VMware vCenter SDK API Probe for 2026-02-18

Last Updated: 16:45 UTC

/sdk is the vCenter Managed Object Browser and SOAP API endpoint. CVE-2021-22005 (file upload RCE via analytics service) and CVE-2021-21985 (vSphere Client plugin RCE) both achieve unauthenticated code execution against the vCenter management plane.

CVE References

CVE-2021-22005 CVE-2021-21985

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /sdk
• /sdk/

Attackers by Country

IP Address : ASN : City/Provider

• 103.187.191.194 : ASNone : unknown

• 103.187.191.210 : ASNone : unknown

• 103.29.68.35 : AS63949 linode llc : Tokyo

• 104.156.155.30 : AS400161 academy of internet research limited liability company : unknown

• 109.74.204.123 : AS63949 linode llc : London

• 119.90.52.52 : AS59008 beijing flash newsletter cas telecommunication : China

• 139.162.229.202 : AS63949 linode llc : London

• 147.78.47.53 : AS209588 flyservers s.a. : Lebanon

• 152.32.145.20 : AS135377 ucloud information technology (hk) limited : Tokyo

• 159.65.226.196 : AS14061 digitalocean llc : North Bergen

• 170.187.155.78 : AS63949 linode llc : Atlanta

• 172.104.140.107 : AS63949 linode llc : Frankfurt am Main

• 172.104.159.48 : AS63949 linode llc : Frankfurt am Main

• 172.105.184.153 : AS63949 linode llc : Sydney

• 172.105.87.91 : AS63949 linode llc : Frankfurt am Main

• 175.45.85.202 : AS4826 vocus communications : Perth

• 178.128.0.206 : AS14061 digitalocean llc : Santa Clara

• 178.79.148.229 : AS63949 linode llc : London

• 185.70.186.188 : AS57043 hostkey b.v. : Netherlands

• 186.113.45.106 : AS3816 colombia telecomunicaciones s.a. esp : Tuluá

• 191.6.161.105 : AS262907 brasil tecnologia e participacoes s/a : Santa Maria

• 192.168.1.186 : unknown : unknown

• 194.195.126.92 : AS63949 linode llc : Sydney

• 208.100.26.229 : AS32748 steadfast : United States of America

• 208.100.26.230 : AS32748 steadfast : United States of America

• 208.100.26.231 : AS32748 steadfast : United States of America

• 45.33.101.246 : AS63949 linode llc : Atlanta

• 45.33.65.249 : AS63949 linode llc : Cedar Knolls

• 45.79.178.89 : AS63949 linode llc : Cedar Knolls

• 45.79.248.28 : AS63949 linode llc : Frankfurt am Main

• 47.242.0.44 : AS45102 alibaba (us) technology co. ltd. : Central

• 47.242.118.213 : AS45102 alibaba (us) technology co. ltd. : Central

• 47.242.77.72 : AS45102 alibaba (us) technology co. ltd. : Central

• 47.243.107.113 : AS45102 alibaba (us) technology co. ltd. : Central

• 47.243.138.243 : AS45102 alibaba (us) technology co. ltd. : Central

• 47.253.48.77 : AS45102 alibaba (us) technology co. ltd. : United States of America

• 50.116.16.97 : AS63949 linode llc : Richardson

• 50.31.21.10 : AS32748 steadfast : United States of America

• 50.31.21.11 : AS32748 steadfast : United States of America

• 50.31.21.4 : AS32748 steadfast : United States of America

• 50.31.21.5 : AS32748 steadfast : United States of America

• 50.31.21.7 : AS32748 steadfast : United States of America

• 50.31.21.8 : AS32748 steadfast : United States of America

• 50.31.21.9 : AS32748 steadfast : United States of America

• 64.227.188.233 : AS14061 digitalocean llc : Atlanta

• 8.210.12.190 : AS45102 alibaba (us) technology co. ltd. : Central

• 8.210.156.105 : AS45102 alibaba (us) technology co. ltd. : Central

• 8.210.164.233 : AS45102 alibaba (us) technology co. ltd. : Central

• 8.218.108.238 : AS45102 alibaba (us) technology co. ltd. : Singapore

• 8.218.13.226 : AS45102 alibaba (us) technology co. ltd. : Singapore

• 80.85.85.235 : AS63949 linode llc : London

• 88.80.186.144 : AS63949 linode llc : London

• 93.39.201.244 : AS12874 fastweb spa : Trieste