www.criminalip.io
Open in
urlscan Pro
172.67.8.74
Public Scan
Submitted URL: http://www.criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On July 09 via manual from SG — Scanned from SG
Effective URL: https://www.criminalip.io/
Submission: On July 09 via manual from SG — Scanned from SG
Form analysis 1 forms found in the DOM
<form class="form">
<div class="searchStyle__SearchInputWrap-sc-2fe4b922-5 julCkv SearchInputWrap "><input data-role="inputbox" maxlength="500" placeholder="Try to search assets with the following filter examples below" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-2fe4b922-6 ignLtX" value=""><button id="SearchButton" class="searchStyle__SearchButton-sc-2fe4b922-7 gfydR gtm-click-search-button" type="submit" title="search"></button></div>
</form>Text Content
Cybersecurity Search Engine | Criminal IP
Search Engine
Products
Resources
About
Contact Us
* English
* Français
* 日本語
* 한국어
* العربية
Pricing
Login
SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET.
SEARCH FOR INFORMATION ON COMPUTERS
CONNECTED TO THE PUBLIC INTERNET.
Top 10KeywordIP
1
webcamXP 5’
1
116.202.219.176
2
webcamxp
2
223.26.138.4
3
webcam
3
103.11.189.220
4
HttpFileServer v2.3
4
43.133.184.33
5
"public/css/kclient.css"
5
161.35.63.219
6
kyc
6
139.198.171.229
7
udpxy
7
41.228.96.99
8
m3u8
8
192.241.218.37
9
iresponse
9
78.162.109.143
10
slot gacor
10
152.32.200.243
AssetDomainImageHacking GroupExploit
AssetDomainImageActorsExploit;
Look up my IP addressCreate a Free Account
CYBERSECURITY REPORT
Cybersecurity Report
PRIVACY BREACH: ID AND PERSONAL INFORMATION EXPOSED IN KYC SYSTEMS
What is KYC?Recently, KYC (Know Your Customer) has become a mandatory
requirement not only in the financial sector but also for cryptocurrency
exchanges. KYC is a procedure for verifying the identity of customers to confirm
that they are indeed the owners of their accounts. This involves submitting
2024.07.05
Cybersecurity Report
POLYFILL SUPPLY CHAIN ATTACK: MALICIOUS CODE INJECTED INTO MORE THAN 100,000
DOMAINS
Polyfill is an open-source library that supports older browsers, and Polyfill.js
is an open-source JavaScript source used by more than 100,000 sites worldwide.
Recently, the domains using Polyfill.js were identified to have been exposed to
malware attacks. This article will cover a supply chain malw
2024.07.04
Cybersecurity Report
REGRESSHION (CVE-2024-6387): CRITICAL RCE VULNERABILITY EXPOSES 9.78 MILLION
OPENSSH SERVERS, “URGENT ACTION REQUIRED”
A critical RCE vulnerability in OpenSSH, known as ‘regreSSHion (CVE-2024-6387)’,
has been discovered, prompting the global security industry to stay alert and
emphasize the need for analysis and response to potential attacks. This
vulnerability is known to affect OpenSSH servers (sshd) on glibc-base
2024.07.02
Cybersecurity Report
THE GROWING THREAT OF ILLEGAL CHINESE OTT PLATFORMS TO PERSONAL DATA SECURITY
Recently, there has been a surge in incidents involving the leakage of sensitive
personal information through illegal OTT (Over-The-Top) services operated in
China. These leaks can lead to various crimes, including voice phishing,
financial fraud, sexual crimes, cyberbullying, and privacy invasions.
2024.06.20
Cybersecurity Report
CAUTION: EXTERNAL EXPOSURE OF LICENSE PLATE RECOGNITION SYSTEMS MAY LEAD TO
PERSONAL INFORMATION LEAKAGE
Recently, security incidents involving License Plate Recognition (LPR) systems
have been increasing. A License Plate Recognition system utilizes digital
cameras and infrared lighting devices to capture images of vehicle license
plates. The system automatically recognizes the characters and numbers o
2024.06.07
Cybersecurity Report
CVE-2024-29212: EXPOSED VEEAM SERVICE PROVIDER CONSOLE AFFECTED BY RCE
VULNERABILITY
On May 8, 2024, a serious remote code execution (RCE) vulnerability
‘CVE-2024-29212’ was discovered in Veeam’s VSPC (Veeam Service Provider
Console). Veeam is a backup and replication tool used for data protection and is
used in various environments such as virtual, physical, and cloud.What is CVE-2
2024.05.17
Cybersecurity Report
PRIVACY BREACH: ID AND PERSONAL INFORMATION EXPOSED IN KYC SYSTEMS
What is KYC?Recently, KYC (Know Your Customer) has become a mandatory
requirement not only in the financial sector but also for cryptocurrency
exchanges. KYC is a procedure for verifying the identity of customers to confirm
that they are indeed the owners of their accounts. This involves submitting
2024.07.05
Cybersecurity Report
POLYFILL SUPPLY CHAIN ATTACK: MALICIOUS CODE INJECTED INTO MORE THAN 100,000
DOMAINS
Polyfill is an open-source library that supports older browsers, and Polyfill.js
is an open-source JavaScript source used by more than 100,000 sites worldwide.
Recently, the domains using Polyfill.js were identified to have been exposed to
malware attacks. This article will cover a supply chain malw
2024.07.04
Cybersecurity Report
REGRESSHION (CVE-2024-6387): CRITICAL RCE VULNERABILITY EXPOSES 9.78 MILLION
OPENSSH SERVERS, “URGENT ACTION REQUIRED”
A critical RCE vulnerability in OpenSSH, known as ‘regreSSHion (CVE-2024-6387)’,
has been discovered, prompting the global security industry to stay alert and
emphasize the need for analysis and response to potential attacks. This
vulnerability is known to affect OpenSSH servers (sshd) on glibc-base
2024.07.02
Cybersecurity Report
THE GROWING THREAT OF ILLEGAL CHINESE OTT PLATFORMS TO PERSONAL DATA SECURITY
Recently, there has been a surge in incidents involving the leakage of sensitive
personal information through illegal OTT (Over-The-Top) services operated in
China. These leaks can lead to various crimes, including voice phishing,
financial fraud, sexual crimes, cyberbullying, and privacy invasions.
2024.06.20
Cybersecurity Report
CAUTION: EXTERNAL EXPOSURE OF LICENSE PLATE RECOGNITION SYSTEMS MAY LEAD TO
PERSONAL INFORMATION LEAKAGE
Recently, security incidents involving License Plate Recognition (LPR) systems
have been increasing. A License Plate Recognition system utilizes digital
cameras and infrared lighting devices to capture images of vehicle license
plates. The system automatically recognizes the characters and numbers o
2024.06.07
Cybersecurity Report
CVE-2024-29212: EXPOSED VEEAM SERVICE PROVIDER CONSOLE AFFECTED BY RCE
VULNERABILITY
On May 8, 2024, a serious remote code execution (RCE) vulnerability
‘CVE-2024-29212’ was discovered in Veeam’s VSPC (Veeam Service Provider
Console). Veeam is a backup and replication tool used for data protection and is
used in various environments such as virtual, physical, and cloud.What is CVE-2
2024.05.17
CRIMINAL IP SEARCH TIP
HOW TO USE A LINK SCANNER TO IDENTIFY USPS PHISHING SITES AND TEXT SCAMS
Recently, the results of a security company investigation showing that the
traffic of domains impersonating USPS was significantly higher than the actual
traffic on the official website was reported in various global media, and it has
become an issue.In this article, we aim to explore how phishing attackers are
exploiting USPS impersonation domains. Additionally, we will share how to use
the Domain Search link scanner feature of the threat intelligence search engine
Criminal IP to identify text scams exploiting suspicious phishing sites.Subtle
Techniques of USPS Phishing Sites and Text Scams�In 2001, USPS reportedly sent
over 103.6 billion delivery status emails to users. This high volume indicates
the widespread use of USPS services in the United States. Nowadays, with the
prevalence of mobile text services that are more convenient than email systems,
checking real-time delivery status has become easier. However, along with the
convenience of mobile services, there is also a rise in text scams targeting
parcel users. If you examine the URLs inserted in text messages sent as USPS
text scams, you’ll often find domains using keywords like “Track,” “Monitor,” or
“Package” to entice users waiting for their parcels to click on them.Examples of
SMS messages sent by domains impersonating USPSAccording to a report, Akamai, a
distributed computing specialist, analyzed suspicious USPS phishing SMS messages
redirecting to domains containing malicious JavaScript code for five months. The
analysis revealed that the total number of queries from USPS phishing sites
using popular top-level domains (TLDs) such as “.com,” “.top,” “.shop,” “.xyz,”
“.org,” and “.info” exceeded one million. Moreover, starting from late November
into the winter holiday season, the total queries from phishing sites surpassed
those from the official site usps.com. Clicking on the malicious URLs inserted
in SMS messages could lead to the leakage of sensitive information such as user
account details and card information linked to mobile devices.Statistics on the
number of queries for USPS impersonation domains. Source: AkamaiStatistics of
USPS Phishing Sites Detected by AI Link ScannersWe analyzed USPS phishing sites
detected by the AI link scanner extension Criminal IP over the past 8 months.
Similar to Akamai’s analysis insights, there was a significant increase in
phishing sites during the year-end and early-year period when parcel usage was
high. In January, which saw the highest detection of phishing sites, a total of
323 domains impersonating USPS were discovered in one month. Recently, there
have been around 100 to 200 phishing sites detected per month. USPS phishing
site statistics detected by AI link scanner extension Criminal IPThe more famous
the service, the easier it is for cyber attackers to be targeted by phishing
attacks. Also, as can be seen from statistics, during periods when attacks occur
a lot, the number of domains blocked due to victims’ reports or cyber
investigations also increases, and more new phishing sites are
created.Identifying USPS Phishing Sites With a Real-time Link ScannerDue to
their notoriety, USPS phishing sites are swiftly generated and taken down. This
rapid turnover means that victims are repeatedly targeted with new smishing
attacks featuring freshly inserted phishing sites, making it increasingly
difficult to discern legitimate links from fraudulent ones. What’s needed in
such situations is a real-time link scanner and URL inspection tool. Criminal
IP’s Domain Search allows users to input suspicious URLs and scan them to detect
phishing sites in real-time. We recently scanned the domain of the USPS phishing
site used in the smithing attack into Domain Search.The URL for the phishing
site is usps-pr [.] helptme [.] top/address.html, which uses the .top top-level
domain, and the URI also contains USPS strings and keywords that induce users to
click, such as helpme.Check the USPS phishing site link scanner scan results:
https://www.criminalip.io/domain/report?scan_id=12637492USPS phishing site
scanned using real-time link scanner Criminal IP Domain SearchThe scan results
reveal that the site has been assessed with a critical domain score of 99% in
terms of risk level and is a newly created domain, active for less than a month.
Furthermore, within the HTML code, there are embedded redirection events
commonly associated with malicious intent. The site’s favicon is also identified
as a fraudulent favicon. Most importantly, the AI analysis indicates a very high
likelihood of phishing with a Probability of Phishing URL at 96.38%.Phishing
attacks such as USPS phishing and text scams, which are popular among attackers,
frequently employ new domains. Therefore, it’s wise to employ scanning tools or
threat intelligence to prevent such attacks. If you receive a text containing an
unsolicited package or mail delivery tracking link, it’s crucial to scan it with
Criminal IP before clicking to verify the legitimacy of the elements mentioned.
It’s important to avoid clicking on domains used in phishing attacks because
they can lead to the download of malicious code or the leakage of information
just by accessing them. The Criminal IP link scan results include screenshot
data, enabling you to view the access screen of the domain without actually
visiting the phishing site. The left image shows the actual USPS official site’s
shipment tracking screen, while the right image displays the screen of the
phishing site scanned with Domain Search. Comparing the two screens, you can see
that USPS phishing sites are crafted with sophistication, making them appear
genuine enough to prompt victims to enter personal information without
suspicion.Comparison between the actual USPS shipment tracking screen (left) and
the phishing site’s screen (right)Prevent Text Scam With Criminal IP Domain
SearchThe rapid advancement of AI technology has led to a significant increase
in domains impersonating not just USPS but also numerous global brands,
resulting in a rise in phishing attack incidents. As phishing sites become more
sophisticated and faster, it’s crucial to enhance prevention methods
accordingly. When identifying suspicious domains, using Criminal IP’s Domain
Search as a link scanner enables you to not only detect phishing but also access
detailed security intelligence about each component of the domain. It is
advisable to utilize Criminal IP Domain Search to scan the domain address and
mitigate the risk of falling victim to text scams when accessing a suspicious
site.For more information, check out the article: Can Threat Intelligence Detect
QR Code Phishing That Evades Spam Blocking Solutions?This report is based on
data from Criminal IP, a Cyber Threat Intelligence search engine. Create a�free
Criminal IP account�today�to access the search results cited in the report and
search for more extensive threat Intelligence.Data source: Criminal IP
(https://www.criminalip.io)Related articles:�Can Threat Intelligence Detect QR
Code Phishing That Evades Spam Blocking Solutions?
2024.05.03
Read More
Search
DETECTING MESHAGENT C2: HOW TO PREVENT POTENTIAL MALWARE ATTACKS
Recently, an incident occurred in which the North Korean hacking group Andariel
used the MeshAgent C2 server to spread malware to Korean companies. It is known
that Andariel downloaded the MeshAgent C2 server under the name “fav.ico” from
an external source and distributed malware such as AndarLoader and ModeLoader to
the attack target during the lateral movement.MeshAgent C2 Server Installation
LogMeshAgent is a remote management tool that provides a variety of functions
such as collecting basic information for remote control, executing commands,
offering RDP and VNC functions, along with power and account control. Although
Andariel’s abuse of MeshAgent is known for the first time, cyberattacks using
MeshAgent C2 servers have occurred frequently. Andariel is also a hacking group
that distributes malware by exploiting software installed on attack targets or
exploiting vulnerabilities. There are concerns that cyberattacks using MeshAgent
will increase in the future. Detection of Exposed MeshAgent C2 ServersSince the
search engine Criminal IP tags the IP address where the MeshAgent C2 server is
installed, we used the tag filter in Asset Search to search for the MeshAgent C2
server.Search Query:�tag: “c2_meshagent”Results of searching exposed MeshAgent
C2 servers using the tag filter in Criminal IP Asset SearchA total of 2,136
MeshAgent C2 servers were detected, and some of these servers may be traces of
malicious installation by attackers for attacks. In addition, there are concerns
that cyberattacks using MeshAgent will become more active in the future, so even
servers that are not installed for malicious purposes are more likely to become
targets of attacks if exposed externally. Exploiting C2 servers not only
distributes malicious code, but also enables malicious activities such as DDoS
attacks or cryptocurrency mining through botnets, and can lead to information
theft and additional attacks that exploit vulnerabilities within the system. In
particular, hacking attacks targeting companies can cause financial damage as
well as the leakage of personal and important information, and are a factor that
undermines the trustworthiness of companies.The country with the most MeshAgent
servers exposed is the United States with 682 servers, followed by Germany and
Russia.Statistics of countries with exposed MeshAgent C2 servers confirmed by
Criminal IPExposed Remote Administration Pages and C2 ServersIn the search
results, the IP address hosting the login page of the open-source remote
monitoring and management server “MeshCentral” was exposed and confirmed. The
fact that the login page of a remote management system is exposed externally
means that it is vulnerable to server infiltration and hacking threats for
remote control functions. Hackers can use credential stuffing, default
passwords, social engineering techniques, or infected software to discover user
account information and attempt to access internal systems.As shown in the
screenshot below, it is crucial to take swift action to block external access to
exposed remote control systems and allow only authorized access.Login page of
MeshCentral, an externally exposed open-source remote monitoring and management
serverIn addition to MeshAgent C2 used in this malware distribution attack, C2
servers are also being abused in various cyberattacks. Previously, the CIP blog
covered the dark web leak of military documents that exploited the C2 framework
and introduced a method for detecting IP addresses that exploit C2 servers to
perform malicious network activities. In addition to the queries introduced in
the blog, you can use the C2 tag of the Criminal IP below to detect C2 servers
that may be exploited for cyberattacks.tag: “C2”tag: “c2_covenant”tag:
“c2_metasploit”tag: “c2_posh”Results of searching tag: “C2” in Criminal IP Asset
SearchDetecting the external exposure of C2 servers installed on the company’s
systems and monitoring internal access to the IP addresses of these C2 servers
is crucial from a security standpoint. Using tags in Criminal IP queries greatly
helps simplify and streamline cybersecurity and response processes.Criminal IP’s
C2 tag can be used from the Pro plan or higher, and in relation to this, you can
refer to Chilean Army Documents Leak: Exploiting Cobalt Strike With Rhysida
Ransomware.�This report is based on data from Criminal IP, a Cyber Threat
Intelligence search engine.�Sign up for�a free Criminal IP account�today to
explore the search results mentioned in the report and delve into comprehensive
threat intelligence.Source: �Criminal IP (https://www.criminalip.io)Related
Article(s):�Chilean Army Documents Leak: Exploiting Cobalt Strike With Rhysida
Ransomware
2024.04.09
Read More
Search
UNCOVERING 57,000 QNAP NAS DEVICES EXPOSED ON THE INTERNET
Recently, Taiwanese hardware vendor QNAP successfully prevented an attack by
removing malicious servers used for brute-force attacks targeting the QNAP NAS
(Network Attached Storage) devices. This attack was possible due to the exposed
devices using weak passwords.QNAP successfully blocked hundreds of zombie IP
addresses within 7 hours using QuFirewall, a default firewall built into QNAP
devices. They also identified the source of the C�C (Command � Control) servers
within 48 hours. Fortunately, the quick responses prevented further attacks on
numerous QNAP NAS devices exposed online.Uncovering Externally Exposed QNAP NAS
DevicesThe exposed QNAP NAS devices are a regular target of brute-force attacks.
In the event of a brute-force attack, a ransomware attack is also plausible to
happen. Despite QNAP reacting quickly to mitigate attack damages, the exposed
NAS devices remain a target for attackers.By utilizing the product filter in
Criminal IP Asset Search, you can find QNAP servers connected to the
internet.Search Query:�“product:QNAP”Searching for exposed QNAP servers using
the product filter in Criminal IP Asset SearchThe search revealed more than
57,000 servers still running exposed QNAP NAS devices.While not all servers are
at risk of brute-force attacks or ransomware, attackers will prioritize
targeting externally exposed NAS devices when identifying potential victims. If
you use weak passwords on any of these devices/servers, your information could
be stolen through a brute-force attack. Moreover, you may even suffer economic
damages from a ransomware attack. Countries with externally exposed QNAP NAS
devices confirmed by Criminal IPAccording to country statistics on exposed QNAP
devices, Germany has the highest number with 6,700, followed by Italy and
Taiwan.�Even if it is not a QNAP device, all externally exposed NAS servers can
easily be targeted by attackers. Because NAS is often used for back-ups and
sharing sensitive files, it can be targeted by attackers looking to steal,
encrypt important documents, as well as install information-stealing
malware.QNAP NAS Servers Still VulnerableAmong the exposed QNAP NAS servers
searched, many servers are in a dangerous state and are prone to easily being
targeted by attackers. By blocking attackers, QNAP has mitigated recent threats,
but attackers can have different methods up their sleeves.�In the Asset Search
report below, you can observe an IP address linked to a QNAP NAS device.There
are a total of 7 open ports, a QNAP NAS device is running on port 21, and port
22 is open pertaining to several vulnerabilities. Devices that operate on IP
addresses with such vulnerabilities are more susceptible to being targeted by
attackers.Searching for vulnerable QNAP NAS servers in Criminal IP Asset
SearchIn addition to recent attacks targeting QNAP, an ongoing attack targeting
NAS servers is still occurring. Synology, another NAS manufacturer, also warns
its customers about brute-force attacks attempted through the botnet:
StealthWorker. It advises clients to be aware that successful attacks could lead
to ransomware infections and alerts users to pay close attention.To keep your
NAS devices safe, QNAP recommends changing the default access port number as
well as disabling port forwarding on the router and UPnP on the NAS device. QNAP
also urged people to implement appropriate security measures such as strong
passwords for their accounts, password policies, and disabling administrator
accounts. All businesses and organizations utilizing NAS should follow these
vendor recommendations. Furthermore, they should always use tools such as the
Criminal IP search engine or Criminal IP ASM (Attack Surface Management) to
check for exposed external devices.Also check out our article on Cisco IOS XE
Zero-Day Vulnerabilities: Uncovering Over 56,000 Exposed Devices.This report is
based on data from Criminal IP, a Cyber Threat Intelligence search engine.
�Create a free Criminal IP account today to access the search results cited in
the report and search for more extensive threat Intelligence.Source: Criminal IP
(https://www.criminalip.io)Related Article(s):Cisco IOS XE Zero-Day
Vulnerabilities: Uncovering Over 56,000 Exposed Devices
2023.12.05
Read More
Search
CISCO IOS XE ZERO-DAY VULNERABILITIES: UNCOVERING OVER 56,000 EXPOSED DEVICES
Cisco IOS XE zero-day vulnerability has recently become a hot topic in the
cybersecurity industry. This particular vulnerability was identified within the
Web UI functionality of the IOS XE software developed by Cisco. The zero-day
vulnerabilities that are being actively exploited in the actual attacks are
CVE-2023-20198 and CVE-2023-20273. Notably, CVE-2023-20198 has been assigned the
highest CVSS score of 10, with Cisco describing this vulnerability as “a
vulnerability that allows an attacker to access the victim’s system with
15-level privileges. The exploitation of the Cisco IOS XE zero-day vulnerability
proves more severe than anticipated, allowing for the execution of all commands
and changes to configuration settings. On October 16, Cisco issued a security
advisory for these vulnerabilities, highlighting that, at present, the only
recommended defense is to disable the Web UI feature of IOS XE.Cisco security
advisory on IOS XE zero-day vulnerabilities released on October 16How to Detect
Devices Exposed to Cisco IOS XE Zero-Day ThreatsTo identify devices vulnerable
to Cisco IOS XE zero-day threats, use the search query ‘WebUI Product:
“OpenResty”. This query searches for OpenResty products that run Cisco Web UI
and allows you to find Cisco IOS XE Web UI devices that can be accessed from the
internet. With the Product Filter in Criminal IP Asset Search, you can search
for the IP addresses associated with specific products.Search Query:�WebUI
product: “OpenResty”Search results for Cisco IOS XE Web UI using product filter
in Criminal IP Asset SearchThe search results discovered more than 56,000 Cisco
IOS XE devices running on OpenResty servers. Given Cisco’s global popularity,
you can see that these devices are being used all around the world. A total of
176 countries appeared to be using Cisco IOS XE Web UI devices. Among them, the
United States appeared the most with 9,599 devices, followed by the Philippines
with 4,131 devices, and Peru with 4,080 devices.Statistics on countries with
Cisco IOS XE Web UI devices confirmed by Criminal IPStatistics for Autonomous
System Related Cisco IOS XE Zero-Day DevicesWith the Criminal IP Element
Analysis, you can use the as_name filter to check the statistics for the
autonomous system using devices related to the Web UI
feature.https://www.criminalip.io/intelligence/element-analysis/search?query=WebUI+product%3A+%22OpenResty%22�category=asset�element=as_name
Statistics for autonomous system related to Cisco IOS XE Web UI devices
confirmed by Criminal IP Element AnalysisThe autonomous systems that topped the
statistics charts were ISPs providing internet access to households and
companies. Filipino telecommunication company Globe Telecoms appeared the most
with 2,607 devices, followed by Chilean telecommunication company CTC Corp S.A.
Telefonica Empresas with 2,334 devices, and Peruvian telecommunications company
America Movil Peru S.A.C with 2,113 devices.�No security patch has been released
for the existing Cisco IOS XE Web UI zero-day vulnerability. Ongoing research is
investigating the potential for further exploits. If you use a Cisco IOS XE
device, we recommend staying informed by checking the latest security advisories
on�the official site.Check out the article on the�MOVEit Zero-Day: Detecting
Servers Exposed to Data Leak Attacks.This report is based on data from Criminal
IP, a Cyber Threat Intelligence search engine. �Create a free Criminal IP
account today to access the search results cited in the report and search for
more extensive threat Intelligence.Source: Criminal IP
(https://www.criminalip.io) Related article(s):�MOVEit Zero-Day: Detecting
Servers Exposed to Data Leak Attacks
2023.11.10
Read More
Search
BEST PRACTICES
FRAUD DETECTION METHODS ACCORDING TO THE FEDERAL RESERVE’S FRAUDCLASSIFIER MODEL
In this article,�the FraudClassifier model in a press release issued by the U.S.
Federal Reserve�will be explored, along with its implications.Excerpt from the
Press Release of the FraudClassifier Model Announced by the Federal Reserve in
the United StatesThe Need for a FraudClassifier Model�The Fed
2024.05.24
NEGLECTED BASIC FRAUD RESPONSE STRATEGIES: INSIGHTS FROM CREDIT CARD COMPANIES
According to recent coverage in a South Korean daily newspaper, users of a
prominent South Korean credit card company (referred to as “Company A”) found
themselves victim to unauthorized transactions totaling thousands of dollars on
popular domestic online shopping platforms like Coupang and 11Stree
2024.04.18
USE CASE OF CRIMINAL IP FDS ANOMALY DETECTION SOLUTION IN AN E-COMMERCE
COMPANY
Criminal IP FDS is an AI-based fraud detection solution that is used in various
fields such as finance and banking, e-commerce, online games, government and
public services, and insurance.�In this article, we introduce customer insights
and a case study on how Criminal IP FDS improved E-commerce com
2024.03.27
USE CASE OF CRIMINAL IP FDS CREDENTIAL STUFFING PREVENTION SOLUTION IN AN ONLINE
GAMING COMPANY
Criminal IP FDS is an AI-based fraud detection solution that is used in various
fields such as finance and banking, e-commerce, online games, government and
public services, and insurance.In this article, we introduce customer insights
and a case study on how Criminal IP FDS improved online gaming c
2024.03.25
WHAT'S NEW ON CRIMINAL IP
2024.06.14[#Criminal_IP v1.58.1 Release Note] Newly Added Domain Search Open API
New API Integration – Snowflake, AWS Marketplace, Azure Marketplace, Naver Whale
UI/UX Update for My Information Plan Details For more details, please check the
release note
https://blog.criminalip.io/2024/06/14/criminal-ip-v1-56-1-2024-06-13-release-note/…
https://t.co/PNAjXHINzr2024.05.09[#Criminal_IP v1.56.1 Release Note] Changed
restrictions on search/view/scan counts and available features for non-logged-in
and Free membership plan users More and various data are accessible starting
with the Lite plan. Please check more details
https://blog.criminalip.io/2024/05/09/criminal-ip-v1-56-1-2024-05-09-release-note/…
https://blog.criminalip.io/2024/05/09/criminal-ip-v1-56-1-2024-05-09-release-note/2024.04.25[#Criminal_IP
v1.55.1 Release Note] Updated Free membership plan's features and Pricing page
Added Quad9 API Integration Added C2 tags Data added to Domain Search File
exposure Please check more details
https://blog.criminalip.io/2024/04/25/criminal-ip-v1-55-1-2024-04-25-release-note/…
https://blog.criminalip.io/2024/04/25/criminal-ip-v1-55-1-2024-04-25-release-note/2024.03.28[#Criminal_IP
v1.53.1 Release Note] Criminal IP FDS Page Opened Criminal IP Menu and Footer
Redesigned Two-step Authentication for Login Added Domain / Asset Search API
Error Code Added Please check more details
https://blog.criminalip.io/2024/03/28/criminal-ip-v1-53-1-2024-03-28-release-note/…
https://t.co/nupMP1ZFSx
Subscribe
CYBERSECURITY NEWS
2024.07.08Apache fixed a source code disclosure flaw in Apache HTTP Server
The Apache Foundation addressed a source code disclosure vulnerability, tracked
as CVE-2024-39884, in the HTTP Server.
2024.07.05Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour
Ticket Data
The ShinyHunters hacker group claims the Ticketmaster breach is far bigger than
previously anticipated, stealing 193 million barcodes, including 440,000 Taylor
Swift tickets. Valued at $22 billion, they now demand $8 million from
LiveNation!
2024.07.03OVHcloud blames record-breaking DDoS attack on MikroTik botnet
OVHcloud, a global cloud services provider and one of the largest of its kind in
Europe, says it mitigated a record-breaking distributed denial of service (DDoS)
attack earlier this year that reached an unprecedented packet rate of 840
million packets per second (Mpps).
API INTEGRATION
We provide straightforward, easy-to-use APIs that are designed to block
risk-scored IPs or malicious domain links. Use Criminal IP code samples to
seamlessly integrate all other functions and the database in your organization's
infrastructure.
Get StartedCode Samples
* Identification of VPN/hosting/Tor of the accessed IP
* Detection of malicious domain links
* Management of attack surface vulnerabilities within an organizational
infrastructure
→ root@criminalip ~ % |
{
"ip": "8.8.8.8",
"score": { "inbound": "Moderate", "outbound": "Low" },
"country": "United States",
"country_code": "us",
"region": "California",
"city": "Los Angeles",
"isp": "GOOGLE",
"org_name": "Google",
"as_no": 15169,
"postal_code": "90009",
"latitude": 34.0544,
"longitude": -118.2441,
"status": 200
}
→ root@criminalip ~ % |
HOW API WORKS
Criminal IP’s API integration will detect and block potential malicious users
accessing login services in real time.
FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP
Frequently Asked Questions
What is Criminal IP?
Criminal IP is a Cyber Threat Intelligence (CTI) search engine that scans the
open ports of IP addresses worldwide daily to discover all devices connected to
the Internet. Using AI-based technology, it identifies malicious IP addresses
and domains and provides a 5-level risk assessment. The data is indexed with
various filters and tags for effective searching. Additionally, it can be
integrated with other systems through an API.
What are some functions of Criminal IP?
You can search for vulnerabilities and all devices connected to the Internet,
such as IP addresses, domains, IoT, and ICS. It provides four search functions:
Asset, Domain, Image, and Exploit, and five intelligence functions: Banner
Explorer, Vulnerability, Statistics, Element Analysis, and Maps, along with an
API.
Where can Criminal IP be used?
Criminal IP allows you to search or inquire via an API threat intelligence on
all devices, servers, and domains connected to the Internet. It can be used for
cyber security, attack surface management, penetration testing, vulnerability
and malware analysis, as well as for investigation and research. For example,
when a new vulnerability or ransomware is discovered, you can determine how many
PCs or servers are vulnerable or infected, and check whether the IP address or
domain in use is also vulnerable. Additionally, it scans in real-time for
malicious URLs generated by hackers and phishing URLs, allowing you to analyze
threat information without directly accessing them. To see more examples on how
to use Criminal IP, please refer to the Best Practice page.
How frequently does Criminal IP update data?
Criminal IP constantly collects and updates data in real-time.
Which Internet browsers can be used for Criminal IP?
As Criminal IP is a web-based search engine, it is accessible via computers,
mobile devices, and tablets. It is specially optimized for Chrome browsers.
Do I need a separate program installation?
Criminal IP does not require a separate program installation. It is available as
a SaaS service, accessible from anywhere with Internet access via web, tablet,
or mobile devices.
Do you have any sample codes for Criminal IP?
Criminal IP provides sample codes for each Search and Intelligence function,
including API. For more information, please refer to the Sample Code page.
How do I create a Criminal IP account?
You can create a Criminal IP account on the Register page using your email,
Google, or Twitter account.
I want to change my account email.
Once an email account is created, you cannot change your registered email. If
you still need to change it, please contact Customer Support.
I would like to receive recent news about Criminal IP.
Follow Criminal IP's official Twitter account to receive the latest news about
Criminal IP. In addition, you can receive the weekly Criminal IP newsletter by
activating the 'Subscribe to the CIP Newsletter' checkbox on the My Information
page.
Criminal IP Search Quick Guide
What is "Asset Search"?
Asset Search is a search feature that provides the risk level of an IP address
in 5 stages and comprehensive information including Domain, Open Ports,
vulnerabilities, WHOIS information, and screenshots associated with that IP
address. For more information, please refer to the Asset Search page.
What is "Domain Search"?
Domain Search is a search feature that provides information about URLs. By
scanning a URL, you can check in real-time whether a site is a phishing site or
contains malware, as well as the connected IP addresses, subdomains, network
logs, and technologies that were used. For more information, please refer to the
Domain Search page.
What is "Image Search"?
Image Search is a search feature that provides image information on devices,
websites, and corporate or personal information that are exposed to the
Internet. For more information, please refer to the Image Search page.
What is "Exploit Search"?
Exploit Search is a search feature that maps exploitable vulnerabilities based
on searches for CVE IDs, vulnerability types, platforms, and more in real-time.
For more information, please refer to the Exploit Search page.
What is "Banner Explorer"?
Banner Explorer is an intelligence feature that provides threat intelligence
information classified into product and service categories such as
cryptocurrency, database, and IoT. For more information, please refer to the
Banner Explorer page.
What is "Vulnerability"?
Vulnerability is an intelligence feature that provides information on attack
surface exposure and vulnerability of assets via classification by CVE ID and
product name, which helps proactively monitor vulnerabilities of the
applications in use. For more information, please refer to the Vulnerability
page.
What is "Statistics"?
Statistics is an intelligence feature that provides a dashboard with 10-day
statistical graphs that determine the maliciousness of IP addresses and domain
information, as well as the presence of VPNs. For more information, please refer
to the Statistics page.
What is "Element Analysis"?
Element Analysis is an intelligence feature that provides the results of
analyzing assets and vulnerability data according to the desired filters and
elements. For more information, please refer to the Element Analysis page.
What is "Maps"?
Maps is an intelligence feature that provides a visual representation of the
country and location information for an IP address on a map, as well as
statistics by AS name, product, and country. For more information, please refer
to the Maps page.
Which filters are available for "Asset Search"?
Asset Search provides filters to enhance search accuracy and convenience. Please
refer to the Filters page.
Which filters are available for "Image Search"?
Image Search provides filters to enhance search accuracy and convenience. Please
refer to the Filters page.
Which filters are available for "Exploit Search"?
Exploit Search provides filters to enhance search accuracy and convenience.
Please refer to the Filters page.
Which tags can I use for "Asset Search"?
Asset Search provides tags to enhance search accuracy and convenience. Please
refer to the Tags page.
Which tags can I use for "Image Search"?
Image Search provides tags to enhance search accuracy and convenience. Please
refer to the Tags page.
What categories are searchable through "Banner Explorer"?
Banner Explorer provides category-specific searches for cryptocurrencies,
databases, industrial control systems, IoT, network infrastructure, and video
games. For more information, please refer to the Banner Explorer page.
Which products are searchable through "Vulnerability"?
Vulnerability provides various major product categories such as MySQL, Linux,
WebLogic Server, and HTTP server that help you easily search for vulnerabilities
in specific products. For more information, please refer to the Vulnerability
page.
What can I search for on the "Element Analysis" page?
You can search for all assets and vulnerabilities collected by Criminal IP by
country, service, ASN, product, and port number.
API Quick Guide
Where can I get an API Key?
You can copy your API Key on the My Information page after signing up and
logging in to your account.
Where can I get the API codes?
You can use API codes for each function on the API page.
Do I need to use a separate software for API?
No separate software is required.
How do I make API calls?
After copying the issued API Key, you can use the command line on the API page
or use various application codes in the GitHub to call the API and check the
results as a JSON response.
Is there a limit on the number of API calls?
The number of available API calls varies depending on the credits provided by
each plan. Please refer to the Pricing page for the number of credits provided
by each plan.
What is the API call speed?
When using the Enterprise plan, high-speed APIs within 1 second are supported.
For more information, please refer to the Pricing page.
Which data can be provided through the API?
All threat intelligence of Criminal IP is equally provided as APIs. For more
information, please refer to the API page.
How can the Criminal IP API be utilized?
Criminal IP API can be easily applied to databases and security systems in use.
It can be used to block account takeover, credential stuffing, and malicious
access by determining the maliciousness and vulnerability information of IPs and
domains in real-time, and protect customers and assets.
Questions for Membership
Do you have a free plan?
If a customer creates an account but does not pay for a plan, the Free
Membership plan will be automatically applied. Free Membership provides a
certain amount of credits that can be used to access Criminal IP features. Once
all the free credits have been used, customers can upgrade to a paid plan at any
time. Upgrading to a paid plan will provide access to more search criteria and
search results.
What if the free plan does not meet my needs?
You can use three paid plans for monthly subscriptions, Lite, Medium, and Pro.
These plans offer a much larger amount of credits than the Free Membership plan
and allow you to use more features and filters. Additionally, with the
Enterprise plan, you can use all features without any limit on data volume. For
more information, please refer to the Pricing page.
Is it possible to get unlimited access to the database?
Yes, it is possible. With the Enterprise plan, you can use all the data and
features without any limitations. For more information, please refer to the
Pricing page.
How can I check my payment information?
You can check your current paid plan, payment history, and payment method
information on the My Order page.
What if I want to change my plan?
If you are currently using the Free Membership, you can choose the appropriate
plan on the Pricing page to start subscribing to a paid plan. If you are already
using a paid plan, you can change or cancel your plan on the
Which payment methods are accepted?
Criminal IP offers various payment methods by country. Credit card payment is
available by default and simple payment methods such as PayPal are supported.
Enterprise customers can Contact Us to select a separate payment option.
I want to cancel my plan.
You can cancel your plan anytime on the My Order page after logging in to
Criminal IP. Even if you cancel your plan, you can continue to use the service
until the next regular payment date. If you have any additional questions
regarding plan cancellation, please contact customer support at any time.
I want to delete my account.
After logging into your account, you can access the membership withdrawal page
and proceed after agreeing. When you delete your account, all your search and
account history as well as remaining credits will be deleted and permanently
removed.
I have a question about the Enterprise plan.
Please contact us through the Contact Us page.
More questions?
What if I have other questions?
If you already have a Criminal IP account, please contact us through the
customer support page for inquiries. For inquiries regarding the Enterprise
membership, or if you do not have an account, please contact us through the
Contact Us page.
go to top
PRIVACY
We use cookies to provide you with the best experience on our websites. Click
‘Accept All’ to accept all cookies. If you want to choose which others we use,
you can do so through 'Cookie settings'.
Please see our Cookie Policy for more information.
Cookie SettingsAccept All
* Search Engine
Search
Asset SearchDomain SearchImage SearchExploit Search
Intelligence
Banner ExplorerVulnerabilityStatisticsElement AnalysisMapsHacking Group
(Actors)
* Products
Criminal IP ASM
Criminal IP FDS
Chrome Extension
* Resources
Developer
Best PracticeFilters, TagsAPICode SamplesAPI IntegrationsGitHub Reference
Blog
* About
AI Spera
Partners
* Contact Us
Contact Us
Bug Bounty
Contact Ussupport@aispera.com
v1.59.1 - 2024.06.27
© 2024, All Rights Reserved - AI Spera Inc.
Terms of Use
Privacy Policy
Cookie Policy