🦞 OpenClaw Exposure Watchboard
This page lists publicly reachable active OpenClaw instances for defensive awareness. If this is your deployment, enable authentication, remove direct public exposure, and patch immediately.
Exposed Instances: 1006105 Page: 231 / 10062 (100 per page) Showing: 23001-23100 Last Imported: 14/07/2026, 07:44:58
🇨🇳 483,673
🇺🇸 290,578
Build With Vivgrid
Explore Vivgrid Ship Secure Enterprise AI Agents 10× Faster with vivgrid.com
Vivgrid gives you authentication, model gateway, tool control, cost tracking, and enterprise observability — everything you need to ship AI agents safely at scale.
| Endpoint | Assistant Name | Country | auth_required | is_active | has_leaked_creds | asn | asn_name | org | first_seen | last_seen | asi_has_breach | asi_has_threat_actor | asi_threat_actors | asi_cves | asi_enriched_at | asi_domains |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 13.233.183.•••:18789 | - | 🇮🇳 India | - | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services | 01/07/2026, 02:39:26 | 08/07/2026, 07:38:04 | No | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 02:40:52 | - |
| 155.212.166.•••:18789 | - | 🇳🇱 Netherlands | Yes | false | Leaked | AS29182 | JSC IOT | Joint Stock Company Internet of Things | 01/07/2026, 02:39:26 | 04/07/2026, 19:16:26 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 02:40:54 | fvds.ru, duckdns.org |
| 143.110.241.•••:18789 | - | 🇮🇳 India | - | false | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/07/2026, 02:37:28 | 02/07/2026, 20:08:49 | No | Yes | APT14, APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Equation Group, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, TA505, The Shadow Brokers, UNC2452, Volt Typhoon, WIRTE | CVE-2006-20001, CVE-2016-10708, CVE-2016-20012, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-17567, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-11984, CVE-2020-11993, CVE-2020-12062, CVE-2020-13950, CVE-2020-14145, CVE-2020-15778, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2020-9490, CVE-2021-26690, CVE-2021-26691, CVE-2021-28041, CVE-2021-30641, CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-36368, CVE-2021-39275, CVE-2021-40438, CVE-2021-41617, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 04:48:24 | - |
| 103.142.26.•••:18789 | - | 🇻🇳 Vietnam | - | false | Clean | AS135951 | Webico Company Limited | Tino Group | 01/07/2026, 02:37:27 | 02/07/2026, 20:08:48 | No | Yes | APT-C-23, APT1 Comment Crew, APT10, APT15, APT19, APT27, APT28, APT29, APT30, APT33, APT34, APT35, APT37, APT39, APT40, APT41, APT5, AQUATIC PANDA, Antlion APT, BRONZE ATLAS, Bluenoroff, Bronze Butler APT, Buhtrap Group, Calypso APT, Carbanak, Cobalt Group, CopyKittens, DarkHydrus, DragonOK APT, Earth Berberoka, Energetic Bear, Equation Group, FIN6, Gamaredon Group, Greenbug Group, Hafnium Group, Inception Framework, Konni Group, Lazarus Group, Moses Staff APT, MuddyWater Group, Orangeworm, Pirate Panda, Sandworm Team, Silence Hacker Group, TA505, The Shadow Brokers, Thrip APT, Triton APT, Tropic Trooper, Volatile Kitten, Winnti Group | CVE-2014-3562, CVE-2014-4650, CVE-2015-3456, CVE-2015-5741, CVE-2015-6815, CVE-2016-2124, CVE-2016-2183, CVE-2016-6662, CVE-2017-1000376, CVE-2017-5645, CVE-2017-9953, CVE-2018-1059, CVE-2018-10869, CVE-2018-10892, CVE-2018-10926, CVE-2018-1111, CVE-2018-1128, CVE-2018-1129, CVE-2018-14462, CVE-2018-14463, CVE-2018-14465, CVE-2018-14469, CVE-2018-14622, CVE-2018-14645, CVE-2018-14879, CVE-2018-14882, CVE-2018-16229, CVE-2018-16540, CVE-2018-16871, CVE-2018-17456, CVE-2018-18311, CVE-2018-20615, CVE-2018-3665, CVE-2018-3760, CVE-2019-10196, CVE-2019-11038, CVE-2019-11477, CVE-2019-11478, CVE-2019-14813, CVE-2019-14816, CVE-2019-14907, CVE-2019-19906, CVE-2019-3459, CVE-2019-3880, CVE-2019-5798, CVE-2019-6974, CVE-2019-7221, CVE-2019-7317, CVE-2020-10696, CVE-2020-10711, CVE-2020-10749, CVE-2020-10756, CVE-2020-10763, CVE-2020-14318, CVE-2020-14355, CVE-2020-14364, CVE-2020-14370, CVE-2020-14394, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, CVE-2020-1711, CVE-2020-25639, CVE-2020-25657, CVE-2020-25710, CVE-2020-25717, CVE-2020-25743, CVE-2020-27777, CVE-2020-27786, CVE-2020-27827, CVE-2020-35518, CVE-2020-35524, CVE-2021-20179, CVE-2021-20188, CVE-2021-20229, CVE-2021-20236, CVE-2021-20270, CVE-2021-32027, CVE-2021-3516, CVE-2021-3532, CVE-2021-3533, CVE-2021-3537, CVE-2021-3578, CVE-2021-3621, CVE-2021-3669, CVE-2021-3737, CVE-2021-3752, CVE-2021-4104, CVE-2021-41817, CVE-2021-44142, CVE-2021-45417, CVE-2022-0711, CVE-2022-1011, CVE-2022-1227, CVE-2022-1708, CVE-2022-2132, CVE-2022-2393, CVE-2022-2850, CVE-2022-2989, CVE-2022-2990, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547 | 01/07/2026, 04:48:30 | - |
| 13.233.183.•••:18789 | - | 🇮🇳 India | - | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services | 01/07/2026, 02:37:27 | 09/07/2026, 15:58:33 | No | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 04:48:33 | - |
| 3.34.209.•••:443 | - | 🇰🇷 South Korea | Yes | true | Clean | AS16509 | Amazon.com, Inc. | AWS Seoul Region | 01/07/2026, 02:00:21 | 13/07/2026, 08:34:34 | No | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2016-1546, CVE-2016-4975, CVE-2016-4979, CVE-2016-5387, CVE-2016-8612, CVE-2016-8740, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333, CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-23017, CVE-2021-26690, CVE-2021-26691, CVE-2021-33193, CVE-2021-34798, CVE-2021-3618, CVE-2021-39275, CVE-2021-40438, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-41741, CVE-2022-41742, CVE-2023-44487, CVE-2024-39894, CVE-2024-4956, CVE-2024-5764, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728 | 01/07/2026, 02:00:41 | - |
| 47.92.138.•••:50001 | - | 🇨🇳 China mainland | Yes | false | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/07/2026, 02:00:21 | 01/07/2026, 11:18:56 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 01/07/2026, 02:00:45 | - |
| 8.163.123.•••:443 | - | 🇸🇬 Singapore | Yes | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alibaba Cloud | 01/07/2026, 02:00:21 | 12/07/2026, 21:11:05 | - | - | - | - | - | - |
| 51.132.233.•••:443 | - | 🇬🇧 United Kingdom | Yes | true | Clean | AS8075 | Microsoft Corporation | Cloud | 01/07/2026, 02:00:21 | 13/07/2026, 16:27:58 | No | No | - | - | 25/06/2026, 02:00:52 | - |
| 183.238.181.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS9808 | China Mobile Communications Group Co., Ltd. | China Mobile | 01/07/2026, 02:00:21 | 13/07/2026, 18:37:12 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 04/07/2026, 09:22:22 | chinamobile.com, chinamobile.cn |
| 118.232.199.•••:8443 | - | 🇹🇼 Taiwan | Yes | true | Leaked | AS38841 | kbro CO. Ltd. | Kbro Co Ltd | 01/07/2026, 02:00:20 | 12/07/2026, 09:00:18 | Yes | Yes | APT15, APT28, APT31, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 02:01:02 | kbro.com.tw |
| 132.243.166.•••:18789 | - | 🇳🇱 Netherlands | Yes | true | Clean | AS200019 | ALEXHOST SRL | AlexHost | 01/07/2026, 02:00:20 | 13/07/2026, 15:45:07 | No | No | - | - | 25/06/2026, 02:01:05 | - |
| 114.240.77.•••:1009 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4808 | China Unicom Beijing Province Network | China Unicom Beijing | 01/07/2026, 02:00:20 | 04/07/2026, 12:54:40 | Yes | Yes | Packrat | - | 01/07/2026, 02:01:06 | chinaunicom.cn |
| 163.47.40.•••:18789 | - | 🇦🇺 Australia | Yes | true | Clean | AS35916 | MULTACOM CORPORATION | 5G Network Operations | 01/07/2026, 02:00:20 | 12/07/2026, 21:11:01 | - | - | - | - | - | - |
| 84.247.153.•••:18789 | - | 🇯🇵 Japan | Yes | true | Leaked | AS141995 | Contabo Asia Private Limited | Contabo | 01/07/2026, 02:00:19 | 13/07/2026, 02:52:47 | Yes | Yes | APT15, APT17, APT31, APT36, APT37, APT45, Bitter APT, Bluenoroff, CloudSorcerer, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 02:01:14 | contaboserver.net, contabo.de, contabo.net |
| 34.225.5.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS14618 | Amazon.com, Inc. | Amazon | 01/07/2026, 02:00:19 | 11/07/2026, 01:34:28 | No | No | - | - | 25/06/2026, 02:01:20 | - |
| 1.175.137.•••:18789 | - | 🇹🇼 Taiwan | Yes | false | Leaked | AS3462 | Data Communication Business Group | Chunghwa Telecom Data Group | 01/07/2026, 02:00:18 | 05/07/2026, 00:20:29 | Yes | No | - | - | 01/07/2026, 02:01:24 | twgate.net, hinet.net, xuite.net, cht.com.tw, chttl.com.tw |
| 45.79.145.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS63949 | Akamai Connected Cloud | Linode | 01/07/2026, 02:00:18 | 09/07/2026, 22:31:04 | No | Yes | APT1 Comment Crew, APT10, APT14, APT15, APT27, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Carbanak, Cobalt Group, Donot Team, Earth Berberoka, Earth Longzhi, Equation Group, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Lyceum APT, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, Slingshot APT, TA505, TEMP.Hermit, The Shadow Brokers, Tropic Trooper, Turla APT Group, Volt Typhoon, WIRTE, WildCard APT | CVE-2002-0653, CVE-2006-20001, CVE-2008-0455, CVE-2009-3560, CVE-2009-3720, CVE-2010-0434, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-0419, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2011-4327, CVE-2011-4415, CVE-2011-5000, CVE-2012-0031, CVE-2012-0053, CVE-2012-0814, CVE-2012-0883, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012-4558, CVE-2012-6708, CVE-2013-1862, CVE-2013-1896, CVE-2013-2249, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-0228, CVE-2015-3183, CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-8325, CVE-2015-9251, CVE-2016-0777, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708, CVE-2016-1908, CVE-2016-20012, CVE-2016-3115, CVE-2016-4975, CVE-2016-5387, CVE-2016-6210, CVE-2016-6515, CVE-2016-8612, CVE-2016-8743, CVE-2017-15906, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-8923, CVE-2017-9788, CVE-2017-9798, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-15473, CVE-2018-20685, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-11358, CVE-2019-13224, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641, CVE-2020-11022, CVE-2020-11023, CVE-2020-15778, CVE-2020-23064, CVE-2020-7059, CVE-2020-7060, CVE-2020-7061, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7066, CVE-2020-7067, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7656, CVE-2021-23017, CVE-2021-34798, CVE-2021-3618, CVE-2021-36368, CVE-2021-39275, CVE-2021-40438, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31160, CVE-2022-31628, CVE-2022-31629, CVE-2022-31813, CVE-2022-37436, CVE-2022-37454, CVE-2022-41741, CVE-2022-41742, CVE-2023-28625, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-44487, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-40898, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-49812, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 02:01:26 | - |
| 45.196.236.•••:443 | - | 🇭🇰 Hong Kong | Yes | true | Clean | AS151407 | Hytron Network Services Limited | Akile LTD | 01/07/2026, 02:00:18 | 13/07/2026, 22:11:25 | No | No | - | - | 25/06/2026, 02:01:28 | - |
| 81.169.151.•••:18789 | - | 🇩🇪 Germany | Yes | true | Leaked | AS6724 | STRATO AG | Strato Data Center | 01/07/2026, 02:00:18 | 12/07/2026, 23:19:04 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-1217, CVE-2025-1219, CVE-2025-1220, CVE-2025-1734, CVE-2025-1735, CVE-2025-1736, CVE-2025-1861, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-59362, CVE-2025-61984, CVE-2025-61985, CVE-2025-62168, CVE-2025-6491, CVE-2026-32748, CVE-2026-33515, CVE-2026-33526 | 01/07/2026, 02:01:29 | stratoserver.net, strato.com, strato.de |
| 121.63.2.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | ChinaNet Hubei | 01/07/2026, 02:00:18 | 01/07/2026, 12:01:53 | Yes | No | - | - | 01/07/2026, 02:01:30 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 47.84.235.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud | 01/07/2026, 02:00:18 | 10/07/2026, 09:11:19 | - | - | - | - | - | - |
| 113.110.253.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | CHINANET Guangdong | 01/07/2026, 02:00:17 | 01/07/2026, 12:01:52 | Yes | No | - | CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-44487, CVE-2024-7347, CVE-2025-23419 | 01/07/2026, 02:01:36 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 36.27.18.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 02:00:17 | 08/07/2026, 04:07:35 | No | No | - | - | 25/06/2026, 02:01:39 | - |
| 168.110.125.•••:18789 | - | 🇺🇸 United States | Yes | false | Clean | AS31898 | Oracle Corporation | Oracle | 01/07/2026, 02:00:17 | 01/07/2026, 12:01:52 | - | - | - | - | - | - |
| 43.139.90.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/07/2026, 01:58:37 | 01/07/2026, 06:59:24 | Yes | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/07/2026, 04:52:56 | tencent.com, tencentcloud.com |
| 3.34.209.•••:18789 | - | 🇰🇷 South Korea | - | true | Clean | AS16509 | Amazon.com, Inc. | AWS Seoul Region | 01/07/2026, 01:58:30 | 13/07/2026, 04:15:44 | No | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2016-1546, CVE-2016-4975, CVE-2016-4979, CVE-2016-5387, CVE-2016-8612, CVE-2016-8740, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333, CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-23017, CVE-2021-26690, CVE-2021-26691, CVE-2021-33193, CVE-2021-34798, CVE-2021-3618, CVE-2021-39275, CVE-2021-40438, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-41741, CVE-2022-41742, CVE-2023-44487, CVE-2024-39894, CVE-2024-4956, CVE-2024-5764, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728 | 01/07/2026, 04:54:05 | - |
| 47.92.138.•••:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/07/2026, 01:58:30 | 01/07/2026, 07:42:28 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 01/07/2026, 04:54:08 | - |
| 8.163.123.•••:18789 | - | 🇸🇬 Singapore | - | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alibaba Cloud | 01/07/2026, 01:58:30 | 14/07/2026, 02:25:39 | - | - | - | - | - | - |
| 51.132.233.•••:18789 | - | 🇬🇧 United Kingdom | - | true | Clean | AS8075 | Microsoft Corporation | Cloud | 01/07/2026, 01:58:30 | 13/07/2026, 11:24:13 | No | No | - | - | 25/06/2026, 04:54:15 | - |
| 27.112.79.•••:18789 | - | 🇮🇩 Indonesia | Yes | true | Clean | AS136052 | PT Cloud Hosting Indonesia | IDCloudHost | 01/07/2026, 01:58:30 | 13/07/2026, 07:49:21 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2020-17482, CVE-2020-24696, CVE-2020-24697, CVE-2020-24698, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 04:54:16 | - |
| 183.238.181.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS9808 | China Mobile Communications Group Co., Ltd. | China Mobile | 01/07/2026, 01:58:29 | 13/07/2026, 14:16:59 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 04/07/2026, 13:38:46 | chinamobile.com, chinamobile.cn |
| 3.135.184.•••:18789 | - | 🇺🇸 United States | - | false | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/07/2026, 01:58:29 | 01/07/2026, 07:42:27 | No | Yes | APT14, APT40, APT41, Cobalt Group, Gamaredon Group, Kimsuky, Lazarus Group, SharpPanda | CVE-2006-20001, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 04:54:27 | - |
| 118.232.199.•••:18789 | - | 🇹🇼 Taiwan | - | true | Leaked | AS38841 | kbro CO. Ltd. | Kbro Co Ltd | 01/07/2026, 01:58:29 | 12/07/2026, 05:21:46 | Yes | Yes | APT15, APT28, APT31, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 04:54:28 | kbro.com.tw |
| 132.243.166.•••:18789 | - | 🇳🇱 Netherlands | Yes | true | Clean | AS200019 | ALEXHOST SRL | AlexHost | 01/07/2026, 01:58:28 | 13/07/2026, 11:24:18 | No | No | - | - | 25/06/2026, 04:54:32 | - |
| 114.240.77.•••:18789 | - | 🇨🇳 China mainland | - | false | Leaked | AS4808 | China Unicom Beijing Province Network | China Unicom Beijing | 01/07/2026, 01:58:28 | 04/07/2026, 09:18:17 | Yes | Yes | Packrat | - | 01/07/2026, 04:54:33 | chinaunicom.cn |
| 163.47.40.•••:18789 | - | 🇦🇺 Australia | Yes | true | Clean | AS35916 | MULTACOM CORPORATION | 5G Network Operations | 01/07/2026, 01:58:28 | 12/07/2026, 16:52:01 | - | - | - | - | - | - |
| 84.247.153.•••:18789 | - | 🇯🇵 Japan | Yes | true | Leaked | AS141995 | Contabo Asia Private Limited | Contabo | 01/07/2026, 01:58:27 | 12/07/2026, 21:51:05 | Yes | Yes | APT15, APT17, APT31, APT36, APT37, APT45, Bitter APT, Bluenoroff, CloudSorcerer, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:43:48 | contaboserver.net, contabo.de, contabo.net |
| 115.227.246.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | ChinaNet Zhejiang | 01/07/2026, 01:58:27 | 04/07/2026, 09:18:13 | Yes | No | - | - | 01/07/2026, 07:43:51 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 1.175.137.•••:18789 | - | 🇹🇼 Taiwan | Yes | false | Leaked | AS3462 | Data Communication Business Group | Chunghwa Telecom Data Group | 01/07/2026, 01:58:27 | 04/07/2026, 20:44:14 | Yes | No | - | - | 01/07/2026, 07:43:52 | twgate.net, hinet.net, xuite.net, cht.com.tw, chttl.com.tw |
| 45.79.145.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS63949 | Akamai Connected Cloud | Linode | 01/07/2026, 01:58:27 | 09/07/2026, 18:54:26 | No | Yes | APT1 Comment Crew, APT10, APT14, APT15, APT27, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Carbanak, Cobalt Group, Donot Team, Earth Berberoka, Earth Longzhi, Equation Group, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Lyceum APT, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, Slingshot APT, TA505, TEMP.Hermit, The Shadow Brokers, Tropic Trooper, Turla APT Group, Volt Typhoon, WIRTE, WildCard APT | CVE-2002-0653, CVE-2006-20001, CVE-2008-0455, CVE-2009-3560, CVE-2009-3720, CVE-2010-0434, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-0419, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2011-4327, CVE-2011-4415, CVE-2011-5000, CVE-2012-0031, CVE-2012-0053, CVE-2012-0814, CVE-2012-0883, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012-4558, CVE-2012-6708, CVE-2013-1862, CVE-2013-1896, CVE-2013-2249, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-0228, CVE-2015-3183, CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-8325, CVE-2015-9251, CVE-2016-0777, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708, CVE-2016-1908, CVE-2016-20012, CVE-2016-3115, CVE-2016-4975, CVE-2016-5387, CVE-2016-6210, CVE-2016-6515, CVE-2016-8612, CVE-2016-8743, CVE-2017-15906, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-8923, CVE-2017-9788, CVE-2017-9798, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-15473, CVE-2018-20685, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-11358, CVE-2019-13224, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641, CVE-2020-11022, CVE-2020-11023, CVE-2020-15778, CVE-2020-23064, CVE-2020-7059, CVE-2020-7060, CVE-2020-7061, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7066, CVE-2020-7067, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7656, CVE-2021-23017, CVE-2021-34798, CVE-2021-3618, CVE-2021-36368, CVE-2021-39275, CVE-2021-40438, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31160, CVE-2022-31628, CVE-2022-31629, CVE-2022-31813, CVE-2022-37436, CVE-2022-37454, CVE-2022-41741, CVE-2022-41742, CVE-2023-28625, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-44487, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-40898, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-49812, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:43:55 | - |
| 45.196.236.•••:18789 | - | 🇭🇰 Hong Kong | - | true | Clean | AS151407 | Hytron Network Services Limited | Akile LTD | 01/07/2026, 01:58:25 | 13/07/2026, 17:08:09 | No | No | - | - | 25/06/2026, 07:44:04 | - |
| 121.63.2.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | ChinaNet Hubei | 01/07/2026, 01:58:25 | 01/07/2026, 08:25:30 | Yes | No | - | - | 01/07/2026, 07:44:05 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 81.169.151.•••:18789 | - | 🇩🇪 Germany | Yes | true | Leaked | AS6724 | STRATO AG | Strato Data Center | 01/07/2026, 01:58:25 | 13/07/2026, 10:40:57 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-1217, CVE-2025-1219, CVE-2025-1220, CVE-2025-1734, CVE-2025-1735, CVE-2025-1736, CVE-2025-1861, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-59362, CVE-2025-61984, CVE-2025-61985, CVE-2025-62168, CVE-2025-6491, CVE-2026-32748, CVE-2026-33515, CVE-2026-33526 | 01/07/2026, 07:44:08 | stratoserver.net, strato.com, strato.de |
| 47.84.235.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud | 01/07/2026, 01:58:25 | 10/07/2026, 05:35:41 | - | - | - | - | - | - |
| 113.110.253.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | CHINANET Guangdong | 01/07/2026, 01:58:25 | 01/07/2026, 08:25:30 | Yes | No | - | CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-44487, CVE-2024-7347, CVE-2025-23419 | 01/07/2026, 07:44:12 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 36.27.18.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 01:58:25 | 08/07/2026, 00:31:04 | No | No | - | - | 25/06/2026, 07:44:17 | - |
| 168.110.125.•••:18789 | - | 🇺🇸 United States | Yes | false | Leaked | AS31898 | Oracle Corporation | Oracle | 01/07/2026, 01:58:25 | 03/07/2026, 06:15:47 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 03/07/2026, 06:16:38 | netsuit.com, healtheintent.com, purewellness.com, lodestarcorp.com, cerner.ae, retek.com, tryfoexnow.com, moatads.com, oraclefusion.com, connectinc.com, inquira.com, portal.com, glog.com, healtheatcerner.com, oracle.com, hiedirectconnect.org, maxymiser.net, oraclecloudservices.com, rsys2.net, hyperroll.com, nor1.com, oxygen.systems, oraclegovcloud.com, orcale.com, oraclemobile.com, sun.co.in, openair.co, oraclepdemos.com, stellent.com, torexretail.com, siebel.com, cerner.net, oracle-cloud.com, docucorp.com, mvalent.com, netsuitesuiteprojectspro.com, elementfusion.com, netsuiteforms.com, oraclecloud.com, en25.com, solaris.com, rightnowtech.com, think.com, ipapp.com, pertmaster.com, jdedwards.com, commercialware.com, tiger-institute.org, zenedge.com, skire.com, sun.com, ateam-oracle.com, sales.com, fyleio.com, push.io, estara.com, tekelec.com, textura.com, paymyhealthbill.com, dyndns.com, java.net, optika.com, mobilemd.com, jcp.org, smed.com, cernerenviza-tw.com, datafox.com, recruitmax.com, decisioneering.com, adiinsights.com, stortek.com, seebeyond.com, berkeleydb.org, livelook.com, openjdk.org, virtualbox.org, dyn.com, oraclehealth.com, aimsystems.com, sunworld.com, plumtree.com, storagetek.com, oracledatacloud.com |
| 125.121.245.•••:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 01:56:37 | 01/07/2026, 07:40:31 | No | No | - | - | 25/06/2026, 07:01:42 | - |
| 3.34.209.•••:18789 | - | 🇰🇷 South Korea | - | true | Clean | AS16509 | Amazon.com, Inc. | AWS Seoul Region | 01/07/2026, 01:56:37 | 13/07/2026, 04:13:52 | No | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2016-1546, CVE-2016-4975, CVE-2016-4979, CVE-2016-5387, CVE-2016-8612, CVE-2016-8740, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333, CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-23017, CVE-2021-26690, CVE-2021-26691, CVE-2021-33193, CVE-2021-34798, CVE-2021-3618, CVE-2021-39275, CVE-2021-40438, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-41741, CVE-2022-41742, CVE-2023-44487, CVE-2024-39894, CVE-2024-4956, CVE-2024-5764, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728 | 01/07/2026, 07:01:45 | - |
| 47.92.138.•••:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alisoft | 01/07/2026, 01:56:37 | 01/07/2026, 07:40:31 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617 | 01/07/2026, 07:01:48 | - |
| 8.163.123.•••:18789 | - | 🇸🇬 Singapore | - | true | Clean | AS37963 | Hangzhou Alibaba Advertising Co.,Ltd. | Alibaba Cloud | 01/07/2026, 01:56:36 | 14/07/2026, 02:23:48 | - | - | - | - | - | - |
| 51.132.233.•••:18789 | - | 🇬🇧 United Kingdom | - | true | Clean | AS8075 | Microsoft Corporation | Cloud | 01/07/2026, 01:56:36 | 13/07/2026, 11:22:25 | No | No | - | - | 25/06/2026, 07:01:55 | - |
| 27.112.79.•••:18789 | - | 🇮🇩 Indonesia | Yes | true | Clean | AS136052 | PT Cloud Hosting Indonesia | IDCloudHost | 01/07/2026, 01:56:36 | 13/07/2026, 07:47:20 | No | No | - | CVE-2016-20012, CVE-2020-12062, CVE-2020-14145, CVE-2020-15778, CVE-2020-17482, CVE-2020-24696, CVE-2020-24697, CVE-2020-24698, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:01:57 | - |
| 183.238.181.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Leaked | AS9808 | China Mobile Communications Group Co., Ltd. | China Mobile | 01/07/2026, 01:56:35 | 13/07/2026, 14:15:03 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 04/07/2026, 16:26:00 | chinamobile.com, chinamobile.cn |
| 3.135.184.•••:18789 | - | 🇺🇸 United States | - | false | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/07/2026, 01:56:35 | 01/07/2026, 07:40:29 | No | Yes | APT14, APT40, APT41, Cobalt Group, Gamaredon Group, Kimsuky, Lazarus Group, SharpPanda | CVE-2006-20001, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 07:02:08 | - |
| 118.232.199.•••:18789 | - | 🇹🇼 Taiwan | - | true | Leaked | AS38841 | kbro CO. Ltd. | Kbro Co Ltd | 01/07/2026, 01:56:35 | 12/07/2026, 05:19:53 | Yes | Yes | APT15, APT28, APT31, Bitter APT, Bluenoroff, Callisto Group, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-28531, CVE-2023-38408, CVE-2023-44487, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:02:09 | kbro.com.tw |
| 114.240.77.•••:18789 | - | 🇨🇳 China mainland | - | false | Leaked | AS4808 | China Unicom Beijing Province Network | China Unicom Beijing | 01/07/2026, 01:56:34 | 04/07/2026, 09:16:25 | Yes | Yes | Packrat | - | 01/07/2026, 07:02:14 | chinaunicom.cn |
| 163.47.40.•••:18789 | - | 🇦🇺 Australia | Yes | true | Clean | AS35916 | MULTACOM CORPORATION | 5G Network Operations | 01/07/2026, 01:56:34 | 12/07/2026, 16:50:09 | - | - | - | - | - | - |
| 84.247.153.•••:18789 | - | 🇯🇵 Japan | Yes | true | Leaked | AS141995 | Contabo Asia Private Limited | Contabo | 01/07/2026, 01:56:33 | 12/07/2026, 21:49:12 | Yes | Yes | APT15, APT17, APT31, APT36, APT37, APT45, Bitter APT, Bluenoroff, CloudSorcerer, Daggerfly APT, Donot Team, Gamaredon Group, Gaza Cybergang, Inception Framework, Kimsuky, MuddyWater Group, RomCom Group, Salt Typhoon, Sea Turtle Group, SideWinder APT | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:02:21 | contaboserver.net, contabo.de, contabo.net |
| 115.227.246.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | ChinaNet Zhejiang | 01/07/2026, 01:56:32 | 04/07/2026, 09:16:20 | Yes | No | - | - | 01/07/2026, 07:02:25 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 1.175.137.•••:18789 | - | 🇹🇼 Taiwan | Yes | false | Leaked | AS3462 | Data Communication Business Group | Chunghwa Telecom Data Group | 01/07/2026, 01:56:32 | 04/07/2026, 20:42:22 | Yes | No | - | - | 04/07/2026, 15:00:23 | hinet.net, ddns.net |
| 45.79.145.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS63949 | Akamai Connected Cloud | Linode | 01/07/2026, 01:56:32 | 09/07/2026, 18:52:25 | No | Yes | APT1 Comment Crew, APT10, APT14, APT15, APT27, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT40, APT41, Bitter APT, Bluenoroff, Callisto Group, Carbanak, Cobalt Group, Donot Team, Earth Berberoka, Earth Longzhi, Equation Group, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Lyceum APT, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SharpPanda, SideWinder APT, Slingshot APT, TA505, TEMP.Hermit, The Shadow Brokers, Tropic Trooper, Turla APT Group, Volt Typhoon, WIRTE, WildCard APT | CVE-2002-0653, CVE-2006-20001, CVE-2008-0455, CVE-2009-3560, CVE-2009-3720, CVE-2010-0434, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-0419, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2011-4327, CVE-2011-4415, CVE-2011-5000, CVE-2012-0031, CVE-2012-0053, CVE-2012-0814, CVE-2012-0883, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012-4558, CVE-2012-6708, CVE-2013-1862, CVE-2013-1896, CVE-2013-2249, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-0228, CVE-2015-3183, CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-8325, CVE-2015-9251, CVE-2016-0777, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708, CVE-2016-1908, CVE-2016-20012, CVE-2016-3115, CVE-2016-4975, CVE-2016-5387, CVE-2016-6210, CVE-2016-6515, CVE-2016-8612, CVE-2016-8743, CVE-2017-15906, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-8923, CVE-2017-9788, CVE-2017-9798, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-15473, CVE-2018-20685, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-11358, CVE-2019-13224, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641, CVE-2020-11022, CVE-2020-11023, CVE-2020-15778, CVE-2020-23064, CVE-2020-7059, CVE-2020-7060, CVE-2020-7061, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7066, CVE-2020-7067, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7656, CVE-2021-23017, CVE-2021-34798, CVE-2021-3618, CVE-2021-36368, CVE-2021-39275, CVE-2021-40438, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31160, CVE-2022-31628, CVE-2022-31629, CVE-2022-31813, CVE-2022-37436, CVE-2022-37454, CVE-2022-41741, CVE-2022-41742, CVE-2023-28625, CVE-2023-31122, CVE-2023-38408, CVE-2023-38709, CVE-2023-44487, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-40898, CVE-2024-6387, CVE-2024-7347, CVE-2025-23419, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-49812, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 08:25:50 | - |
| 45.196.236.•••:18789 | - | 🇭🇰 Hong Kong | - | true | Clean | AS151407 | Hytron Network Services Limited | Akile LTD | 01/07/2026, 01:56:31 | 13/07/2026, 17:06:17 | No | No | - | - | 26/06/2026, 01:33:47 | - |
| 121.63.2.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Clean | AS4134 | Chinanet | ChinaNet Hubei | 01/07/2026, 01:56:31 | 01/07/2026, 08:23:35 | - | - | - | - | - | - |
| 81.169.151.•••:18789 | - | 🇩🇪 Germany | Yes | true | Leaked | AS6724 | STRATO AG | Strato Data Center | 01/07/2026, 01:56:31 | 13/07/2026, 10:38:54 | Yes | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2016-20012, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-1217, CVE-2025-1219, CVE-2025-1220, CVE-2025-1734, CVE-2025-1735, CVE-2025-1736, CVE-2025-1861, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-59362, CVE-2025-61984, CVE-2025-61985, CVE-2025-62168, CVE-2025-6491, CVE-2026-32748, CVE-2026-33515, CVE-2026-33526 | 02/07/2026, 20:11:26 | stratoserver.net, takin.it, strato.com, strato.de |
| 47.84.235.•••:18789 | - | 🇺🇸 United States | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud | 01/07/2026, 01:56:30 | 10/07/2026, 05:33:49 | - | - | - | - | - | - |
| 113.110.253.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Clean | AS4134 | Chinanet | CHINANET Guangdong | 01/07/2026, 01:56:30 | 01/07/2026, 08:23:35 | - | - | - | - | - | - |
| 36.27.18.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 01:56:30 | 08/07/2026, 00:29:10 | No | No | - | - | 28/06/2026, 15:43:17 | - |
| 168.110.125.•••:18789 | - | 🇺🇸 United States | Yes | false | Leaked | AS31898 | Oracle Corporation | Oracle | 01/07/2026, 01:56:30 | 03/07/2026, 06:13:53 | Yes | No | - | CVE-2023-28531, CVE-2023-38408, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-6387, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 03/07/2026, 05:34:32 | netsuit.com, healtheintent.com, purewellness.com, lodestarcorp.com, cerner.ae, retek.com, tryfoexnow.com, moatads.com, oraclefusion.com, connectinc.com, inquira.com, portal.com, glog.com, healtheatcerner.com, oracle.com, hiedirectconnect.org, maxymiser.net, oraclecloudservices.com, rsys2.net, hyperroll.com, nor1.com, oxygen.systems, oraclegovcloud.com, orcale.com, oraclemobile.com, sun.co.in, openair.co, oraclepdemos.com, stellent.com, torexretail.com, siebel.com, cerner.net, oracle-cloud.com, docucorp.com, mvalent.com, netsuitesuiteprojectspro.com, elementfusion.com, netsuiteforms.com, oraclecloud.com, en25.com, solaris.com, rightnowtech.com, think.com, ipapp.com, pertmaster.com, jdedwards.com, commercialware.com, tiger-institute.org, zenedge.com, skire.com, sun.com, ateam-oracle.com, sales.com, fyleio.com, push.io, estara.com, tekelec.com, textura.com, paymyhealthbill.com, dyndns.com, java.net, optika.com, mobilemd.com, jcp.org, smed.com, cernerenviza-tw.com, datafox.com, recruitmax.com, decisioneering.com, adiinsights.com, stortek.com, seebeyond.com, berkeleydb.org, livelook.com, openjdk.org, virtualbox.org, dyn.com, oraclehealth.com, aimsystems.com, sunworld.com, plumtree.com, storagetek.com, oracledatacloud.com |
| 3.135.184.•••:18789 | - | 🇺🇸 United States | - | false | Clean | AS16509 | Amazon.com, Inc. | Amazon | 01/07/2026, 01:54:33 | 02/07/2026, 19:26:42 | No | Yes | APT14, APT40, APT41, Cobalt Group, Gamaredon Group, Kimsuky, Lazarus Group, SharpPanda | CVE-2006-20001, CVE-2018-20685, CVE-2019-16905, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 04:48:17 | - |
| 18.162.147.•••:5508 | - | 🇭🇰 Hong Kong | - | true | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services Hong Kong | 01/07/2026, 01:21:41 | 14/07/2026, 03:57:25 | No | - | - | CVE-2016-20012, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2025-26465, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 01:26:40 | - |
| 43.139.90.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/07/2026, 01:17:26 | 01/07/2026, 10:36:11 | Yes | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/07/2026, 06:21:44 | tencent.com, tencentcloud.com |
| 104.168.48.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | HostPapa | 01/07/2026, 01:17:25 | 13/07/2026, 02:10:02 | Yes | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Earth Berberoka, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2013-4352, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-8109, CVE-2015-0228, CVE-2015-3183, CVE-2015-3185, CVE-2016-0736, CVE-2016-2161, CVE-2016-4975, CVE-2016-5387, CVE-2016-8612, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-17199, CVE-2019-0217, CVE-2019-0220, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-34798, CVE-2021-39275, CVE-2021-40438, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 | 01/07/2026, 06:21:45 | hudsonvalleyhost.com |
| 68.183.15.•••:443 | - | 🇳🇱 Netherlands | Yes | false | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/07/2026, 01:17:25 | 01/07/2026, 11:19:03 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2006-20001, CVE-2016-20012, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 06:21:48 | - |
| 37.187.159.•••:443 | - | 🇫🇷 France | Yes | true | Clean | AS16276 | OVH SAS | OVH | 01/07/2026, 01:17:25 | 14/07/2026, 03:53:11 | - | - | - | - | - | - |
| 113.120.13.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Clean | AS4134 | Chinanet | ChinaNet Shandong | 01/07/2026, 01:17:24 | 01/07/2026, 11:19:01 | No | No | - | - | 25/06/2026, 06:22:01 | - |
| 34.39.176.•••:18789 | Assistant | 🇺🇸 United States | Yes | true | Clean | AS396982 | Google LLC | 01/07/2026, 01:17:22 | 13/07/2026, 10:00:17 | No | No | - | - | 25/06/2026, 06:22:14 | - | |
| 120.48.63.•••:18789 | Assistant | 🇨🇳 China mainland | Yes | false | Leaked | AS38365 | Beijing Baidu Netcom Science and Technology Co., Ltd. | Baidu | 01/07/2026, 01:17:21 | 01/07/2026, 11:18:59 | Yes | Yes | APT17, APT28, APT35, APT37, APT39, Cobalt Group, DragonFly, El-Machete, Gozi, Kimsuky, Mustang Panda, Packrat, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/07/2026, 06:22:23 | baidu.com |
| 2409:8a20:6815:d0d0:2d8:61ff:fe68:388c:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS56046 | China Mobile communications corporation | China Mobile | 01/07/2026, 01:17:20 | 01/07/2026, 11:18:57 | - | - | - | - | - | - |
| 125.121.245.•••:8099 | - | 🇨🇳 China mainland | Yes | false | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 01:17:20 | 01/07/2026, 11:18:57 | No | No | - | - | 25/06/2026, 02:00:37 | - |
| 218.71.21.•••:18789 | - | 🇨🇳 China mainland | Yes | true | Clean | AS4134 | Chinanet | ChinaNet Wenzhou Node Network | 01/07/2026, 01:15:34 | 07/07/2026, 15:13:14 | No | No | - | - | 25/06/2026, 04:52:16 | - |
| 8.215.19.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud Singapore | 01/07/2026, 01:15:31 | 11/07/2026, 05:05:23 | No | No | - | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 04:52:49 | - |
| 13.229.36.•••:18789 | - | 🇸🇬 Singapore | Yes | false | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services | 01/07/2026, 01:15:31 | 01/07/2026, 06:59:25 | No | No | - | CVE-2021-23017, CVE-2021-3618, CVE-2022-41741, CVE-2022-41742, CVE-2023-31122, CVE-2023-3247, CVE-2023-3823, CVE-2023-3824, CVE-2023-38709, CVE-2023-43622, CVE-2023-44487, CVE-2023-45802, CVE-2024-24795, CVE-2024-27316, CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2024-5458, CVE-2024-7347, CVE-2025-23048, CVE-2025-23419, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 | 01/07/2026, 04:52:50 | - |
| 107.11.70.•••:18789 | - | 🇺🇸 United States | - | false | Clean | AS10796 | Charter Communications Inc | Charter Communications | 01/07/2026, 01:15:30 | 01/07/2026, 08:25:32 | - | - | - | - | - | - |
| 104.168.48.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | HostPapa | 01/07/2026, 01:15:30 | 12/07/2026, 21:08:33 | Yes | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Earth Berberoka, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2013-4352, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-8109, CVE-2015-0228, CVE-2015-3183, CVE-2015-3185, CVE-2016-0736, CVE-2016-2161, CVE-2016-4975, CVE-2016-5387, CVE-2016-8612, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-17199, CVE-2019-0217, CVE-2019-0220, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-34798, CVE-2021-39275, CVE-2021-40438, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 | 01/07/2026, 04:52:57 | hudsonvalleyhost.com |
| 116.4.96.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | CHINANET Guangdong | 01/07/2026, 01:15:30 | 01/07/2026, 23:27:38 | Yes | No | - | CVE-2017-15945, CVE-2024-7347, CVE-2025-23419 | 01/07/2026, 04:53:00 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |
| 68.183.15.•••:18789 | - | 🇳🇱 Netherlands | - | false | Clean | AS14061 | DigitalOcean, LLC | DigitalOcean | 01/07/2026, 01:15:30 | 01/07/2026, 06:59:24 | No | Yes | APT15, APT28, APT29, APT31, APT34, APT35, APT37, APT39, APT41, Bitter APT, Bluenoroff, Callisto Group, Cobalt Group, Donot Team, Gamaredon Group, Gaza Cybergang, Hafnium Group, Inception Framework, Kimsuky, MuddyWater Group, Mustang Panda, Patchwork, RomCom Group, Salt Typhoon, Sandworm Team, Sea Turtle Group, SideWinder APT, The Shadow Brokers, Volt Typhoon | CVE-2006-20001, CVE-2016-20012, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2020-15778, CVE-2021-28041, CVE-2021-36368, CVE-2021-41617, CVE-2022-36760, CVE-2022-37436, CVE-2023-25690, CVE-2023-27522, CVE-2023-28531, CVE-2023-31122, CVE-2023-38408, CVE-2023-45802, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985 | 01/07/2026, 04:53:01 | - |
| 37.187.159.•••:18789 | - | 🇫🇷 France | - | true | Clean | AS16276 | OVH SAS | OVH | 01/07/2026, 01:15:29 | 14/07/2026, 03:51:22 | - | - | - | - | - | - |
| 113.120.13.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Clean | AS4134 | Chinanet | ChinaNet Shandong | 01/07/2026, 01:15:28 | 01/07/2026, 06:59:22 | No | No | - | - | 25/06/2026, 04:53:14 | - |
| 34.39.176.•••:18789 | Assistant | 🇺🇸 United States | Yes | true | Clean | AS396982 | Google LLC | 01/07/2026, 01:15:26 | 13/07/2026, 05:40:56 | No | No | - | - | 25/06/2026, 04:53:28 | - | |
| 120.48.63.•••:18789 | Assistant | 🇨🇳 China mainland | Yes | false | Leaked | AS38365 | Beijing Baidu Netcom Science and Technology Co., Ltd. | Baidu | 01/07/2026, 01:15:26 | 01/07/2026, 07:42:31 | Yes | Yes | APT17, APT28, APT35, APT37, APT39, Cobalt Group, DragonFly, El-Machete, Gozi, Kimsuky, Mustang Panda, Packrat, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/07/2026, 04:53:39 | baidu.com |
| 2409:8a20:6815:d0d0:2d8:61ff:fe68:388c:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS56046 | China Mobile communications corporation | China Mobile | 01/07/2026, 01:15:23 | 01/07/2026, 07:42:29 | - | - | - | - | - | - |
| 125.121.245.•••:18789 | - | 🇨🇳 China mainland | - | false | Clean | AS4134 | Chinanet | ChinaNet Hangzhou | 01/07/2026, 01:15:23 | 01/07/2026, 07:42:29 | No | No | - | - | 25/06/2026, 04:54:02 | - |
| 8.215.19.•••:18789 | - | 🇸🇬 Singapore | Yes | true | Clean | AS45102 | Alibaba (US) Technology Co., Ltd. | Alibaba Cloud Singapore | 01/07/2026, 01:13:38 | 11/07/2026, 05:03:34 | No | No | - | CVE-2016-20012, CVE-2019-16905, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2021-41617, CVE-2023-38408, CVE-2023-48795, CVE-2023-51385, CVE-2024-39894, CVE-2024-6387, CVE-2025-26465, CVE-2025-26466, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414 | 01/07/2026, 07:00:30 | - |
| 13.229.36.•••:18789 | - | 🇸🇬 Singapore | Yes | false | Clean | AS16509 | Amazon.com, Inc. | Amazon Web Services | 01/07/2026, 01:13:38 | 01/07/2026, 06:57:32 | No | No | - | CVE-2021-23017, CVE-2021-3618, CVE-2022-41741, CVE-2022-41742, CVE-2023-31122, CVE-2023-3247, CVE-2023-3823, CVE-2023-3824, CVE-2023-38709, CVE-2023-43622, CVE-2023-44487, CVE-2023-45802, CVE-2024-24795, CVE-2024-27316, CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-40898, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2024-5458, CVE-2024-7347, CVE-2025-23048, CVE-2025-23419, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 | 01/07/2026, 07:00:32 | - |
| 107.11.70.•••:18789 | - | 🇺🇸 United States | - | false | Clean | AS10796 | Charter Communications Inc | Charter Communications | 01/07/2026, 01:13:38 | 01/07/2026, 08:23:37 | - | - | - | - | - | - |
| 43.139.90.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS45090 | Shenzhen Tencent Computer Systems Company Limited | Tencent Cloud Computing | 01/07/2026, 01:13:37 | 01/07/2026, 06:57:31 | Yes | Yes | APT28, APT35, APT37, APT39, Cobalt Group, Kimsuky, Mustang Panda, Sandworm Team, The Shadow Brokers | CVE-2016-10708, CVE-2017-15906, CVE-2018-15473, CVE-2018-15919, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-14145, CVE-2021-41617 | 01/07/2026, 07:00:36 | tencent.com, tencentcloud.com |
| 104.168.48.•••:18789 | - | 🇺🇸 United States | Yes | true | Leaked | AS36352 | HostPapa | HostPapa | 01/07/2026, 01:13:37 | 12/07/2026, 21:06:40 | Yes | Yes | APT14, APT28, APT35, APT37, APT39, APT40, APT41, Cobalt Group, Earth Berberoka, Equation Group, Gamaredon Group, Inception Framework, IronHusky, Kimsuky, Lazarus Group, Mustang Panda, Sandworm Team, SharpPanda, TA505, The Shadow Brokers, UNC2452, WIRTE | CVE-2013-4352, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-8109, CVE-2015-0228, CVE-2015-3183, CVE-2015-3185, CVE-2016-0736, CVE-2016-2161, CVE-2016-4975, CVE-2016-5387, CVE-2016-8612, CVE-2016-8743, CVE-2017-15710, CVE-2017-15715, CVE-2017-3167, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-17199, CVE-2019-0217, CVE-2019-0220, CVE-2019-10092, CVE-2019-10098, CVE-2019-17567, CVE-2020-11985, CVE-2020-1927, CVE-2020-1934, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-34798, CVE-2021-39275, CVE-2021-40438, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 | 01/07/2026, 07:00:39 | hudsonvalleyhost.com |
| 116.4.96.•••:18789 | - | 🇨🇳 China mainland | Yes | false | Leaked | AS4134 | Chinanet | CHINANET Guangdong | 01/07/2026, 01:13:37 | 01/07/2026, 23:25:45 | Yes | No | - | CVE-2017-15945, CVE-2024-7347, CVE-2025-23419 | 01/07/2026, 07:00:41 | bj189.cn, 118114.cn, ctwing.cn, chinatelecom.com.cn, chinatelecom.cn, new-gm.cn, 189.cn, 189free.cn, ideal.sh.cn, daqu.com.cn, ctyun.cn |