www.criminalip.io
Open in
urlscan Pro
2606:4700:10::ac43:84a
Public Scan
Submitted URL: http://criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On January 20 via manual from KR — Scanned from DE
Effective URL: https://www.criminalip.io/
Submission: On January 20 via manual from KR — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="form">
<div class="searchStyle__SearchInputWrap-sc-r3o27t-5 lggsSQ SearchInputWrap "><input data-role="inputbox" maxlength="100" placeholder="Try to search assets with the following filter examples below" value="" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-r3o27t-6 cquKTG"><button type="submit" title="search" class="searchStyle__SearchButton-sc-r3o27t-7 itaEil"></button></div>
</form>Text Content
Cybersecurity Search Engine | Criminal IP
* Search
* Intelligence
* Attack Surface Management
* Developer
* Resource
* About
* English
* English
* 日本語
* 한국어
* Beta service
* LoginRegister
SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET.
SEARCH FOR INFORMATION ON COMPUTERS
CONNECTED TO THE PUBLIC INTERNET.
Top10KeywordIP
10
10163
10
211.107.37.201
1
audiocodes
1
134.68.234.220
2
webcam
2
68.168.93.147
3
AudioCodes
3
121.158.54.211
4
"200 ok"
4
43.200.95.128
5
"200 OK"
5
210.109.42.230
6
uhttpd
6
103.221.220.165
7
"작동"-KTKi
7
134.68.234.26
8
boundary=BoundaryString
8
185.46.246.106
9
50603
9
92.217.147.100
10
10163
10
211.107.37.201
1
audiocodes
1
134.68.234.220
AssetDomainImageCertificateExploit
AssetDomainImageCertificateExploit;
Look up my IP addressCreate a Free Account
CYBERSECURITY REPORT
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of
the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is
related to X.509 Email Address Buffer Overflow. Especially when handling
Punycode, a X.509 certificate verification name constraint check fea
November 17th 2022
Cybersecurity Report
WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE
Open-source web servers, especially Apache HTTP server, has seen an tremendous
increase in the number of vulnerabilities which hackers have been consistently
exploiting since 2017. Hackers exploit various vulnerabilities to attack web
servers, with one of the targets being web servers installed as s
November 9th 2022
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of
the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is
related to X.509 Email Address Buffer Overflow. Especially when handling
Punycode, a X.509 certificate verification name constraint check fea
November 17th 2022
Cybersecurity Report
WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE
Open-source web servers, especially Apache HTTP server, has seen an tremendous
increase in the number of vulnerabilities which hackers have been consistently
exploiting since 2017. Hackers exploit various vulnerabilities to attack web
servers, with one of the targets being web servers installed as s
November 9th 2022
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of
the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is
related to X.509 Email Address Buffer Overflow. Especially when handling
Punycode, a X.509 certificate verification name constraint check fea
November 17th 2022
Cybersecurity Report
WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE
Open-source web servers, especially Apache HTTP server, has seen an tremendous
increase in the number of vulnerabilities which hackers have been consistently
exploiting since 2017. Hackers exploit various vulnerabilities to attack web
servers, with one of the targets being web servers installed as s
November 9th 2022
CRIMINAL IP SEARCH TIP
KIOSK HACKING: TIPS TO IMPROVE YOUR KIOSK SECURITY
A kiosk is a small machine with an interactive display screen that businesses
place in public areas such as government agencies, banks, department stores, and
restaurants to provide information or offer self-service options. The use of
kiosks keeps increasing in corporates and organizations for its advantages like
self-service.As risks always accompany new technologies, security threats to
kiosks are constantly raised. Kiosks are very suitable to be targeted by
attackers because they store and process personal information as their primary
purpose is reservation and payment services. Some kiosks are sold without
adequate security measures installed. There are several other ways to hack
kiosks. However, this article deals with detecting kiosk systems and admin pages
exposed to attack surfaces to prevent threats.�Admin Page of the Kiosk Exposed
on the InternetOne of the reasons for kiosk hacking is the exposed kiosk admin
page on the internet. Kiosk distributors or organizations using kiosks offer
services like reservation and payment to the end user. The kiosk must block
external access, and the admin page has to be secured with an authentication
system.However, several kiosks are exposed to attack surfaces, and you can find
those by searching the keyword ‘Tile: Kiosk management console UI‘ on the OSINT
search tool Criminal IP.Search Query :�Title: Kiosk management console
UIhttps://www.criminalip.io/asset/search?query=title%3AKiosk+management+console+UIThe
search result of exposed kiosk management systemWith the other keyword, “Title:
KIOSK Management System“, it was possible to find the website that shows the
admin page of the kiosk like the image below.Search Query :�Title: Kiosk
Management
Systemhttps://www.criminalip.io/asset/search?query=Title%3A+Kiosk+Management+SystemThe
kiosk admin page exposed on the internet. The kiosk exposed to cyber
threats.Also, you can search�“Title: Kiosk Terminal Management System“�and get
the below result with information for the authentication page of the
kiosk.Search Query:�Title: KIOSK Terminal Management
Systemhttps://www.criminalip.io/asset/search?query=%22Kiosk%20Terminal%20Management%20System%22The
result of searching ‘Title: Kiosk Terminal Management System’ on Criminal IP
Asset SearchAuthentication page of the kiosk system is accessible from the
outside and is exposed to kiosk hacking threatsTargeting the Kiosk Operated by
Specific CorporateHackers can find the kiosk that operates by a specific company
or organization.�If they succeed, hackers can cause system errors, take customer
information from a connected server, and even infiltrate the main server for a
severe attack.By adding ‘Hotel’ with the keyword, it was possible to find the
kiosk system of a hotel located in Malaysia.Search Query: Title: Uptown Kiosk –
Hotel
Systemhttps://www.criminalip.io/asset/search?query=title:%20Uptown%20Kiosk%20-%20Hotel%20SystemThe
kiosk authentication page, Hotel located in MalaysiaEven you can find the kiosk
with the specific title of the company by searching it with the keyword above.
The image below shows the information on the German vehicle company’s kiosk
system in Korea.Result on Criminal IP Asset Search for vehicle manufacturer ‘V”s
kiosk systemThe kiosk authentication page of vehicle manufacturer ‘V’, Exposed
on the internetKiosk without Authentication, Easy to HackThe kiosk system
exposure is a critical security issue.�We even found the kiosk system without a
proper authentication procedure. It was defenseless. The website searched on CIP
seems to be a kiosk system for company S. It shows a critical security issue
that allows one to enter the website without the authentication procedure.�The
kiosk system for Large Enterprise ‘S’, Possible to access without
authenticationThe image below is the theater admin system for a kiosk.�It can be
accessed without authentication, making it vulnerable to hacking.Theater kiosk
admin page, Possible to access without authenticationThe purpose of kiosk is to
increase the efficiency of the company and the convenience of the customer.
However, it is necessary to keep it safe from the cyber attacks to avoid severe
damage. The fact that various IoT devices such as kiosks can be easily found
through the OSINT tool means that hackers can also easily attack assets that are
exposed to the attack surface.�Enterprises and institutions are advised to
thoroughly ensure that all assets are exposed with an attack surface management
solution such as Criminal IP ASM, and consider security when introducing IoT
equipment such as kiosks.�If the kiosk is outdated, consider replacing it. Also,
you should check the regular security patch updates for kiosk system.Please
refer to Default welcome page exposure: A Significant Security Risk, for more
information.Source :�Criminal IP (https://www.criminalip.io/)Related article
:�Default welcome page exposure: A Significant Security Risk
January 13th 2023
Read More
Search
CHECK ‘FLIPPER ZERO (HACKER’S TAMAGOCHI)’ PHISHING SITE
Flipper Zero, a portable multitool for pentester is priced at $200, is a popular
product that has recently been sold out among penetration testers and hackers.
This, called ‘hacker’s Tamagochi’ due to its appearance, has been reviewed on
various security communities such as TikTok, Twitter, and Telegram. Popularity
skyrocketed, and ‘Flipper zero’ is flying off the shelves in an online store. A
recent article by Bleeping Computer reported that phishing attackers seek
chances, from this situation, to fool customers through ‘Flipper Zero’ Phishing
site that look like official sales sites to induce people to pay in
cryptocurrencies such as Bitcoin. Of course, a purchaser will get nothing.It’s
an interesting irony that these hackers are targeting hackers, penetration
testers and security researchers vying to purchase Flipper Zeroes for
themselves.Flipper Zero Phishing Site vs. Official SiteWe visited several
Flipper Zero phishing sites found on SNS like Twitter.They camouflage with
similar URLs and favicons that, if you are not a frequent visitor, it is almost
impossible to notice the phishing site as below.�Flipper Zero phishing
siteOfficial Flipper Zero online storeFlipper Zero phishing site (Left) and
Official Flipper Zero online store (Right)Smart Way to Check Fake Flipper Zero
WebsitesWe can spot differences between the official site and the phishing sites
in the URL, page UI, logo, etc.A more accurate and faster way to check is to use
the OSINT search tool.�On Criminal IP’s Domain Search,
input�‘flipperzerovendoronline[.]com‘, or ‘flipperzeroinstock[.]net‘�which is
not yet known as phishing on Twitter and other�social networks.��Then it will
lead you to the result below.flipperzerovendoronline[.]com Search Results
:�https://www.criminalip.io/domain/report?scan_id=2878623flipperzeroinsock[.]net
Search Results :�https://www.criminalip.io/domain/report?scan_id=2880403Search
Results of Flipper Zero Phishing Site on Criminal IPThe result shows that
phishing sites are using malicious domains, and the algorithm tells us the
phishing probability is over 50%.In particular, the Newborn Domain information
shows that it has been for one and a half months. Still, there are attempts to
generate new ‘Flipper Zero’ phishing sites that recommend being aware of the
OSINT tool to prevent being a victim.Some detecting tools for phishing rely on
user reports, Google results, and phishing check websites, but these are the
reactive approaches that only can detect after being reported. In other words,
it is impossible to detect newborn phishing sites.Domain Search results of
malicious IP associated with Flipper Zero phishing site of screenshotsCriminal
IP, a proactive way of detecting phishing sites, shows real-time screenshots,
technology used, and mapped IPs on ‘Domain Search’. This includes recently
emerging domains.Flipper Zero Phishing Attack Likely to SpreadIn TikTok, a video
platform, several users review the ‘Flipper Zero’ to upload hacking videos and
get thousands and millions of views. ‘Flipper Zero’ gets famous not only to
hackers but also to generals, so it is necessary to be aware of ways to check
phishing sites to prevent being victims.Also, the fact that such phishing damage
continues is one of the reasons why phishing prevention methods using the OSINT
search engine are necessary not only for those in security-related occupations
but also for general internet users.Check out this article on�Instagram Phishing
Scams�for relevant information.
January 6th 2023
Read More
Search
IP CAMERA HACKING – A NIGHTMARE TO YOUR IOT CHRISTMAS GIFTS
Christmas, which many people look forward to, is the peak season for hackers to
spread malware, leak information, and conduct phishing scams. With all the
end-of-year celebrations and public holidays, there is a lack of security staff
monitoring the increase in online shopping and congratulatory messages being
sent. Hackers will take advantage of the loosening cyber defenses and carry out
cyber crimes. In particular, IoT and smart home products, which are becoming
increasingly popular Christmas gifts, are good targets for hackers to exploit.
Therefore, it is important to be careful of IoT and IP camera hackings that may
occur. If you happen to come across an incredibly cheap Christmas special-priced
IoT device, be careful, as devices sold at affordable prices often suggest that
they have security flaws.For example. an IP camera called Wireless IP Camera
(P2P) WIFICAM has an authentication bypass vulnerability (CVE-2017-8225), so
there have been many cases where the product was found to be infected with
botnets. Smart products with security flaws allow hackers to easily hack into
users’ accounts and access all their information. In all the IP cameras, AI
speakers, and cordless vacuum cleaners sold on Amazon, eBay, and AliExpress,
there is a good chance that it has already been hacked and is being used with
malicious intent.IP Cameras With Sub-Par Authentication Settings Are the Primary
Targets�Hackers who hack robot vacuum cleaners and IP cameras monitor the homes
of their victims or illegally distribute videos of them.�Devices that do not
have login authentication enabled or use a default password without changing
them are usually the prime target of attacks.�Searching for exposed IP cameras
on the internet using�Tag:�IP Camera�on�Criminal IP Asset Search�gives a total
of 428,473 results.�[Criminal IP Search 101 – How to Find Exposed IP
cameras]https://www.criminalip.io/asset/search?query=tag%3A+%22IP+Camera%22Search
Query :�Tag:�IP CameraSearch For “tag: IP Camera” on Criminal IP Gives a Total
Result of 428,473 Exposed IP Camera ServersIn some cases, hacked IP camera
screens can be viewed without any login authentication.� �Hacked IP Camera
Screen Exposed to the Internet Without Any Login AuthenticationIoT Quitely
Becoming Infected Like a ZombieIf a vulnerability is found in an IoT device,
attackers can use the vulnerability to infect and inject malicious code. This
makes a zombie device for DDoS attacks.Inputting IoT keywords into the tag
filter helps you to identify exposed IoT products and
vulnerabilities.https://www.criminalip.io/asset/search?query=tag%3A+IoTSearch
Query :�Tag:�IoTSearch For “tag: IoT” on Criminal IP Gives a Total Result of
46,737 Exposed IoT ServersAmong them, one IoT device was discovered to have as
many as 39 vulnerabilities. This is something hackers can exploit for another
cyber attack or sell information about the device on the dark web.�Exposed IoT
Server Intelligence Analysis Results, Found to have a Total of 39
VulnerabilitiesIoT Product,�IP Camera Hacking Prevention ChecklistTo ensure an
exciting Christmas, not a security nightmare, the following security protocols
should be implemented:Use products that are known to be secure�Set up login
authentication on devices and use complex passwords. Remember to change
passwords from time to time.Ensure all product software is updated to the latest
version Most importantly, it is imperative to regularly use Criminal IP to
ensure that your IoT is not exposed to the internet or has any
vulnerabilities.Please refer to our ‘Criminal IP Analysis Report on Overlooked
Multi-Function Printer Vulnerability’ article for more information on IoT device
vulnerability. Source : Criminal IP (https://www.criminalip.io)Related
Article(s) :�Criminal IP Analysis Report on Overlooked Multi-Function Printer
Vulnerability
December 22nd 2022
Read More
Search
COBALT STRIKE BEACON: FINDING INFECTED BOTNET SERVERS
There have been multiple instances of Cobalt Strike (a penetration testing tool)
being used maliciously for ransomware attacks or intrusion into company’s
internal systems. This method of attack consists of using a botnet to distribute
Cobalt Strike malware and using ransomware and PC attacks to do so. This
article, therefore, discusses methods for finding web servers infected with
Cobalt Strike (for legal pentesting or due to malicious intent) with Criminal
IP.What is Cobalt Strike?Cobalt Strike is a paid penetration testing service,
and plenty of Red Team users use this software to simulate penetration
attacks.Cobalt Strike is a tool used for penetration testingHowever, not
everyone uses Cobalt Strike in legally. Cyber attackers use a pirated version of
this application to launch attacks on vulnerable servers. Because of this,
Cobalt Strike is both classified as a useful pentesting tool and malware
simultaneously. The legal distribution of this pentesting tool means that it’s
harder to determine malicious attacks launched by this software. Because of
this, the Google Cloud Threat Intelligence team recently released opensource
YARA rules for determining malicious Cobalt Strike attacks.Detect BotNet Servers
Infected With Cobalt Strike MalwareWhile we can determine Cobalt Strike attacks
through open source YARA rules, there is an easier way to find servers infected
with this form of malware. It’s simply a matter of using the Tag filter in
Criminal IP’s Asset
Search.https://www.criminalip.io/ko/asset/search?query=tag:%20Cobalt%20StrikeSearch
Query :�“tag: Cobalt Strike”Results shown for “tag: Cobalt Strike” on Criminal
IPAs shown in the results, there are a total of 102 servers infected with Cobalt
Strike out of all external servers. These 102 servers can be considered botnet
servers already infected with Cobalt Strike malware. Of course, they may include
the legally used Cobalt Strike, so not all of them can be judged as attacks.
However, the discovered servers are either allowing access to internal systems
or are highly likely to be infected with ransomware.Statistics Show that Country
with most servers infected with Cobalt Strike Malware is ChinaA total of 54
botnet servers are located in China, making it the country that owns most of the
Cobalt Strike malware-infected
servers.https://www.criminalip.io/ko/intelligence/element-analysis/search?query=tag%3A+Cobalt+StrikeCountry
statistics shown on Criminal IP determine that China owns the most Cobalt Strike
infected serversFurthermore, port statistics show that most servers have
infected port 80 or
8080.https://www.criminalip.io/intelligence/element-analysis/search?query=tag%3A+Cobalt+StrikeStatistics
shown regarding open ports of Cobalt Strike infected servers. As shown above,
most of them have infected port 80Cobalt Strike Beacon Malware-Infected BotNet
ServersWe can further analyze the IP intelligence of BotNet IP Addresses with
Beacon installed by Cobalt Strike through Criminal IP Asset Search.IP
Intelligence analysis results of BotNet servers infected with Beacon malware by
Cobalt StrikeThis IP address’s Inbound Critical Scoring yield a danger level of
99%. This is because Criminal IP detected that this IP could be used in a cyber
attack, or was used for it. Check the Cobalt Strike tag in TCP 80 of available
Banner Information to find Cobalt Strike data associated with the server.Data
about Cobalt Strike is included in Banner Information along with BotNet IP
address and open Port 80As shown above, Criminal IP can easily find servers
infected with Cobalt Strike Beacon. This can be detected through the Criminal IP
Search Engine. Users can automatically detect infected servers with APIs.
Furthermore, information about these infected BotNet servers can be gathered to
create an Inbound IP Blacklist to prevent these servers from spreading
malware.For more content related to this discussion, check out this article
about Cryptojacking, and how your device could potentially be mining crypto
behind your back.Source : Criminal IP (https://www.criminalip.io/)Related
Article(s) :�Cryptojacking : Your Device is Mining Crypto Behind Your Back
November 24th 2022
Read More
Search
BEST PRACTICES
CRIMINAL IP, SPLUNK INTEGRATED FDS APP RELEASED
If you are a Criminal IP and Spunk user,�here’s good news! The Criminal IP and
Splunk integrated app that integrates the log analysis platform Splunk dashboard
and the Criminal IP FDS (Fraud Detection System) API function has been
released.You can now download�Criminal IP FDS�from�Splunkbase�and mon
December 15th 2022
IP INTELLIGENCE: HOW TO HANDLE IP ADDRESSES THAT ATTEMPT TO CIRCUMVENT ANTI-SPAM
SYSTEM
In order to stop spam mails, it is common for companies to have several
anti-spam systems and spam filters implemented in their mail servers.
Nevertheless, there are many cases where anti-spam system are often bypassed.�In
order to bypass the anti-spam system, attackers use official mail services fr
October 11th 2022
ATTACK SURFACE MANAGEMENT: MONITORING UNKNOWN ASSETS AND VULNERABILITIES
It is well-known that most companies utilize various network equipment,
databases, applications, and domains and that these IT properties often operate
under a myriad of IP addresses and ports. Hackers with malicious intent, with
this knowledge, begin their methods of infiltration by searching for o
August 16th 2022
OPEN PORT VULNERABILITY DETECTION: THE MORE OPEN PORTS YOU HAVE, THE MORE CYBER
THREATS EXIST
Global IP address data collected by Criminal IP (https://www.criminalip.io)
includes synthetic CTI intelligence which is including connected domains and
Whois information, location information, vulnerabilities and port
information. Port is primarily used in software as a unit to distinguish between
August 4th 2022
WHAT'S NEW ON CRIMINAL IP
January 19th 2023[#Criminal_IP v1.12.1 Release note] Pages for IP address ranges
added. You can check the list of all IPv4 addresses and the details. For your
convenience, we added new functions for Asset Search and Domain Search.
https://t.co/Jw6Tn2AWXK #OSINT #Cybersecurity #Infosec #CTI #ASMJanuary 10th
2023[#Criminal_IP v1.10.1 Release Notes] For better individual support, new
features have been updated: File Attachment Functions, Thread system for
additional inquiries, and Ticket status for reponses. Check out the full details
of our release notes. https://t.co/mw3VDr2GKIDecember 9th 2022[#Criminal_IP
v1.5.1 Release Notes] More Domain Search and APIs are available for Criminal IP
Beta members! Credits for Domain Searche are granted separately, increasing from
10 per day to 1,000 per month. https://t.co/3erQj6IaiX #cybersecurity #Sandbox
#domain #jarmNovember 22nd 2022[#Criminal_IP v1.3.1 Release Notes] New Domain
Search’s Top 10 Ranking and Report Download features added. New features and
data are available now on Criminal IP. https://t.co/fBBJLzZUbP #Domain #HTTP
#malware #CobaltStrike
Subscribe
CYBERSECURITY NEWS
January 15th 2023CircleCI says hackers stole encryption keys and customers'
secrets
In a post-mortem, CircleCi blamed malware stole an employee's session token
allowing intruders to access customer data.
January 14th 2023Cacti Servers Under Attack as Majority Fail to Patch Critical
Vulnerability
A critical vulnerability is being actively exploited in the wild and a majority
of internet-exposed servers have not been patched yet.
January 12th 2023Fortinet: Govt networks targeted with now-patched SSL-VPN
zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day
vulnerability patched last month in attacks against government organizations and
government-related targets.
API INTEGRATION
We provide straightforward, easy-to-use APIs that are designed to block
risk-scored IPs or malicious domain links. Use Criminal IP code samples to
seamlessly integrate all other functions and the database in your organization's
infrastructure.
Get StartedCode Samples
* Identification of VPN/hosting/Tor of the accessed IP
* Detection of malicious domain links
* Management of attack surface vulnerabilities within an organizational
infrastructure
→ root@criminalip ~ % |
{
"ip": "5.5.5.5",
"score": { "inbound": 0, "outbound": 0 },
"country": "de",
"country_code": "de",
"isp": "O2 Deutschland",
"status": 200
}
→ root@criminalip ~ % |
HOW API WORKS
Criminal IP’s API integration will detect and block potential malicious users
accessing login services in real time.
FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP
Criminal IP Overview
What is Criminal IP?
Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that
allows users to search for various security-related information such as
malicious IP addresses, domains, banners, etc. It can be widely integrated with
other security systems through consumer-grade web UI and API interface to search
for malicious IP addresses, specific IP address history with risk-based scoring
based on AI Spera's proprietary algorithm. Fast display of search results and
optimized system communications satisfy the needs of end users accessing the
Live Service and Integration.
What are some features of Criminal IP?
Search for all your digital assets and vulnerabilities connected to the
internet, such as IPs, domains, IoTs, and ICS.
What can the Criminal IP search engine be used for?
Criminal IP search engine provides comprehensive information on IT asset
exposure, risk, vulnerabilities, and history of malicious IPs from the outside,
all of which enable you to make better data-informed decisions against
cyberthreats. For more details, please see the Developer > Best Practices page.
How frequently does Criminal IP update data?
Criminal IP constantly collects and updates data in real time.
Which internet browsers can be used for Criminal IP?
All web browsers accessible via computers, mobile devices, and tablets are
available, but it has been especially optimized for Chrome browser.
Do I need a separate installation?
Criminal IP does not require the installation of separate programs. Since it is
provided as a simple cloud SaaS service, you can use it through the web,
tablets, or mobile devices, practically any place where the internet is
available.
Do you have any sample code for Criminal IP?
Criminal IP provides API and sample code for each Search and Intelligence
feature. For more detailed information, see Developer > Sample Code.
How do I create a Criminal IP account?
Click "Register" at the top right to create a new account using your email or a
Google or Twitter account.
I want to change my account email.
Click the My page icon in the upper right corner and jump to the My Information
page where you can edit through the E-mail Edit button.
I'd like to get the latest news on Criminal IP.
Follow Criminal IP's official Twitter and AI Spera's LinkedIn to receive the
latest updates on Criminal IP. You can also receive Criminal IP newsletter via
the email you entered during sign-up.
Criminal IP Searching Quick Reference
What is "Asset Search?"
This is a search feature that provides 5-level risk scores combined with a
comprehensive set of information including domains, open ports, vulnerabilities,
Whois, and screenshots. Please see the Asset Search page for more details.
What is "Domain Search?"
This is a search feature that provides comprehensive data on IP, subdomains and
network logs that are associated with domain risks. Please see the Domain Search
page for more details.
What is "Image Search?"
This is a search feature that provides images of externally exposed devices,
website information, and enterprise and personal information. Please see the
Image Search page for more details.
What is "Exploit Search?"
This is a search feature that provides a full list of exploitable
vulnerabilities mapped in real time through searches for CVE ID, vulnerability
type, and platforms. Please see the Exploit Search page for more details.
What is "Banner Explorer?"
This is an intelligence feature that provides threat-related information
categorized by products and services such as cryptocurrency, database, and IoT.
For more details, please see the Banner Explorer page.
What is "Vulnerability?"
This is an intelligence feature that provides information on attack surface
exposure and vulnerability of assets via classification by CVE ID and product
name, which helps proactively monitor vulnerabilities of the applications in
use. Please see the Vulnerability page for more details.
What is "Statistics?"
This is an intelligence feature that identifies malicious IP and domain
information as well as VPN. It also provides a 10-day statistical graph in the
form of a dashboard. Please see the Statistics page for more details.
What is "Element Analysis?"
This is an intelligence feature that generates filter-specific results based on
an analysis of assets and vulnerabilities. Please see the Element Analysis page
for more details.
What is "Maps?"
This is an intelligence feature that visually represents IP geolocation
information and provides statistics on AS name, product, and country. Please see
the Maps page for more details.
Which filters are available for "Asset Search?"
Asset Search provides filters that boost search accuracy and simplicity. Please
see the Developer > Filters page.
Which filters are available for "Image Search?"
Image Search provides filters that boost search accuracy and simplicity. Please
see the Developer > Filters page.
Which filters are available for "Exploit Search?"
Exploit Search provides filters that boost search accuracy and simplicity.
Please see the Developer > Filters page.
Which tags can I use for "Asset Search?"
Asset Search provides tags that boost search accuracy and simplicity. Please see
the Developer > Filters page.
Which tags can I use for "Image Search?"
Image Search provides tags that boost search accuracy and simplicity. Please see
the Developer > Filters page.
Which categories are searchable through "Banner Explorer?"
Banner Explorer provides category-specific searches for cryptocurrencies,
databases, industrial control systems, IoT, network infrastructure, and video
games. For more details, please see the Banner Explorer page.
Which products are searchable through "Vulnerability?"
Vulnerability provides various major product categories such as MySQL, Linux,
WebLogic Server, and HTTP server that help you easily search for vulnerabilities
within a specific product. Please see our Vulnerability page for more product
categories.
What can I search for on the "Element Analysis" page?
Search for all the assets and vulnerabilities collected through Criminal IP and
sorted by country, service, ASN, product, and port number. Please see the
Element Analysis page for more details.
API Integration
Where can I get an API key?
Copy the API key by clicking the My page icon in the upper right corner and jump
to the My Information page.
Where can I get the API code?
Feature-specific API codes are available on the Developer > API page.
Do I need to use separate software for the API?
No separate software is required.
How do I make API calls?
After copying the API key, call the API using the API code listed on the
Developer > API page, and then check the results presented in JSON response
value.
Is there a limit on the number of API calls?
The number of API calls varies by license, and the Enterprise license supports
unlimited API calls. Please see the Beta Service page for more details.
What is the API call speed?
The speed of API calls varies by each license, and Enterprise license supports
an API call speed of less than 1 second. Please see the Beta Service page for
more details.
Which data can be provided by the API?
Integrate Criminal IP API with the user dataset log and identify VPN IP, Hosting
IP, Blacklist IP, Tor IP, Proxy IP, Foreign IP with a risk score.
How can the Criminal IP API be utilized?
Criminal IP API can be simply integrated with your existing database and
security systems. Identify malicious IP, domains, and vulnerabilities in real
time, enabling you to preempt attempts of account takeover, credential stuffing,
and malicious access and protect customers as well as assets. For more details,
please see the Developer > Best Practice page.
About Membership
Is the beta service free?
Criminal IP beta service will be provided free of charge, and the Enterprise
License for customized service is available for a fee. For more information,
please see the Beta Service page.
Do I need to sign up for a paid service to use the same features after the beta
service period is over?
After the beta service period ends, the same features will be available for a
fee. Those who have submitted feedback about the beta service can use the free
service for an additional month.
Do you have any other plans?
At the current stage, there are only three plans available for the beta version.
Various plans will soon be added, right after the official launch. For more
information, please see the Beta Service page.
What if the existing plans don't meet my needs?
We highly recommend choosing our unlimited custom Enterprise subscription plan.
It's the most flexible plan that is currently available, and we are always open
to address your data needs. For more information, please see the Beta Service
page.
Is it possible to get unlimited access to the database?
Yes, Enterprise licenses allow unlimited use of services and functions. For more
information, please see the Beta Service page.
How can I check my payment information?
Click the My page icon in the upper right corner and jump to the My Information
page to check your current membership and payment history.
What if I want to change my license?
Click the My page icon in the upper right corner and contact us through the
Support Ticket page.
Which payment methods are accepted?
We support all major credit/debit cards and Stripe payment systems. Please note
that the current Beta version is provided free of charge, with the exception of
the Enterprise plan, which is only available through consultation. For more
information, please see the Beta Service page.
I want to cancel my license.
Click the My page icon in the upper right corner and contact us through the
Support Ticket page.
I have a question about Enterprise License.
Please contact us through the About > Contact Us page.
Support Request
If you already have a Criminal IP account, click the My page icon in the upper
right corner and contact us through the Support Ticket page. If you do not have
an account or if you have any inquiries regarding Enterprise membership, please
contact us through the About > Contact Us page.
SHARE YOUR FEEDBACK WITH US AND GET A ONE-MONTH LICENSE FOR FREE
We are thrilled to have you on board for our first beta trial. Your genuine
feedback will be greatly appreciated since it drives us to build a top-notch
customer experience. Please take a moment to fill out the survey. Upon
completion, all participants will be entitled to a one-month complimentary
“early bird package” subscription.
Tell us what you think
go to top
PRIVACY
We use cookies to provide you with the best experience on our websites. Click
‘Accept All’ to accept all cookies. If you want to choose which others we use,
you can do so through 'Cookie settings'.
Please see our Cookie Policy for more information.
Cookie SettingsAccept All
* Search
* Asset Search
* Domain Search
* Image Search
* Exploit Search
* Intelligence
* Banner Explorer
* Vulnerability
* Statistics
* Element Analysis
* Maps
* Attack Surface Management
* What is ASM?
* Developer
* Best Practice
* Filters, Tags
* API
* Code Samples
* Resource
* Blog
* About
* AI Spera
* Contact Us
* Terms of Use
* Privacy Policy
* Cookie Policy
Contact Ussupport@aispera.com
© 2022, All Rights Reserved - AI Spera Inc.v1.12.1 - 2023.01.19