§ Engagement records
Engagement records
201 per-instance records across 5 sectors. Each one names a specific AI/LLM surface we assessed, the findings we surfaced, and the route we drove the work to closure on.
Looking for a specific sector or severity? The research library has every case study filterable by sector, severity, and year.
§ 02 Engagement records
Commercial
- 01
Cat-29 Argo Workflows: :2746 probe sweep, 2026-06-07 new
Lane 1A of the 9-item 2026-06-07 plan. Goal: test whether port 2746 hosts an unauthenticated Shodan-dark tier among Argo Workflows operators whose :443 surface is gated by IAP/Azur…
- 02
DMARC Funding-Stage Proxy — Full-Registry Sweep N=410 new
Date: 2026-06-07. Cohort: full NuClide AI-infrastructure vendor registry (MASTER-port-vendor-registry.csv, 435 vendor names, 410 unique apex domains resolved after dedup and OSS fi…
- 03
MCP Servers and CrewAI — Negative Results with Methodology Value new
Two attempted same-day surveys produced no actionable findings — but the failure modes are themselves research-program-relevant. Both reveal classes of AI/LLM infrastructure that a…
- 04
LibreChat Verification Deep-Dive — Notable Findings Re-Profiled new
Deeper verification on the six notable finding clusters surfaced in the LibreChat population survey. Restraint maintained throughout: no registration, no LLM invocation, no account…
- 05
Unauthenticated ML Training Server — velutina-service.ch new
JAXEN returned 185.66.109.62 under a passive Shodan query for exposed AI/ML infrastructure on Swiss hosting ranges. The Shodan record showed:
- 06
Dark-Tier Probe Result (Option A) — 2026-05-31
<!-- ksat-tag:auto-generated:start --> ## DCWF KSAT coverage
- 07
Voice/Audio AI re-run: Category 17, 2026-05-29
Fifteen dorks. Twenty-eight candidates. Six confirmed unauthenticated voice services across five hosts. One four-service stacked host. Four false positives killed at the verificati…
- 08
Zep CE: empty default api_secret accepts a zero-entropy credential
Code-level finding from the agent-memory pre-assessment (data/platform-intel/agent-memory-osint-2026-05-29.md). Labeled per case-studies/FINDING-TEMPLATE.md. This is a platform fin…
- 09
Apptica — Production Data Lake Exposed via Unauthenticated ClickHouse
Apptica is a commercial app store intelligence platform offering revenue estimates, download data, keyword rankings, and advertising intelligence for mobile apps across iOS and And…
- 10
DataV / Skillmine Technology — Multi-Party Data Breach via Unauthenticated ClickHouse
DataV is a no-code AI analytics and data visualization platform built and operated by Skillmine Technology Consulting Private Limited (Mumbai). The platform allows customers to upl…
- 11
Sanio AI — Collision AgentOS / Walmart Pipeline Exposure
Surface identified in session 43 (cat-06 stragglers survey) via Shodan dork port:7777 http.html:"agno". Prior session confirmed the host as unauth Agno on port 7777 with road colli…
- 12
Snap-E Cabs — ScyllaDB Default Credentials + Unauthenticated REST API
Snap-E Cabs, a BSE-listed Indian EV ride-hailing operator (600+ vehicles, Kolkata), runs a ScyllaDB cluster on GCP with the CQL port accepting default cassandra/cassandra credentia…
- 13
Argo Workflows — Pre-Assessment OSINT Brief (2026-05-27)
Intelligence gathered before the population scan to fine-tune dork selection, fingerprint design, verification methodology, and scope. Not a survey — a survey prep document. The sc…
- 14
Cat-06 Stragglers: Agno Auth-Off-Default, GPT Researcher 14 Unauth, Walmart Temporal Exposure
Agno ships with no authentication. The playground server (uvicorn, port 7777) returns full agent manifests and run histories to any caller. Three confirmed Agno deployments expose…
- 15
BackGround Studio CRM — Credential Leak, DatingUser Records in Redis
The Redis password was in the GUI. It worked. One key. 99 users in a dating platform sorted set.
- 16
CampusIRIS Dev Environment — Credential Leak via RedisInsight, Student Data Schema Exposed
RedisInsight left the Redis password in plain sight. The password worked. Behind it: 115 keys of a multi-tenant school SaaS, student attendance records, 24k session IDs, and tenant…
- 17
CMS Production Redis — RedisInsight Credential Leak, Chain B
RedisInsight 2.36.0 at port 8001 requires no authentication. GET /api/databases returns the Redis AUTH password in plaintext. AUTH confirms on port 6379. Keyspace: 154 keys. Apollo GraphQL dev-api: full introspection unauth, getCustomUsersCsv executed without credential and returned a live GCS signed URL, 8,650 artist records returned unauth, sendPushNotificationsToUsers schema maps platform-wide push. APAC node 34.87.179.212 firewalled on all ports.
- 18
CPAC Strapi CMS — Production API Surface Enumeration
Second node in the CPAC chain. The primary finding is in cpacredis-redisinsight-chain-b-178.128.84.65-2026-05-26.md. The Redis credential prefix cpacredis pivoted to cpac.co.th, wh…
- 19
cpacredis — RedisInsight Credential Leak on Fleet Telematics Platform
RedisInsight at :8001 requires no authentication. The stored Redis password cpacredis0242 appears in plaintext in the /api/databases response. Behind that credential: a Thai Ready…
- 20
difinance.online — RedisInsight Credential Leak on Telegram DeFi Bot
RedisInsight on port 8001 required no authentication. GET /api/databases returned the full Redis connection object, including the password Sq3QmHxJCPn5Dt4LzAaNRg in plaintext. The…
- 21
EPOLCA — RedisInsight Credential Leak on Industrial Simulation Demo Server
RedisInsight exposed the Redis password for an ePolca production planning demo server on Hetzner DE; AUTH succeeded and revealed six keys covering factory simulation results, KPI states, and production orders — all scoped to the EPOLCA_DEMOS namespace.
- 22
Evolution API WhatsApp Broker — RedisInsight Open, 117 Keys Including WhatsApp Session State and Lead Phone Numbers
Brazilian WhatsApp automation SaaS bmaconnect.com.br runs RedisInsight 2.42.0 with no authentication on port 8001, exposing full read/write access to Redis 7.4.7 (n8n-redis-1). 117 keys confirmed: 7 Evolution API WhatsApp session hashes (208KB to 1.16MB), 108 Brazilian phone number conversation queues across 5 named operator clients, and an n8n scheduling key with unresolved lead-number expression. Evolution API 2.3.7 on port 8080 enforces auth on instance management. n8n 1.122.5 (development mode) proxied via ia.bmaconnect.com.br. Second server at 179.190.63.39 for api./zion-teste. subdomains. 90 unique Brazilian phone numbers exposed in key names.
- 23
Cat-04 Stragglers: Prefect Auth-Off-Default, Dask University Clusters, ClearML Ransomed ES
Prefect workflow orchestration is auth-off-default. /api/admin/settings is world-readable on all instances. /api/flows/filter and /api/deployments/filter return complete workflow i…
- 24
ORES CRM (CloudWorks/ows.vn) — Redis Stack Open, 17,337 Chatbot Conversation Records, Multi-Channel Social PII
ORES, a Vietnamese AI-chatbot CRM SaaS built by CloudWorks (ows.vn), runs Redis Stack at 125.212.227.37 without authentication. Two RediSearch indexes expose 34 channel accounts and 17,337 conversation records. Key names confirm multi-channel routing across Zalo, Facebook Page, Zalo OA, and Pancake. The account:index schema stores a token field: OAuth credentials for each connected social channel. The host is the backend for my.ores.vn, proxied through ssl-proxy2.ows.vn at the adjacent IP 125.212.227.40. ASN: AS7552 Viettel Group, Vietnam.
- 25
Airbnb Tenant Agent — CORS Wildcard and Open Booking Thread State
A LangGraph-backed Airbnb booking agent on Hetzner Nuremberg exposes thread creation, thread state reads, and agent execution with no authentication. CORS wildcard headers mean any browser origin can invoke the agent. WhatsApp guest communications are the data class at risk.
- 26
Airbnb Tenant Agent — CORS Wildcard and No Auth on a Live WhatsApp Booking Bot
An Airbnb property manager's WhatsApp booking bot runs on LangGraph with no authentication and a wildcard CORS policy. Thread state from real guest conversations is readable without credentials. The agent is named 'Airbnb Tenant Agent' and is active.
- 27
Airbnb Tenant Agent — CORS Wildcard on a WhatsApp Booking Assistant
An Airbnb property host's WhatsApp booking assistant runs LangGraph with CORS Access-Control-Allow-Origin: * and no authentication on any endpoint. Any webpage can create threads and read guest booking conversations. The WhatsApp webhook service runs on the same host.
- 28
ArtsyPetz CrewAI Stack: Langfuse LLM Observability Open Registration, Multi-Service Stack Exposed
A multi-service AI stack at 147.182.219.125 exposes Langfuse 3.88.1 LLM observability with open self-registration. ClickHouse 25.7.1.3997, GlitchTip, and MinIO run on the same host with auth enforced. A CrewAI social content generation service is present on ports 8001 and 9002. The operator is an indie developer running ArtsyPetz (pet portrait e-commerce) alongside a social media growth tool in development.
- 29
Assistent Tècnic Intel·ligent (ATI) — Vite Dev Server in Production, 211-Tenant Platform
A Catalan multi-tenant AI customer support platform runs a Vite development server in production on one of three Hetzner nodes, exposing full TypeScript source code. All three nodes share unauthenticated LangGraph agent endpoints and Qdrant databases holding 121 customer conversations and 377 tenant knowledge-base documents.
- 30
Collector Scraper API — AI-Powered PII Extraction Service, Unauthenticated
Two Scaleway nodes in Paris run an unauthenticated API built to extract emails, phone numbers, and coordinates from business directory listings. No authentication on the extraction endpoint.
- 31
CrewAI SOP RAG Agent: Multi-Agent Standard Operating Procedure System Open Without Authentication
A multi-agent CrewAI system on Azure exposes its full API without authentication. All nine endpoints are open. POST /upload allows unauthenticated file ingestion into the SOP database. POST /query runs the full agent pipeline against stored documents. The agent roster and workflow configuration are enumerable without credentials.
- 32
Demant Semantic Kernel Agent Platform: Five Production Agents Open Without Authentication
A Microsoft Semantic Kernel agent hosting platform at 172.205.127.109 exposes five production agents without authentication. Agent names, system prompts, and plugin bindings name Demant, a Danish hearing technology company. POST /agents/execute runs any agent against the knowledge base without credentials. POST /agents/create and DELETE /agents/{id} are open.
- 33
Docu Companion / ATI — Vite Dev Server and 211 Tenant Knowledge Bases Open on a Three-Node Hetzner Cluster
A Catalan-language multi-tenant AI customer support platform runs a Vite development server in production on one node, exposing full TypeScript source. All three Hetzner nodes share an unauthenticated Qdrant stack holding 211 tenant knowledge bases, 377 business documents, and 121 user conversations. Agent invocation endpoints are fully open.
- 34
Assistent Tècnic Intel·ligent — Vite Dev Server in Production Exposes Source Code Across a 211-Tenant Platform
A Catalan AI document platform running across three Hetzner nodes exposes its full TypeScript source code via a Vite development server left running in production. All agent endpoints, 121 user conversations, and 211 tenant knowledge bases are accessible without authentication.
- 35
CloudCentric / BizCentric — ERPNext/Frappe Multi-Tenant Redis Cache: LDAP Settings Keys Exposed, 27 Tenants
CloudCentric runs a shared Redis Stack instance at 212.47.228.104 (Scaleway, Paris) as the document cache for a multi-tenant ERPNext/Frappe deployment. No authentication. DBSIZE 2,716. Two LDAP Settings document cache keys are present with TTL -1 (persistent). The LDAP Settings doctype in Frappe stores the bind DN, bind password, and LDAP server URL. Key names are readable without auth. Values were not read per restraint ethic. 27 tenant subdomains identified from Redis job queue keys.
- 36
FAIS MCP Server: Dual-Node Workflow Tool API Open Without Authentication
Two identical FAIS MCP Server instances on Azure Pune expose their full tool API without authentication. Three workflow tools are open on both nodes: GetAllWorkflows, GetWorkflowConfiguration, and GetWorkflowLogsByTransaction. Any caller can enumerate organizations, retrieve workflow configurations, and query execution logs by workflow and transaction ID.
- 37
Chinese Financial LangGraph Agent — Credit Reports, Loans, and an Open Session Store
A Chinese financial services multi-agent system on LangGraph runs credit report and loan extraction workflows in development mode with no authentication. The agent session store is accessible via Redis Commander on port 8081.
- 38
MikroWizard — Unauthenticated Redis Session Store, 2,940 Active MikroTik Router Management Sessions
MikroWizard router management platform at 88.99.102.30 (Hetzner Frankfurt) runs Redis 7.4.7 on port 6379 with no authentication. DBSIZE: 2,940 keys, all named mikrowizard::UUID. Session TTL: 29 days. Any actor with network access can read all active session identifiers directly from the data layer. The application layer at port 80 serves the MikroWizard Angular UI.
- 39
n8n 1.120.0: Legacy REST API Open, Production Billing Backup Workflow Exposed
n8n 1.120.0 on port 5678 at 38.102.86.8 exposes its legacy /rest/ API without authentication. A single active production workflow — billing-backup-to-s3 — is enumerable, including node type and tags. The newer /api/v1/ path enforces auth; the /rest/ path does not.
- 40
NextHello CrewAI CRM: 59-Endpoint Operational API Open Without Authentication, Live API Keys
A CrewAI-based WhatsApp CRM platform at 132.145.158.151 exposes 59 endpoints without authentication. All operational POST endpoints accept requests without credentials. People Data Labs, HeyGen, and ElevenLabs API keys are live. A WhatsApp bridge with persisted session credentials is disconnected; reconnect enables message delivery to any phone number. The admin data layer is gated.
- 41
SerGoGram Flowise + Weaviate: IT Credentials from German Blood Donation Organization in Open Vector Store
A Flowise instance at 37.60.255.27 exposes an unauthenticated Weaviate vector store containing internal IT documentation from a German blood donation organization. The corpus includes plaintext server credentials, internal IP addresses, server names, BitLocker PINs, and blood donation operational data. A second tenant's customer support documents occupy the same instance.
- 42
Simón Movilidad / Finanzauto — Full Picture: Traccar 6.12.2, 28,323 Open GPS Records, CAS Default Config
Simón Movilidad runs Traccar 6.12.2 (GPS fleet tracking) with Redis Stack as the live device state store. The Redis instance at qa.simonmovilidad.com is open without auth: 28,323 GPS device records, keyed by IMEI, each containing plate, name, phone, email. Tenant: Finanzauto S.A. BIC (Colombian vehicle financing). Finanzauto's admision subdomain runs Apereo CAS SSO with the default-config HTML comment in production.
- 43
Stock.ai (EMOR AI) — Partial-Auth Failure, Open Vector Store, and Third-Party Research Leak
An Indian fintech startup's LangGraph stock analysis app authenticates the list layer but leaves individual resource endpoints wide open. 62 proprietary Arihant Capital analyst reports are accessible without auth through a co-deployed Weaviate instance.
- 44
Stock.ai (EMOR AI) — Partial-Auth Failure, Open Weaviate, and 62 Proprietary Analyst Reports
EMOR AI's unreleased Stock.ai product exposes a Weaviate vector database, individual API resource endpoints, and 62+ proprietary Arihant Capital equity analyst reports. The developer implemented JWT and Google OAuth but left individual resource endpoints unprotected. A reused HR/resume Azure OpenAI subscription confirms operator identity.
- 45
Stock.ai — Partial-Auth Failure Exposes 62 Arihant Capital Reports and User Data
An Indian fintech startup's stock research assistant exposes 62 proprietary Arihant Capital analyst reports and user conversation history. The developer built JWT authentication and left the individual resource endpoints unprotected.
- 46
Vantage Coach — Healthcare CRM Agent With Voice Endpoints, No Auth
A pharmaceutical sales rep AI assistant runs LangGraph on two DigitalOcean nodes with no authentication. The agent has declared access to a healthcare client database. Voice endpoints accept unauthenticated audio and return agent-processed responses. Client records including doctor names, specializations, visit history, and treatment discussion notes are accessible to any caller with a valid organization ID.
- 47
Vantage Coach — Pharmaceutical CRM with Healthcare Client Records and Voice Endpoints Open
A pharmaceutical sales representative AI tool on two DigitalOcean nodes exposes a healthcare client database, conversation history, and voice endpoints without authentication. The OpenAPI spec explicitly describes access to doctor names, hospitals, visit dates, and medication discussion records.
- 48
Vantage Coach — Pharma CRM Agent, Open Voice Endpoints, Healthcare Client Records
A Spanish-language pharmaceutical CRM AI agent runs on two DigitalOcean nodes with no authentication. The agent has tool access to a healthcare client database. Voice endpoints accept audio queries against that database without credentials.
- 49
wuji Sleep Doctor — WeChat Health Data and 9,244 Request Logs Exposed on Tencent Cloud
A Chinese sleep health application on Tencent Cloud exposes per-user sleep sensor data by WeChat openid and serves 9,244 logged API requests without authentication. The service runs as root with log file paths disclosed.
- 50
Chinese Sleep Doctor App — WeChat Health Data Open by Design, 9,244 Request Logs Exposed
A Chinese WeChat Mini Program backend for sleep health diagnostics runs on TencentCloud Beijing with no authentication. Sleep sensor data is accessible by WeChat openid. 9,244 request logs containing user identifiers, health responses, and client IPs are readable without credentials.
- 51
wuji Sleep Doctor — Chinese Health Data by WeChat OpenID, 9,244 Request Logs Open
A Chinese sleep health WeChat Mini Program backend runs a LangGraph Sleep Doctor service with no authentication on any endpoint. Sleep sensor data (AHI, heart rate, HRV, sleep stages) is accessible by WeChat openid alone. A 36.9MB request log containing 9,244 entries — including user identifiers, request bodies, response bodies, and client IPs — is served at /api/monitor/logs without auth. The service runs as root.
- 52
ClimateGPT Stack — Unauth vLLM + Opik + Streamlit
Surfaced during Session 30 Agenta survey (S30). The /opik/api/v1/projects endpoint returned HTTP 200 unauthenticated — a candidate, per Insight #16. The candidate was passed to thi…
- 53
Langfuse Postgres Cert Pivot — Data Tier Survey + CygnusAlpha Production Finding
The survey started as an Insight #20 exercise: data-tier ports adjacent to confirmed AI services are an independent exposure class. The dork ssl.cert.subject.cn:langfuse port:5432…
- 54
116.202.28.181 — Pantaflow Live Transcription Server
<!-- ksat-tag:auto-generated:start --> ## DCWF KSAT coverage
- 55
PromptLayer — Marker-Build Assessment
PromptLayer was queued for its first population survey: http.title:"PromptLayer" (6 hits) and ssl.cert.subject.cn:promptlayer (10 hits). The discovery stage could not run — both Sh…
- 56
Embedding Services Survey — Tier-2 Cloud (2026-05-21)
<!-- ksat-tag:auto-generated:start --> ## DCWF KSAT coverage
- 57
Chinese commercial Claude-reseller ecosystem: 32 pooled Anthropic accounts across six relays, ~13.92B tokens served via claude-relay-service OSS
A pivot off the LiteLLM UNAUTHFUNCTIONAL cohort from the same-day safety/guardrail survey surfaced an upstream apibase at 43.167.216.195:38762 (Tencent Cloud Singapore / Aceville P…
- 58
LLM Orchestration Re-Run — 2026-05-19
Per the standing methodology — the manual → productize → re-run loop. The first run was 2026-05-15. Since then:
- 59
sub2api — Population survey: 7,720 indexed hosts, auth-on-default at scale, zero pool-leak
<!-- ksat-tag:auto-generated:start --> ## DCWF KSAT coverage
- 60
Tegrity / McGraw-Hill Campus Self-Registration — ASP.NET YSOD + Service Outage
selfreg.tegrity.com, the production self-registration service for McGraw-Hill Campus, is failing at AppDomain initialization. The AWS SDK for .NET's credential provider chain exhau…
- 61
Adya AI: WandB workspace exfil via unauth FastAPI proxy (vanijmcp.adya.ai)
vanijmcp.adya.ai (20.198.18.237) is an Adya AI infrastructure host on Microsoft Azure India. It exposes seven services on different ports. The headline finding is on port 5005: a c…
- 62
Hospital's AI chatbot exposes 270,000+ patient records
A multi-tenant Chinese hospital AI assistant is running on a single Chinese-cloud-hosted IP with every layer of its AI stack reachable from the public internet without authenticati…
- 63
alpha_miner Job Scheduler: 194.233.71.223 (Contabo SG)
- IP: 194.233.71.223 - rDNS: vmi2733226.contaboserver.net - ASN: AS141995 Contabo Asia Private Limited - Location: Singapore (Contabo Asia Pte Ltd, 8 Robinson Road / International…
- 64
23.239.19.219: Exposed LlamaIndex Chat with Broken Backend, Multi-Tenant SNI Co-Tenancy
23.239.19.219. Linode US datacenter (Akamai AS), 23.239.0.0/19, rDNS 23-239-19-219.ip.linodeusercontent.com. Linode shared-allocation, neighbor at .217 is harperdbcloud.com. No AS6…
- 65
SmartShop AI / amazonrec.space: Multi-service ML pipeline exposure on a single PENTECH host
NuClide Research · 2026-05-13
- 66
reputacion.digital: Multi-surface chained exposure (Phoenix + NFS + Prometheus + dev SMTP)
NuClide Research · 2026-05-10
- 67
CouchDB Telecom Consent Platform: Active RCE + 244M Subscriber Records
Unauth CouchDB 2.3.1 on Microsoft Azure (Pune, India) hosting Airtel + Tata telecom consent management infrastructure. 7.1M consent records, 244M subscriber preferences with MSISDN…
- 68
NATS JetStream: ParamWallet Production Ledger + AI Pipeline (Open Pub/Sub)
141.148.212.34 (Oracle Cloud Mumbai). Production NATS JetStream cluster running an AI document-processing pipeline coupled to a private blockchain ledger. NATS protocol port 4222 a…
- 69
Anduril Industries, Lattice Monitoring Plane (Telefonica ARO Grafana), Disclosure Sent, Awaiting Acknowledgment
NuClide Research · 2026-05-08 (sent 2026-05-09)
- 70
ollama launch claude-desktop: Gateway-mode MITM by default + community-tutorial typosquat surface
NuClide Research, 2026-05-07
- 71
Vendor-template adjacent-vendor sweep, planning doc + Shodan dork catalog (2026-05-07)
NuClide Research, 2026-05-07
- 72
Hetzner LiteLLM proxy fronting Ollama-cpu + 4 RunPod GPU pods, fully unauth (65.108.197.157)
NuClide Research · 2026-05-06
- 73
AIPOD orthodontic AI MLflow + Label Studio + S3 stack, CVE-2023-1177 actively-exploited (138.197.152.103)
NuClide Research · 2026-05-06
- 74
Hilix-class botnet campaign, multi-victim Jupyter-targeted operation (Ulm Cortical Labs + Tencent OpenClaw)
NuClide Research · 2026-05-06
- 75
Pediatric medical ML operator, 224 unauth MLflow experiments + Metabase setup-token unclaimed (65.109.36.121)
NuClide Research · 2026-05-06
- 76
Squeeze/Helios short-squeeze trading platform, full architecture leaked + MLflow CVE-2023-1177 actively exploited (159.203.110.202)
NuClide Research · 2026-05-06
- 77
Triton chat-safety pipeline, minor-detection classifier still live (159.203.42.211 + 178.62.225.198)
NuClide Research · 2026-05-06
- 78
Vendor-template default-no-auth on research-instrument web stacks, pattern recognition + fleet-audit roadmap
NuClide Research · 2026-05-06
- 79
Auto F&I Sales Training RAG: Customer Dialogues + Methodology IP Exposed via Unauthenticated ChromaDB
A ChromaDB instance on a DigitalOcean VPS exposes three RAG collections used to train an auto-dealership F&I (Finance & Insurance) sales agent. The collections contain real custome…
- 80
Crypto Investment Agent: Per-User Financial Memory Exposed via Unauthenticated ChromaDB
A ChromaDB instance on a DigitalOcean VPS exposes a Spanish-language crypto investment AI agent's full vector memory: 12 collections holding the CoinGecko API documentation corpus,…
- 81
HolaModa + Delta701: Multi-Tenant Fashion Retail RAG with Dev/Prod Co-Located on Unauth ChromaDB
A ChromaDB instance on a DigitalOcean VPS holds 1.53M embedded documents across seven collections, spanning two tenants (HolaModa and Delta701) and mixing development with producti…
- 82
Brazilian Banking-Compliance AI Consultant: Unauthenticated Qdrant with BCB / LGPD Methodology Corpus
A Qdrant instance on a DigitalOcean VPS exposes an unauthenticated endpoint with a collection schema consistent with a RAG-backed legal casework or compliance investigation platfor…
- 83
Multi-Tenant Personal Document SaaS: Diary, Theater Scripts, Philosophy via Unauth ChromaDB
A ChromaDB instance on a DigitalOcean VPS exposes three CUID-named collections (corpuscln) representing the personal document corpora of three users on what appears to be a multi-t…
- 84
Unknown Operator: Pingu Crypto Trading AI + Nova Molecular Optimization: Live Strategy IP Exposed via Unauthenticated Qdrant
A single Qdrant instance on a Vultr host exposes two parallel autonomous AI agent systems without authentication. The first, "Pingu", is a live crypto trading AI with active positi…
- 85
tweet-optimize.com: 1.21M Facial Embeddings (OnlyFans + Second Dataset) Exposed Unauth on Milvus
- 86
sanctionscanner.com: Turkish AML/KYC Compliance SaaS: 79M KYB Records + Live Client Monitoring Exposed
sanctionscanner.com is a Turkish AML/KYC compliance SaaS serving financial institutions. Their production Elasticsearch cluster, three nodes, was reachable on port 9200 with xpack.…
- 87
Watzis / Calmio: Vietnamese AI Assistant: PII Memory Store Exposed via Unauthenticated Qdrant
A production multi-user Vietnamese AI assistant, likely operating under the "Watzis" or "Calmio" brand, runs a Mem0-backed long-term memory stack on a Vultr VPS with no authenticat…
- 88
emails-pro.fr: French Commercial Appointment-Booking SaaS: Full System Prompt + PII Collection Pattern Exposed
A production French commercial appointment-booking AI assistant, rdv-bot:latest, is hosted on an IP attributed to the Romanian National Institute for R&D in Informatics (ICI Buchar…
§ 03 Engagement records
Universities
- 01
NCKU Edge Host: a Kubernetes Control Plane Behind a MikroTik Gateway
A single handed-over IP resolved into an NCKU lab's internet edge: a MikroTik RouterOS gateway DNAT-forwarding to an internal network, with eighteen services reachable through it.…
- 02
NIS/YP Internet Exposure — hpc.psy.ntu.edu.tw
NTU's Psychology HPC node ran NIS (YP) — a 1980s LAN credential distribution protocol — fully exposed to the internet at time of observation. yppasswdd, ypserv, and fypxfrd were al…
- 03
sakura.mit.edu — MIT Research Compute Node
34 exposed ports. Services running concurrently on this single host:
- 04
University AI Infrastructure Exposure: Global Overview
Full sweep of all 10,224 recognized universities worldwide (Hipo dataset, 202 countries). Two lanes ran:
- 05
.edu LLM infrastructure dork-map — 1,584 verified-dork × hostname:.edu sweep (2026-05-19)
The repo's 1,629-dork verified Shodan catalog (29 categories, hand-curated and FP-tested across 50+ prior commercial surveys) was scoped to hostname:.edu and run through shodan cou…
- 06
University of Arizona: Branded "U of A GenAI" — Open WebUI v0.7.2 with University-OIDC + Auth-On
The University of Arizona operates a branded institutional Open WebUI service at genai.arizona.edu (128.196.254.101). The deployment is reachable on port 80 (reverse-proxied; Open…
- 07
San Diego Supercomputer Center: Public Ollama on `compute.cloud.sdsc.edu` — 53-Model Inventory + `:cloud`-suffix Cloud-Proxy Class
The San Diego Supercomputer Center (SDSC) operates a publicly-reachable Ollama 0.20.4 instance at 132-249-238-182.compute.cloud.sdsc.edu (132.249.238.182). /api/tags returns 53 mod…
- 08
Stanford University: Streamlit app on `sr24-0915fd81a9.stanford.edu:8501` (DHCP / dynamic host; framework confirmed)
Stanford University surfaces a Streamlit application at sr24-0915fd81a9.stanford.edu (128.12.168.8:8501). Hostname pattern (sr24-{hex-id}.stanford.edu) suggests a dynamically-assig…
- 09
UCLA: Multi-Service AI Stack on `ai.idre.ucla.edu` — Open WebUI Signup-Open + LDAP + LiteLLM Dual-Exposed
UCLA's Institute for Digital Research and Education (IDRE) runs a multi-service LLM stack at ai.idre.ucla.edu (128.97.60.220, Los Angeles). Three distinct services on three ports:…
- 10
Red Rocks Community College: Open WebUI v0.9.2 on `datalab02.rrcc.edu` — Auth-On + LDAP (First Community College in Survey)
Red Rocks Community College runs an Open WebUI instance at datalab02.rrcc.edu (164.47.99.16:8080). /api/config returned Open WebUI v0.9.2 with enablesignup: false (auth-on; no sign…
- 11
University of South Florida: Marine Lab JupyterHubs (auth-enforced) + Adjacent Prometheus `/metrics` Public
USF College of Marine Science operates two JupyterHub instances on the marine.usf.edu subdomain: ocgmod1.marine.usf.edu (131.247.139.171:8000) and manglillo.marine.usf.edu (131.247…
- 12
Georgia State University: Streamlit app on `gluon.gsu.edu:8501` (framework confirmed; app content WebSocket-only)
Georgia State University runs a Streamlit application at gluon.gsu.edu (131.96.55.92:8501). The Streamlit framework is confirmed via /stcore/health returning ok. The application ti…
- 13
DePaul University: Campus-Wide Port-3000 Population — Live Open WebUI Auth-On, DHCP-Rotated Hosts, Mixed Student Dev Work
DePaul's institutional network surfaces 20+ hosts with port 3000 open when scoped via Shodan org:"DePaul University". Only 4 of these have HTTP title "Open WebUI"; the rest are stu…
- 14
University of Chicago: Two-Host Observation — Streamlit on `helabserver0` (auth-on framework) + JupyterHub on `jupyterhub-dev.grid` (502 Bad Gateway / degraded)
The University of Chicago surfaces two distinct hosts in this survey: helabserver0.uchicago.edu running a Streamlit application on port 8501, and jupyterhub-dev.grid.uchicago.edu r…
- 15
University of Maryland College Park: Open WebUI v0.3.32 on `amorgos.umd.edu` — `enable_signup:true` OBSERVED on Very-Old Version
University of Maryland College Park runs an Open WebUI instance at amorgos.umd.edu (128.8.235.4, Brookeville MD). /api/config returned enablesignup: true on Open WebUI v0.3.32 — cl…
- 16
University of Southern Maine: 8-Host JupyterHub Fleet on `cs.usm.maine.edu` — Entomology-Themed Research Cluster, All Auth-Enforced
University of Southern Maine's CS department runs an 8-host JupyterHub fleet on the cs.usm.maine.edu subdomain, with hostnames following an entomology theme (wasp, earwig, locust,…
- 17
Cooper Union for the Advancement of Science and Art: Open WebUI v0.9.2 on `kahan.ee.cooper.edu` — Auth-On + LDAP
Cooper Union runs an Open WebUI instance at kahan.ee.cooper.edu (199.98.27.237). /api/config returned Open WebUI v0.9.2 with enablesignup: false (auth-on; no signup-open class) and…
- 18
Cornell University: Open WebUI v0.6.14 on `onepl.aap.cornell.edu` — Auth-On + API Keys Enabled
Cornell University runs an Open WebUI instance at onepl.aap.cornell.edu (128.253.41.30:3000). /api/config returned Open WebUI v0.6.14 with enablesignup: false (auth-on; no signup-o…
- 19
University of Washington: Streamlit app on `D4-084.ce.washington.edu:8501` (Civil Engineering dept; framework confirmed)
University of Washington's Civil Engineering department surfaces a Streamlit application at D4-084.ce.washington.edu (128.95.204.84:8501). Streamlit framework confirmed via /stcore…
- 20
University of Dhaka: Coding Cluster, 3 Cloud Proxies, Embedding Pipeline
University of Dhaka (AS137359) exposes an Ollama instance focused on software development AI tooling: multiple code-specialized models, a high-quality multilingual embedding model…
- 21
University of Alberta: CS Dept GPU Server, gpt-oss:120b, Coding Stack
lula.cs.ualberta.ca (129.128.243.184), University of Alberta Computer Science department, runs Ollama v0.21.1 with 5 models including gpt-oss:120b (65GB, 116.8B parameters) and qwe…
- 22
China Telecom Tianjin: 46-Node Multi-Tenant Ollama Cluster
China Telecom's Beijing-Tianjin-Hebei Big Data Industry Park (Tianjin, AS141679) hosts at least 46 cloud VM instances running Ollama on port 11434 without authentication. All disco…
- 23
University of Nicosia: DeepSeek V4 Pro Cloud Proxy, Unauthenticated Inference
82.116.203.130 (University of Nicosia / Intercollege, Cyprus, CYNET) runs Ollama v0.17.0 with deepseek-v4-pro:cloud listed in the model inventory. Cloud inference returned "ollama…
- 24
Forskningsnettet (Danish Research and Education Network): Two Nodes, v0.3.0 Ancient + v0.22.0 Current
Two Ollama nodes in Aalborg, Denmark on AS1835 Forskningsnettet (the Danish national research and education network). One node (130.225.39.157) runs Ollama v0.3.0, a pre-release bu…
- 25
Agricultural University of Athens: 142GB Qwen3-235B MoE, Dual-Embedding RAG
afa4pc19.aua.gr (143.233.187.19), Agricultural University of Athens (Γεωπονικό Πανεπιστήμιο Αθηνών, AUA), runs Ollama v0.18.2 with a 5-model stack anchored by qwen3:235b-a22b-instr…
- 26
Institut Teknologi Bandung (ITB): 22 Models, Custom Indonesian Education AI
Institut Teknologi Bandung's LSKK (Laboratorium Sistem Komputer dan Kecerdasan Buatan, Computer Systems and AI Lab, Electrical Engineering) exposes Ollama at lskk-20.ee.itb.ac.id (…
- 27
University of Indonesia: Unauthenticated Ollama Node
The University of Indonesia (Universitas Indonesia, UI) exposes one Ollama node at 152.118.31.61 (Depok, West Java, AS3382). The instance runs an ancient Ollama build (v0.5.4-dirty…
- 28
Kumamoto University: Account Takeover, MiniMax Cloud Proxy (CS Architecture Lab)
scorpio.arch.cs.kumamoto-u.ac.jp (133.95.140.141), Kumamoto University Computer Science department (Architecture lab, arch.cs), runs Ollama v0.12.7 with a live Ollama Connect accou…
- 29
Waseda University: Account Takeover (`tokoko`), Custom DeepSeek Academic/JP Models, qwen3-vl:235b
Waseda University (tokoko.human.waseda.ac.jp, 133.9.184.47) exposes Ollama with 10 models including a live Ollama Connect account takeover. The username is tokoko, a human-chosen n…
- 30
University of Rwanda: Qwen3.5 + Qwen3.6 27B, College of Education Campus
154.68.72.29 (University of Rwanda, College of Education Campus, Kigali) runs Ollama with qwen3.5:27b and qwen3.6:27b accessible without authentication. This is the first Sub-Sahar…
- 31
Technical University of Košice: MedGemma 54GB, Abliterated Qwen3.6-35B, Turkish LLM, RAG Stack
prometheus.fei.tuke.sk (147.232.40.80), Faculty of Electrical Engineering and Informatics at the Technical University of Košice (TUKE), Slovakia, runs Ollama v0.11.11 with 24 model…
- 32
National Chengchi University: Taiwan National AI Models (TAIDE) Exposed on V100×4 Server
National Chengchi University (政治大學) Computer Science department has a 4× NVIDIA V100 GPU server (V100x4.cs.nccu.edu.tw, 140.119.163.219) with Ollama exposed on port 11434 without a…
- 33
National Tsing Hua University: TAIDE-NPC Model, Qwen3.6:35b
National Tsing Hua University (清華大學, NTHU) node sd197130.shin34.ab.nthu.edu.tw (140.114.197.130) runs Ollama v0.22.0 (current release) with two models, qwen3.6:35b and taide-npc:la…
- 34
National Taiwan University: CSIE MVNL Lab, Llama-3.3-70B vLLM (FP8, 2-Engine)
mvnl-nas.csie.ntu.edu.tw (140.112.91.209) in NTU's Computer Science and Information Engineering (CSIE) department exposes vLLM on port 8080 serving nvidia/Llama-3.3-70B-Instruct-FP…
- 35
TANet Abliterated Model Cluster: `gemma4-crack-fixed`, Multiple Safety-Bypassed Models
A Taiwan Academic Network node at 120.126.16.144 (AS1659 TANet, Taipei, no rDNS) runs a concentrated cluster of abliterated, uncensored, and jailbreak-labeled models on Ollama v0.2…
- 36
Taiwan Ministry of Education Computer Center (TANet): Account Takeover, Default `ollama` Credentials
A TANet-hosted node (AS1659 Taiwan Academic Network Information Center, Taipei) exposes Ollama with two cloud proxy subscriptions and a live account takeover, the Ollama Connect ac…
- 37
Binh Duong University: Account Takeover, Contabo VPS (`itu.edu.vn`)
A server with hostname itu.edu.vn (94.136.191.179) running Ollama on Contabo GmbH VPS infrastructure has a live Ollama Connect account takeover. The hostname references the Interna…
- 38
UC Berkeley: Residential Hall Machine, qwen2.5:32b Public
lal-99-178.reshall.berkeley.edu (169.229.99.178), a machine on UC Berkeley's residential hall network, runs Ollama v0.11.10 with qwen2.5:32b (19GB) exposed on port 11434. The resha…
- 39
UC Berkeley: Course AI Assistant, Unauthenticated Memory Injection
roar-art.EECS.Berkeley.EDU (128.32.43.210) runs a production FastAPI service called "Course AI Assistant API" serving AI-assisted tutoring across EECS courses. The /api/chat/memory…
- 40
UC Berkeley: vLLM 4-Node Research Cluster, SecAlign + Nemotron
Four vLLM nodes on UC Berkeley's research computing network (128.32.0.0/16) expose OpenAI-compatible inference APIs without authentication. The most significant node (128.32.112.12…
- 41
University of California, San Diego (UCSD): Large Local Models + Cloud Proxies
University of California San Diego (AS26397, The Regents of the University of California) exposes an Ollama instance with 7 models including qwen3.5:35b (22GB), gpt-oss:120b (61GB)…
- 42
Purdue University (main campus): Account Takeover on n8n Workflow Automation Server
Purdue University main campus (West Lafayette, IN) exposes an Ollama instance at n8n.tap.purdue.edu, the reverse DNS reveals this is a Purdue n8n workflow automation deployment. n8…
- 43
University of Maine: 69GB Uncensored 122B Model + 18 Cloud Subscriptions, ECE Server
University of Maine's Electrical and Computer Engineering (ECE) department runs an Ollama server at ECE-Ubuntu-02.um.maine.edu (Orono, AS557) with 21 models: 18 cloud proxy subscri…
- 44
Bangladesh Research and Education Network (BdREN): Unauthenticated Inference Node
The Bangladesh Research and Education Network (BdREN), the national research and education network of Bangladesh, exposes one Ollama node on 203.96.189.126. Seven models including…
- 45
"No. 18 Institute of Jingdong HQ": 26-Node Cluster, China Unicom
A 26-node Ollama cluster on China Unicom's 111.228.0.0/16 range, all registered to org eleven street,No. 18 Institute of Jingdong headquarters. The org name reads as a Chinese phys…
- 46
Algerian Academic Research Network (ARN): Unauthenticated Inference Node
Algeria's national academic research network exposes one Ollama node (193.194.91.182) with two models including SmolLM2 with a live system prompt.
- 47
Informatics and Telematics Institute (ITI): Mistral Small 24B, vcl.iti.gr
The Information Technologies Institute (ITI), part of CERTH (Centre for Research and Technology Hellas), Greece's largest national research centre, exposes one Ollama node (vcl.iti…
- 48
India NIB (National Internet Backbone / BSNL): 2-Node Cluster, 32B Coder
Two Ollama nodes on India's National Internet Backbone (NIB), operated by BSNL (Bharat Sanchar Nigam Limited), India's state-owned telecom. Node 2 (static.ill.117.251.22.196.bsnl.c…
- 49
Kyungpook National University: 3-Node Cluster, Multimodal AI
Kyungpook National University (KNU, Daegu, South Korea) exposes three Ollama nodes on the public internet. Together the nodes span vision-language models (qwen3-vl:32b, llava), a c…
- 50
Morocco ONPT: National Telecom Operator Ollama Node
Office National des Postes et Télécommunications (ONPT), Morocco's national postal and telecommunications operator, exposes one Ollama node (160.174.129.120) with a single model. O…
- 51
Malaysia Ministry of Education (EMISC): Unauthenticated Ollama Node
Malaysia's Ministry of Education Education Management Information System Centre (EMISC) exposes one Ollama node (203.172.144.85) with two models. EMISC manages the national school…
- 52
ICI Bucharest: 2-Node Cluster, Cloud Proxy + Abliterated Models
Institutul National de Cercetare-Dezvoltare în Informatică (ICI Bucharest), Romania's national IT research institute, exposes two Ollama nodes. Node 1 (85.122.129.92) runs cloud pr…
- 53
Taiwan Academic Network (TANet): 18-Node Cluster, 1 Account Takeover, Multi-Institution
The Taiwan Ministry of Education Computer Center operates TANet (Taiwan Academic Network), the national IP allocation backbone for all Taiwan universities. The institute sweep foun…
- 54
California Institute of Technology (Caltech): GPT-OSS 120B, RAG Pipeline
A Caltech node (yertle.caltech.edu, 131.215.141.46) exposes Ollama with 6 models including gpt-oss:120b (OpenAI's 120B open model, 65.4GB) and a RAG pipeline stack (two embedding m…
- 55
Institute for Informatics and Automation Problems, Armenia: Dual Cloud Proxy + Docker Credential Leak
The Institute for Informatics and Automation Problems of the National Academy of Sciences of Armenia (Yerevan) is running Ollama inside a Docker container with two cloud proxy subs…
- 56
Monash University: 3-Node Cluster, DeepSeek V3.1 671B, Cloud Proxies
Monash University (Melbourne, Australia) exposes three Ollama nodes on the 118.138.0.0/16 ERC subnet. The primary node (vm-118-138-233-225.erc.monash.edu.au) carries a full DeepSee…
- 57
University of Newcastle, Australia: DeepSeek Cloud Proxy + RAG Pipeline
University of Newcastle (Australia, Callaghan campus) server with deepseek-v4-pro:cloud cloud proxy subscription and mxbai-embed-large:latest embedding model indicating an active R…
- 58
CEFET/RJ (Centro Federal de Educação Tecnológica Celso Suckow da Fonseca): 17-Model Brazilian Portuguese AI Stack
Brazil's CEFET/RJ (Federal Center for Technological Education Celso Suckow da Fonseca) has an Ollama instance with 17 models, including custom Brazilian Portuguese fine-tunes and a…
- 59
University of Manitoba: CS Department GPU Server, Deep Research Stack
The Computer Science department at the University of Manitoba (quail.cs.umanitoba.ca) is running Ollama with five large local models including DeepSeek-R1:70B, Llama 3.3, and Llama…
- 60
University of Western Ontario: 2-Node Cluster, Account Takeover on Node 2
University of Western Ontario (London, Ontario) Engineering faculty runs two Ollama nodes on its eng.uwo.ca subnet. Node 1 (WE-D-ECE-0288) has 9 models with cloud proxy (no credent…
- 61
Shandong Medical Graduate School: 376GB DeepSeek + Abliterated R1-Distill + Credential Leak
A Shandong Province medicine video graduate school (China) is running Ollama with the 376GB local DeepSeek V3 model (identical stack to Shiv Nadar University, India), an abliterate…
- 62
Brno University of Technology: Abliterated Gemma + Bulgarian GPT + RAG Pipeline
Brno University of Technology (VUT Brno), Czech Republic, is running Ollama on a Faculty of Mechanical Engineering server with an abliterated Gemma 3 model (safety fine-tuning remo…
- 63
University of Hertfordshire: RobotHouse Dev Server, gpt-oss Cloud Proxy 200 OK
A development server at the University of Hertfordshire's RobotHouse facility (robothouse-dev.herts.ac.uk) is running Ollama with gpt-oss:latest cloud proxy returning 200 OK withou…
- 64
Technical University of Crete + NTUA: Unauthenticated Ollama, MiniMax Cloud, 235.7B Model
- Username: arian - SSH pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASZr/fN5P73o/WF6vT/owMFz3ftTeBlzOpEFpS2QStP - Cloud proxy: minimax-m2.7:cloud (MiniMax API subscription)
- 65
University of Crete Medical Center: Dual-Embedding RAG Pipeline
The University of Crete Medical Center (centaur.med.uoc.gr) is running Ollama with a sophisticated dual-embedding RAG pipeline, both mxbai-embed-large and nomic-embed-text are depl…
- 66
Shiv Nadar University: 7-Node Cluster, Chest X-Ray AI + Abliterated Models + 30+ Cloud Subscriptions
Shiv Nadar Institution of Eminence (India, Noida) runs a 7-node shared AI cluster with all nodes exposed on 0.0.0.0:11434. The cluster grew from 3 nodes (2026-05-01) → 5 nodes (202…
- 67
Keio University: Unauthenticated Ollama, Dual Cloud Proxy, 122B Model
Keio University (Japan) server with 8 Ollama models including two DeepSeek cloud proxy subscriptions and a 122-billion-parameter Qwen3.5 MoE model. Raw Ollama port publicly accessi…
- 68
Jomo Kenyatta University of Agriculture and Technology: Cloud Proxy Exposure
Jomo Kenyatta University of Agriculture and Technology (JKUAT), Kenya, is running an Ollama instance on campus with a MiniMax cloud proxy subscription publicly accessible without a…
- 69
KRENA (Kyrgyz Research and Education Network): 433GB GLM-5.1, DeepSeek Cloud Proxy
The Kyrgyz Research and Education Network (KRENA) has an Ollama instance exposed on port 11434 running a 433GB quantized GLM-5.1 model, the largest single local model observed in t…
- 70
INHA University: Ollama Stack + vLLM Node
INHA University (인하대학교) in Incheon has two independent unprotected AI inference nodes: an Ollama instance (165.246.39.51) with 7 models totalling 133GB including gpt-oss:20b and du…
- 71
POSTECH: 11-Node Cluster, 18+ Cloud Subscriptions, 6 Account Takeovers + Synchrotron Beamline + Essential AI Model
Pohang University of Science and Technology (POSTECH) has a 9-node cluster spanning the BSP (Brain Science Platform) LAN and the Pohang Accelerator Laboratory (PAL) 4th-generation…
- 72
Seoul National University: 3-Node Cluster, Cloud Proxy + Credential Leak (user: node1)
Seoul National University (SNU, 서울대학교) has three Ollama instances on the 147.47.0.0/16 campus block. Node 1 (147.47.200.153) carries cloud proxy subscriptions and leaks Ollama Conn…
- 73
Yonsei University: 17 Cloud Subscriptions on Non-Standard Port, Free-Tier 200 OK
Yonsei University (Seoul, South Korea) is running Ollama on non-standard port 5004 with 17 cloud proxy subscriptions matching the pattern seen at POSTECH, Shiv Nadar, Hanoi Univers…
- 74
Lanka Education and Research Network (LEARN): Credential Leak (user: modelserver)
Sri Lanka's academic network (LEARN, Lanka Education and Research Network) has an Ollama instance at 192.248.70.139 with a deepseek-v4-pro:cloud subscription and llama3.2-vision. T…
- 75
COMSATS University: Medical AI Models, Kimi Cloud Proxy
COMSATS (Commission on Science and Technology for Sustainable Development in the South), an intergovernmental international organization with a university campus network, has an Ol…
- 76
Technical University of Łódź (TUL): DeepSeek-R1:32B, Cross-Network Custom Model
Technical University of Łódź (Politechnika Łódzka) has an Ollama instance on xray02.p.lodz.pl with 3 models including a 20GB DeepSeek-R1 and lukashabtoch/plutotext-r3-emotional:lat…
- 77
ITMO University, Russia: 24 Models, gpt-oss:20b + gpt-oss:120b Cloud Proxies
ITMO University (Saint Petersburg, Russia) has an Ollama instance with 24 models including frontier models (Llama 4, Qwen 2.5 VL 72B, Kimi-Dev-72B) and gpt-oss:20b / gpt-oss:120b c…
- 78
KTH Royal Institute of Technology: Dual-Node Unauthenticated Ollama, Abliterated Model Running as Root
KTH Royal Institute of Technology (Stockholm) has two separate servers running unauthenticated Ollama with DeepSeek v4 Pro cloud proxy subscriptions. One node hosts an "abliterated…
- 79
Umeå University: GPU Research Server (gpuhost02)
Umeå University (Sweden) has a named GPU compute server (gpuhost02.cs.umu.se) running Ollama with a large reasoning model (qwen3.6:35b) publicly accessible without authentication.…
- 80
University of Žilina: Student Laptop with 3 Free-Tier Cloud Proxies (200 OK)
A student laptop at the University of Žilina (Slovakia, Faculty of Mechanical Engineering) has Ollama bound to 0.0.0.0 with three Ollama Connect cloud proxy models all returning 20…
- 81
Chulalongkorn University: Three Cloud Proxies + Credential Leak (Kimi K2.6, DeepSeek, Qwen)
Chulalongkorn University (Thailand, ranked 1 in Southeast Asia) server with 12 Ollama models including three cloud proxy subscriptions: DeepSeek v4 Pro, Kimi K2.6 (Moonshot AI), an…
- 82
Thailand Ministry of Public Health: Unauthenticated Inference, Vision Models
Thailand's Ministry of Public Health (MoPH) has an Ollama instance at 203.157.41.151 with 5 models publicly accessible, including granite3.2-vision:2b (IBM's vision-language model)…
- 83
Fu Jen Catholic University: Medical Public Health GPU Server, 75GB + 60GB Local Models
Fu Jen Catholic University's Medical and Public Health department (user220.medph.fju.edu.tw) has an Ollama instance exposed on port 11434 with 8 models totalling over 200GB of loca…
- 84
National Cheng Kung University (NCKU): RTX 3090 GPU Server, Non-Standard Port, Credential Leak
National Cheng Kung University (NCKU), one of Taiwan's top engineering universities, has an Ollama instance running on non-standard port 22222. The MiniMax cloud proxy leaks the Ol…
- 85
NCU / TANet Taoyuan: Production Medical Scheduling SaaS System Prompt Fully Exposed
A server on the TANet Taoyuan Regional Network (National Central University segment, 163.25.105.115) hosts two custom Ollama models, aiden-deepseek:latest and aiden:latest, that ar…
- 86
National Taiwan University: GPU Cluster g1pc2n108, Multimodal Vision Stack
NTU's GPU cluster node g1pc2n108.g1.ntu.edu.tw (140.112.233.108) has Ollama exposed on port 11434 with 11 models skewed heavily toward vision and multimodal tasks, including GLM-OC…
- 87
Hanoi University: 18 Cloud Proxy Subscriptions + Credential Leak (Containerized Deployment)
Hanoi University (Vietnam) running a 31-model Ollama instance with 18 active cloud proxy subscriptions. Cloud proxy 401 response leaks Ollama Connect credentials, username 04aa6fb5…
- 88
Vietnam National University Hanoi: Domain-Specific Distilled Models
Vietnam National University Ha Noi has an Ollama instance with domain-specific fine-tuned models for legal (CaseHold), biomedical (PubMedQA), and financial (FinQA) question answeri…
- 89
Vietnam National University Ho Chi Minh City: final-exploit-v1 + gpt-oss Cloud Proxy
Vietnam National University Ho Chi Minh City (Information Technology Park) has an Ollama instance with an unusually named model final-exploit-v1:latest and a gpt-oss:latest cloud p…
- 90
UC Davis: Large Local Models + Claude 4.6 Opus-Distilled
University of California, Davis has an Ollama instance with Qwen3-Coder-Next (48GB), qwen3.5:122b-a10b (75GB), and, notably, moophlo/Qwen3.5-27B-Claude-4.6-Opus-Reasoning-Distilled…
- 91
UC Santa Barbara: Open WebUI Auth Disabled + Local Username Leak
University of California, Santa Barbara "AI Lab" instance running Open WebUI v0.8.12 with authentication completely disabled. Any internet actor can enumerate models, read model co…
- 92
Purdue University Northwest: 3-Node Cluster, Account Takeover, Live Cloud Proxies, Claude-Distilled Model
Purdue University Northwest has 3 nodes across the 163.245.x.x subnet, all with cloud proxy subscriptions. Node 2 (163.245.207.105) exposes live Ollama Connect credentials, account…
- 93
Duke University: Unauthenticated Agentic Ollama with File Inspection Tools
Duke University server running Ollama with two agent-configured variants of Qwen 3.6-27B, both with system prompts instructing file-inspection behavior and native function-calling…
- 94
Columbia University: Unauthenticated Ollama + Cloud Proxy Credential Leak
Columbia University server running Open WebUI v0.8.12 (auth enabled) with raw Ollama API (port 11434) exposed to the public internet. One active cloud proxy subscription (DeepSeek)…
- 95
Rochester Institute of Technology: 4-Node Cluster, DGX with 18 Cloud Subscriptions, Student Machine with Abliterated Models
Rochester Institute of Technology (RIT) has four externally-accessible Ollama nodes on campus, including an NVIDIA DGX research server with 18 cloud proxy subscriptions (same subsc…
- 96
SUNY Buffalo: Unauthenticated Ollama + Cloud Proxy Quota Hijack Confirmed
State University of New York at Buffalo research compute node running 26 Ollama models including gemma4:31b-cloud, a cloud proxy model. Cloud proxy inference confirmed live, 200 OK…
- 97
SUNY Stony Brook: Biology Department, OLMo Research Stack + Cloud Proxy
SUNY Stony Brook Biology Department server (040-218.bio.sunysb.edu) is running Ollama with the full Allen AI OLMo-3 research stack (olmo-3, olmo-3.1-32b-think, olmo-3.1-32b-instruc…
- 98
Syracuse University: IST R640 Server, Free-Tier Cloud Proxy on Port 12345
A Dell PowerEdge R640 server in Syracuse University's School of Information Studies (ist-r640-mafudge.syr.edu) is running Ollama on non-standard port 12345 with gemma4:31b-cloud re…
- 99
Virginia Polytechnic Institute and State University (Virginia Tech): DHCP Node
Virginia Tech has at least 4 Ollama-running IPs in Shodan; only h80adf308.dhcp.vt.edu (128.173.243.8) responds publicly. The DHCP hostname indicates a desktop or workstation on the…
- 100
Egypt NREN (ENSTINET): Custom Arabic Uncensored Models, Non-Standard Port, CVE-2025-63389
Egypt's National Research and Education Network (ENSTINET) has an Ollama instance on non-standard port 3005 hosting 11 models including three custom Arabic-language uncensored fine…
§ 04 Engagement records
Government
- 01
Indonesia Government Cluster: 5-Node Survey, 2 Account Takeovers
Five Indonesian government Ollama nodes confirmed live across .go.id infrastructure. Two provincial government nodes have live Ollama Connect account takeover URLs. The cluster spa…
- 02
Pemerintah Provinsi Kalimantan Utara: Account Takeover, Claude-Distilled Model
The North Kalimantan Province Government (Pemerintah Provinsi Kalimantan Utara) exposes an Ollama node at ip-103-156-110-80.kaltaraprov.go.id (103.156.110.80). The node runs cloud…
- 03
DINAS KOMINFO PROV. JAWA TENGAH: Account Takeover, RAG Pipeline
The Central Java Province Communications and Information Technology Department (Dinas Kominfo Prov. Jawa Tengah) exposes an Ollama node at sijoli-11-245-107.jatengprov.go.id (103.1…
- 04
AWS GovCloud: Unauthenticated Ollama, Custom JOSIE AI, DeepSeek + MiniMax Cloud Proxy
An Ollama node at ec2-16-64-116-67.us-gov-east-1.compute.amazonaws.com (16.64.116.67) runs in AWS GovCloud (us-gov-east-1), the AWS region reserved for US government agencies and t…
§ 05 Engagement records
Critical Infrastructure
- 01
Thailand Ministry of Public Health: Unauthenticated Ollama with Vision Model
Thailand Ministry of Public Health server running Ollama with 5 models including IBM Granite Vision 2B. Raw Ollama port publicly accessible, no authentication. No cloud proxy. Sect…
- 02
City of Cartersville, GA: Local Government Ollama + Cloud Proxy Credential Leak
City of Cartersville, Georgia municipal server running Ollama on Windows with one active cloud proxy subscription (DeepSeek v4 Pro). Raw Ollama port publicly accessible, no authent…
- 03
Meriwether Lewis Electric Cooperative: 235B-Parameter Model on Unauthenticated Ollama
Meriwether Lewis Electric Cooperative (rural electric utility, Tennessee) running a 235-billion-parameter Ollama instance with raw API port publicly accessible. No authentication.…
§ 06 Engagement records
K-12
- 01
117.50.80.181 — TCI Kindergarten ASR / Speech-Assessment Platform
117.50.80.181:8001 runs the "TCI ASR Service" v3.0.0, a Chinese kindergarten classroom speech-assessment platform. The processing tier has no authentication. An unauthenticated int…
- 02
Chinese Primary School: Cloud Proxy Subscriptions + Credential Leak
An Experimental Primary School in China (Shodan org: "Experimental Primary School") is running Ollama with three cloud proxy subscriptions, DeepSeek V4 Pro, Devstral-2 (123B), and…
- 03
hts.k12.nj.us: NJ K-12 Open WebUI + Ollama Exposure
A New Jersey K-12 school district server running Open WebUI v0.8.8 backed by Ollama v0.17.5 was found with the raw Ollama API port (11434) exposed to the public internet alongside…