards.com, tiger-institute.org, zenedge.com, skire.com, sun.com, sales.com, fyleio.com, push.io, estara.com, tekelec.com, textura.com, paymyhealthbill.com, dyndns.com, java.net, optika.com, jcp.org, smed.com, cernerenviza-tw.com, datafox.com, recruitmax.com, decisioneering.com, adiinsights.com, stortek.com, seebeyond.com, livelook.com, openjdk.org, virtualbox.org, dyn.com, oraclehealth.com, aimsystems.com, sunworld.com, plumtree.com, storagetek.com, oracledatacloud.com |
| 111.228.52.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS141679 | China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch | Jingdong Headquarters | 01/04/2026, 00:45:02 | 07/04/2026, 09:33:48 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 13:17:22 | jdl.cn, vackbot.com, vg.com, jdfinance.com, 51buy.com, blackdragon.com, jddj.com, 7fresh.com, jd.com, 360buy.com, chinabank.com.cn, 360buyimg.com, imdada.cn, jdh.com |
| 39.98.65.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:02 | 12/04/2026, 19:26:04 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-10708, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385 | 09/04/2026, 14:38:13 | aliyun.com |
| 13.231.164.•••:18789 | - | 🇯🇵 Japan | Yes | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services Japan | 01/04/2026, 00:45:02 | 01/04/2026, 08:08:58 | - | - | - | - | - | - |
| 143.92.57.•••:443 | - | 🇸🇬 Singapore | Yes | true | Clean | AS152194 | CTG Server Limited | CTG Server | 01/04/2026, 00:45:02 | 16/04/2026, 13:46:13 | No | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-23017, CVE-2021-3618, CVE-2021-41617, CVE-2022-41741, CVE-2022-41742, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 16:59:33 | - |
| 129.211.173.•••:10004 | - | 🇨🇳 China mainland | Yes | true | Clean | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:45:02 | 15/04/2026, 01:34:15 | - | - | - | - | - | - |
| 47.92.196.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:02 | 15/04/2026, 13:30:44 | No | Yes | APT-C-23, APT15, APT28, APT29, APT31, APT34, APT36, APT41, Bitter APT, Bluenoroff, Callisto Group, Carbanak, Cobalt Group, Donot Team, Equation Group, Gamaredon Group, Gaza Cybergang, Ghostwriter, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, Lyceum APT, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, TA505, TEMP.Hermit, The Shadow Brokers, Turla APT Group, Volt Typhoon | CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-4327, CVE-2011-5000, CVE-2012-0814, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-8325, CVE-2016-0777, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708, CVE-2016-1908, CVE-2016-20012, CVE-2016-3115, CVE-2016-6210, CVE-2016-6515, CVE-2017-15906, CVE-2018-15473, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-23017, CVE-2021-3618, CVE-2021-36368, CVE-2021-41617, CVE-2022-41741, CVE-2022-41742, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 15/04/2026, 12:03:11 | - |
| 161.35.50.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:45:02 | 14/04/2026, 10:35:39 | No | Yes | APT15, APT17, APT28, APT29, APT31, APT34, APT35, APT36, APT37, APT39, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, Carbanak, ChamelGang, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728 | 11/04/2026, 08:44:18 | - |
| 54.160.177.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS14618 | Amazon.com, Inc. | Amazon | 01/04/2026, 00:45:02 | 01/04/2026, 08:08:58 | - | - | - | - | - | - |
| 13.50.91.•••:443 | - | 🇺🇸 United States | Yes | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Data Services Sweden | 01/04/2026, 00:45:02 | 10/04/2026, 17:46:13 | No | No | - | - | 04/04/2026, 15:30:42 | - |
| 64.23.205.•••:443 | - | 🇺🇸 United States | Yes | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:45:02 | 17/04/2026, 02:36:39 | No | Yes | APT14, APT15, APT17, APT28, APT29, APT31, APT34, APT36, APT37, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, TA505, The Shadow Brokers, Volt Typhoon, WIRTE | CVE-2006-20001, CVE-2016-20012, CVE-2019-17567, CVE-2020-11984, CVE-2020-11993, CVE-2020-13938, CVE-2020-13950, CVE-2020-14145, CVE-2020-15778, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2020-9490, CVE-2021-26690, CVE-2021-26691, CVE-2021-28041, CVE-2021-30641, CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-36368, CVE-2021-39275, CVE-2021-40438, CVE-2021-41617, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24795, CVE-2024-27316, CVE-2024-39894, CVE-2024-6387 | 04/04/2026, 14:05:24 | - |
| 98.126.102.•••:10201 | - | 🇺🇸 United States | Yes | true | Clean | AS4213 | Krypt Technologies | Krypt Technologies | 01/04/2026, 00:45:02 | 16/04/2026, 01:23:06 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 07/04/2026, 17:16:57 | vpls.net, vpls.com |
| 106.37.96.•••:50005 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4847 | China Networks Inter-Exchange | ChinaNet Beijing | 01/04/2026, 00:45:02 | 03/04/2026, 23:13:28 | - | - | - | - | - | - |
| 187.235.79.•••:18080 | Pi (Tu Bro) (🤙) | 🇲🇽 Mexico | Yes | true | Clean | AS8151 | UNINET | Uninet | 01/04/2026, 00:45:02 | 10/04/2026, 00:59:59 | No | - | - | - | 29/03/2026, 13:14:25 | - |
| 54.183.83.•••:443 | - | 🇺🇸 United States | Yes | true | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/04/2026, 00:45:02 | 15/04/2026, 13:30:45 | No | No | - | CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 07/04/2026, 05:51:51 | - |
| 170.106.136.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS132203 | Tencent Building, Kejizhongyi Avenue | Aceville Pte Ltd | 01/04/2026, 00:45:02 | 16/04/2026, 01:23:11 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 12/04/2026, 17:56:35 | - |
| 39.98.59.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:01 | 07/04/2026, 09:33:36 | Yes | - | - | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 17:00:52 | aliyun.com |
| 47.92.174.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:01 | 16/04/2026, 19:50:06 | No | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 07/04/2026, 04:25:43 | - |
| 8.219.6.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud Singapore | 01/04/2026, 00:45:01 | 12/04/2026, 23:54:33 | - | - | - | - | - | - |
| 115.239.127.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | ChinaNet Zhejiang Jiaxing | 01/04/2026, 00:45:01 | 07/04/2026, 09:33:32 | - | - | - | - | - | - |
| 35.206.211.•••:443 | - | 🇺🇸 United States | Yes | true | Clean | AS15169 | Google LLC / AS19527 Google LLC | 01/04/2026, 00:45:01 | 07/04/2026, 08:03:43 | - | - | - | - | - | - | |
| 34.195.188.•••:8081 | - | 🇺🇸 United States | Yes | true | Clean | AS14618 | Amazon.com, Inc. | Amazon | 01/04/2026, 00:45:01 | 14/04/2026, 10:34:58 | - | - | - | - | - | - |
| 34.121.109.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS396982 | Google LLC | 01/04/2026, 00:45:01 | 15/04/2026, 12:01:33 | No | Yes | APT17, APT36, APT37, APT45, CloudSorcerer, Daggerfly APT, Kimsuky, MuddyWater Group, SideWinder APT, The Shadow Brokers | CVE-2016-20012, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 12/04/2026, 17:11:18 | - | |
| 49.232.145.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud | 01/04/2026, 00:45:01 | 16/04/2026, 01:23:25 | Yes | Yes | APT37, El-Machete | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 11:49:10 | tencent.com |
| 156.249.227.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS139880 | OWGELS INTERNATIONAL CO., LIMITED | Ares IDC Limited | 01/04/2026, 00:45:01 | 16/04/2026, 10:44:45 | No | No | - | - | 04/04/2026, 14:47:15 | - |
| 47.92.76.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:01 | 17/04/2026, 00:21:04 | No | Yes | APT-C-23, APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2015-9253, CVE-2016-20012, CVE-2017-15906, CVE-2017-7272, CVE-2017-7963, CVE-2017-8923, CVE-2017-9225, CVE-2017-9229, CVE-2018-15473, CVE-2018-15919, CVE-2018-19395, CVE-2018-19396, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9641, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2022-31628, CVE-2022-31629, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-4577 | 13/04/2026, 12:23:50 | - |
| 198.23.133.•••:80 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | HostPapa | 01/04/2026, 00:45:01 | 15/04/2026, 13:31:18 | Yes | Yes | APT15, APT17, APT28, APT29, APT31, APT34, APT35, APT36, APT37, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, Carbanak, ChamelGang, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2006-20001, CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 03/04/2026, 23:19:28 | hostpapa.com |
| 156.249.239.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS139880 | OWGELS INTERNATIONAL CO., LIMITED | Ares IDC Limited | 01/04/2026, 00:45:01 | 16/04/2026, 01:22:30 | No | No | - | - | 03/04/2026, 13:07:02 | - |
| 2400:d320:2317:8990::1:18789 | - | 🇸🇬 Singapore | - | true | Clean | AS141995 | Contabo Asia Private Limited | Contabo Asia | 01/04/2026, 00:45:01 | 17/04/2026, 23:59:10 | - | - | - | - | - | - |
| 47.92.124.•••:50001 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:45:01 | 16/04/2026, 01:23:12 | No | No | - | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 04/04/2026, 06:42:46 | - |
| 43.129.207.•••:443 | - | 🇭🇰 Hong Kong | Yes | true | Clean | AS132203 | Tencent Building, Kejizhongyi Avenue | Aceville Pte Ltd | 01/04/2026, 00:45:01 | 01/04/2026, 08:08:57 | - | - | - | - | - | - |
| 43.163.216.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS132203 | Tencent Building, Kejizhongyi Avenue | Aceville Pte Ltd | 01/04/2026, 00:45:01 | 01/04/2026, 08:08:57 | - | - | - | - | - | - |
| 156.225.19.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS401701 | cognetcloud INC | Vapeline Technology | 01/04/2026, 00:45:01 | 01/04/2026, 08:08:57 | - | - | - | - | - | - |
| 104.223.32.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | HostPapa | 01/04/2026, 00:42:51 | 15/04/2026, 13:28:23 | Yes | Yes | APT14, APT15, APT17, APT28, APT31, APT36, APT37, APT45, Bitter APT, Bluenoroff, Callisto Group, CloudSorcerer, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT, The Shadow Brokers | CVE-2006-20001, CVE-2021-23017, CVE-2021-3618, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2022-41741, CVE-2022-41742, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-44487, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24795, CVE-2024-27316, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 07/04/2026, 06:30:28 | hostpapa.com |
| 47.92.128.•••:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:51 | 16/04/2026, 12:58:03 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385 | 07/04/2026, 05:47:09 | - |
| 129.213.114.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS31898 | Oracle Corporation | Oracle Cloud | 01/04/2026, 00:42:51 | 15/04/2026, 11:19:37 | - | - | - | - | - | - |
| 52.253.99.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS8075 | Microsoft Corporation | Microsoft | 01/04/2026, 00:42:51 | 01/04/2026, 05:51:37 | - | - | - | - | - | - |
| 45.55.80.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:42:51 | 12/04/2026, 00:47:22 | No | Yes | Salt Typhoon | CVE-2006-20001, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24795, CVE-2024-27316, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-6387 | 06/04/2026, 12:03:57 | - |
| 39.98.75.•••:18789 | - | 🇨🇳 China mainland | - | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:51 | 16/04/2026, 19:01:19 | Yes | - | - | CVE-2023-48795, CVE-2023-38408, CVE-2023-51385, CVE-2020-15778, CVE-2020-14145, CVE-2021-36368, CVE-2021-28041, CVE-2021-41617, CVE-2016-20012 | 04/04/2026, 08:44:30 | aliyun.com |
| 117.72.214.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS141679 | China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch | JD.com | 01/04/2026, 00:42:51 | 13/04/2026, 19:28:07 | Yes | No | - | CVE-2017-15945, CVE-2021-3618, CVE-2022-41741, CVE-2022-41742, CVE-2023-44487, CVE-2024-7347, CVE-2025-23419 | 13/04/2026, 14:58:08 | jdl.cn, vackbot.com, vg.com, jdfinance.com, 51buy.com, blackdragon.com, jddj.com, 7fresh.com, jd.com, 360buy.com, chinabank.com.cn, 360buyimg.com, imdada.cn, jdh.com |
| 3.93.247.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS14618 | Amazon.com, Inc. | Amazon Web Services | 01/04/2026, 00:42:51 | 16/04/2026, 16:45:08 | - | - | - | - | - | - |
| 2604:9a00:1:106:1c00:7dff:fe00:38c:18789 | - | 🇺🇸 United States | - | true | Clean | AS30633 | Leaseweb USA, Inc. | Leaseweb USA | 01/04/2026, 00:42:51 | 15/04/2026, 23:56:34 | - | - | - | - | - | - |
| 182.42.95.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS58519 | Cloud Computing Corporation | ChinaNet Shandong | 01/04/2026, 00:42:51 | 16/04/2026, 18:15:47 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 14/04/2026, 05:19:09 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 47.92.124.•••:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:51 | 16/04/2026, 01:20:04 | No | Yes | APT28, APT35, APT36, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, Sea Turtle Group, The Shadow Brokers, WildCard APT | CVE-2012-5568, CVE-2016-10708, CVE-2016-20012, CVE-2017-12616, CVE-2017-12617, CVE-2017-15906, CVE-2017-5647, CVE-2017-5664, CVE-2017-7674, CVE-2018-11784, CVE-2018-1304, CVE-2018-1305, CVE-2018-1336, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2018-8014, CVE-2018-8034, CVE-2019-0221, CVE-2019-12418, CVE-2019-16905, CVE-2019-17563, CVE-2019-2684, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-13935, CVE-2020-14145, CVE-2020-15778, CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2021-24122, CVE-2021-25329, CVE-2021-30640, CVE-2021-36368, CVE-2021-41617 | 10/04/2026, 04:08:59 | - |
| 36.212.138.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS9808 | China Mobile Communications Group Co., Ltd. | China Mobile | 01/04/2026, 00:42:51 | 12/04/2026, 17:08:36 | - | - | - | - | - | - |
| 47.253.171.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud US | 01/04/2026, 00:42:51 | 01/04/2026, 05:51:36 | - | - | - | - | - | - |
| 45.204.11.•••:18789 | - | 🇭🇰 Hong Kong | - | true | Clean | AS132813 | HK AISI CLOUD COMPUTING LIMITED | Ruiou International Network Limited | 01/04/2026, 00:42:50 | 17/04/2026, 05:34:06 | No | - | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 17/04/2026, 00:20:39 | - |
| 152.42.189.•••:18789 | - | 🇸🇬 Singapore | - | true | Leaked | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:42:50 | 16/04/2026, 22:48:18 | Yes | Yes | APT15, APT17, APT28, APT31, APT36, APT37, APT45, Bitter APT, Bluenoroff, Callisto Group, CloudSorcerer, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT, The Shadow Brokers | CVE-2021-23017, CVE-2021-3618, CVE-2022-41741, CVE-2022-41742, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2024-7347, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-59362, CVE-2025-61984, CVE-2025-61985, CVE-2025-62168 | 04/04/2026, 08:00:04 | qzz.io |
| 47.252.53.•••:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud US | 01/04/2026, 00:42:50 | 15/04/2026, 13:28:35 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728 | 03/04/2026, 13:26:31 | - |
| 144.91.72.•••:18789 | - | 🇩🇪 Germany | Yes | true | Clean | AS51167 | Contabo GmbH | Contabo | 01/04/2026, 00:42:50 | 01/04/2026, 09:36:44 | - | - | - | - | - | - |
| 101.37.151.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 17/04/2026, 10:03:27 | Yes | - | - | - | 14/04/2026, 05:19:15 | aliyun.com |
| 20.196.80.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS8075 | Microsoft Corporation | Microsoft | 01/04/2026, 00:42:50 | 01/04/2026, 05:51:36 | - | - | - | - | - | - |
| 43.160.244.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS132203 | Tencent Building, Kejizhongyi Avenue | Aceville Pte Ltd | 01/04/2026, 00:42:50 | 16/04/2026, 01:20:46 | - | - | - | - | - | - |
| 47.101.178.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 16/04/2026, 18:15:55 | No | Yes | APT14, APT15, APT17, APT28, APT29, APT31, APT34, APT35, APT36, APT37, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, Carbanak, ChamelGang, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2006-20001, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24795, CVE-2024-27316, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2024-6387, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 | 01/04/2026, 02:52:11 | - |
| 147.182.148.•••:18789 | - | 🇨🇦 Canada | - | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:42:50 | 16/04/2026, 17:30:32 | No | Yes | APT14, APT15, APT17, APT28, APT29, APT31, APT34, APT35, APT36, APT37, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, Carbanak, ChamelGang, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2006-20001, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-24795, CVE-2024-27316, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39894, CVE-2024-40898, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/04/2026, 02:52:14 | - |
| 82.158.229.•••:18789 | - | 🇭🇰 Hong Kong | Yes | true | Clean | AS401701 | cognetcloud INC | Vapeliner Technology (HK) Limited | 01/04/2026, 00:42:50 | 04/04/2026, 13:10:53 | No | No | - | - | 26/03/2026, 02:52:17 | - |
| 120.48.106.•••:18789 | 张二蛋 | 🇺🇸 United States | Yes | true | Leaked | AS38365 | Beijing Baidu Netcom Science and Technology Co., Ltd. | Baidu | 01/04/2026, 00:42:50 | 04/04/2026, 17:38:57 | Yes | Yes | APT17, APT28, APT35, APT37, APT39, Cobalt Group, DragonFly, El-Machete, Gozi, Kimsuky, Mustang Panda, Packrat, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/04/2026, 02:52:19 | baidu.com |
| 47.108.118.•••:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 15/04/2026, 23:56:36 | No | No | - | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728 | 01/04/2026, 02:52:21 | - |
| 47.108.195.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 17/04/2026, 01:03:32 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT41, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, Volt Typhoon | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24989, CVE-2024-24990 | 01/04/2026, 02:52:29 | - |
| 120.78.231.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 07/04/2026, 03:31:38 | Yes | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 01/04/2026, 02:52:34 | aliyun.com |
| 39.98.174.•••:18789 | - | 🇨🇳 China mainland | - | true | Leaked | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:50 | 16/04/2026, 17:30:31 | Yes | - | - | - | 01/04/2026, 02:52:42 | aliyun.com |
| 47.103.199.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/04/2026, 00:42:49 | 01/04/2026, 05:51:35 | No | - | - | - | 26/03/2026, 02:52:53 | - |
| 188.166.102.•••:18789 | - | 🇳🇱 Netherlands | Yes | true | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/04/2026, 00:42:49 | 06/04/2026, 15:47:00 | No | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/04/2026, 02:52:54 | - |
| 2407:3641:2316:4975::1:18789 | - | 🇸🇬 Singapore | - | true | Clean | AS141995 | Contabo Asia Private Limited | Contabo Asia | 01/04/2026, 00:42:49 | 17/04/2026, 04:04:04 | - | - | - | - | - | - |
| 62.234.54.•••:18789 | - | 🇨🇳 China mainland | - | true | Clean | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:42:49 | 16/04/2026, 15:59:38 | No | Yes | APT-C-23, APT1 Comment Crew, APT15, APT27, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Earth Longzhi, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, TA428, The Shadow Brokers, Turla APT Group, Volt Typhoon | CVE-2015-9251, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-11358, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-11022, CVE-2020-11023, CVE-2020-14145, CVE-2020-15778, CVE-2020-23064, CVE-2021-36368, CVE-2021-41617, CVE-2022-31625, CVE-2022-31626, CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-4577, CVE-2024-5458, CVE-2024-7347 | 01/04/2026, 02:53:03 | - |
| 195.26.255.•••:18789 | - | 🇩🇪 Germany | Yes | true | Leaked | AS40021 | Contabo Inc. | Contabo | 01/04/2026, 00:42:49 | 16/04/2026, 01:20:51 | Yes | Yes | APT-C-23, APT15, APT17, APT28, APT29, APT31, APT34, APT35, APT36, APT37, APT40, APT41, APT45, Bitter APT, Bluenoroff, Callisto Group, Carbanak, ChamelGang, CloudSorcerer, Cobalt Group, Daggerfly APT, Donot Team, Equation Group, Gamaredon Group, Gaza Cybergang, Ghostwriter, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Turla APT Group, Volt Typhoon | CVE-2021-23017, CVE-2021-3618, CVE-2022-41741, CVE-2022-41742, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/04/2026, 02:53:06 | contaboserver.net, contabo.de, contabo.net |
| 103.52.154.•••:18789 | - | 🇭🇰 Hong Kong | Yes | true | Clean | AS401701 | cognetcloud INC | Vapeliner Technology (HK) Limited | 01/04/2026, 00:42:49 | 16/04/2026, 01:21:21 | No | - | - | - | 26/03/2026, 02:53:09 | - |
| 104.155.200.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS396982 | Google LLC | 01/04/2026, 00:42:49 | 07/04/2026, 05:46:20 | No | Yes | DragonFly, Packrat | CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 01/04/2026, 02:53:12 | - | |
| 34.212.153.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/04/2026, 00:42:49 | 18/04/2026, 00:40:45 | No | No | - | CVE-2016-20012, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/04/2026, 02:53:17 | - |
| 180.254.20.•••:18789 | - | 🇮🇩 Indonesia | Yes | true | Clean | AS7713 | PT Telekomunikasi Indonesia | Telkom Indonesia | 01/04/2026, 00:42:49 | 01/04/2026, 05:51:35 | No | No | - | - | 26/03/2026, 02:53:19 | - |
| 82.156.135.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:42:49 | 17/04/2026, 10:04:32 | No | No | - | - | 26/03/2026, 02:53:26 | - |
| 20.18.17.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS8075 | Microsoft Corporation | Microsoft | 01/04/2026, 00:42:49 | 01/04/2026, 05:51:34 | No | No | - | - | 26/03/2026, 02:53:27 | - |
| 136.115.44.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS396982 | Google LLC | 01/04/2026, 00:42:49 | 03/04/2026, 20:55:34 | - | - | - | - | - | - | |
| 111.228.7.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS141679 | China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch | Jingdong Headquarters | 01/04/2026, 00:42:49 | 16/04/2026, 08:45:05 | - | - | - | - | - | - |
| 193.111.30.•••:18789 | - | 🇯🇵 Japan | Yes | true | Clean | AS3258 | xTom Japan Corporation | 365 Group LLC | 01/04/2026, 00:42:49 | 16/04/2026, 20:32:42 | Yes | Yes | APT-C-23, APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Ghostwriter, Hafnium Group, Inception Framework, Kimsuky, Lazarus Group, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Turla APT Group, Volt Typhoon | CVE-2016-10708, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-24990, CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200, CVE-2024-6387, CVE-2024-7347, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/04/2026, 02:53:35 | xtom.com |
| 158.180.25.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS31898 | Oracle Corporation | Oracle | 01/04/2026, 00:42:49 | 15/04/2026, 23:17:41 | - | - | - | - | - | - |
| 54.187.91.•••:18789 | - | 🇺🇸 United States | - | true | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/04/2026, 00:42:49 | 17/04/2026, 00:18:19 | - | - | - | - | - | - |
| 82.157.110.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/04/2026, 00:42:49 | 10/04/2026, 12:25:02 | No | Yes | APT37, El-Machete | - | 01/04/2026, 02:53:44 | - |