www.criminalip.io
Open in
urlscan Pro
2606:4700:10::ac43:84a
Public Scan
Submitted URL: http://criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On January 20 via manual from KR — Scanned from DE
Effective URL: https://www.criminalip.io/
Submission: On January 20 via manual from KR — Scanned from DE
Form analysis
1 forms found in the DOM<form class="form">
<div class="searchStyle__SearchInputWrap-sc-r3o27t-5 lggsSQ SearchInputWrap "><input data-role="inputbox" maxlength="100" placeholder="Try to search assets with the following filter examples below" value="" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-r3o27t-6 cquKTG"><button type="submit" title="search" class="searchStyle__SearchButton-sc-r3o27t-7 itaEil"></button></div>
</form>
Text Content
Cybersecurity Search Engine | Criminal IP * Search * Intelligence * Attack Surface Management * Developer * Resource * About * English * English * 日本語 * 한국어 * Beta service * LoginRegister SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET. SEARCH FOR INFORMATION ON COMPUTERS CONNECTED TO THE PUBLIC INTERNET. Top10KeywordIP 10 10163 10 211.107.37.201 1 audiocodes 1 134.68.234.220 2 webcam 2 68.168.93.147 3 AudioCodes 3 121.158.54.211 4 "200 ok" 4 43.200.95.128 5 "200 OK" 5 210.109.42.230 6 uhttpd 6 103.221.220.165 7 "작동"-KTKi 7 134.68.234.26 8 boundary=BoundaryString 8 185.46.246.106 9 50603 9 92.217.147.100 10 10163 10 211.107.37.201 1 audiocodes 1 134.68.234.220 AssetDomainImageCertificateExploit AssetDomainImageCertificateExploit; Look up my IP addressCreate a Free Account CYBERSECURITY REPORT Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. Especially when handling Punycode, a X.509 certificate verification name constraint check fea November 17th 2022 Cybersecurity Report WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE Open-source web servers, especially Apache HTTP server, has seen an tremendous increase in the number of vulnerabilities which hackers have been consistently exploiting since 2017. Hackers exploit various vulnerabilities to attack web servers, with one of the targets being web servers installed as s November 9th 2022 Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. Especially when handling Punycode, a X.509 certificate verification name constraint check fea November 17th 2022 Cybersecurity Report WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE Open-source web servers, especially Apache HTTP server, has seen an tremendous increase in the number of vulnerabilities which hackers have been consistently exploiting since 2017. Hackers exploit various vulnerabilities to attack web servers, with one of the targets being web servers installed as s November 9th 2022 Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st 2022, a new OpenSSL vulnerability was discovered. The number of the vulnerabilities were CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. Especially when handling Punycode, a X.509 certificate verification name constraint check fea November 17th 2022 Cybersecurity Report WEB SERVER VULNERABILITIES CAUSED BY SOFTWARE PACKAGE BUNDLE Open-source web servers, especially Apache HTTP server, has seen an tremendous increase in the number of vulnerabilities which hackers have been consistently exploiting since 2017. Hackers exploit various vulnerabilities to attack web servers, with one of the targets being web servers installed as s November 9th 2022 CRIMINAL IP SEARCH TIP KIOSK HACKING: TIPS TO IMPROVE YOUR KIOSK SECURITY A kiosk is a small machine with an interactive display screen that businesses place in public areas such as government agencies, banks, department stores, and restaurants to provide information or offer self-service options. The use of kiosks keeps increasing in corporates and organizations for its advantages like self-service.As risks always accompany new technologies, security threats to kiosks are constantly raised. Kiosks are very suitable to be targeted by attackers because they store and process personal information as their primary purpose is reservation and payment services. Some kiosks are sold without adequate security measures installed. There are several other ways to hack kiosks. However, this article deals with detecting kiosk systems and admin pages exposed to attack surfaces to prevent threats. Admin Page of the Kiosk Exposed on the InternetOne of the reasons for kiosk hacking is the exposed kiosk admin page on the internet. Kiosk distributors or organizations using kiosks offer services like reservation and payment to the end user. The kiosk must block external access, and the admin page has to be secured with an authentication system.However, several kiosks are exposed to attack surfaces, and you can find those by searching the keyword ‘Tile: Kiosk management console UI‘ on the OSINT search tool Criminal IP.Search Query : Title: Kiosk management console UIhttps://www.criminalip.io/asset/search?query=title%3AKiosk+management+console+UIThe search result of exposed kiosk management systemWith the other keyword, “Title: KIOSK Management System“, it was possible to find the website that shows the admin page of the kiosk like the image below.Search Query : Title: Kiosk Management Systemhttps://www.criminalip.io/asset/search?query=Title%3A+Kiosk+Management+SystemThe kiosk admin page exposed on the internet. The kiosk exposed to cyber threats.Also, you can search “Title: Kiosk Terminal Management System“ and get the below result with information for the authentication page of the kiosk.Search Query: Title: KIOSK Terminal Management Systemhttps://www.criminalip.io/asset/search?query=%22Kiosk%20Terminal%20Management%20System%22The result of searching ‘Title: Kiosk Terminal Management System’ on Criminal IP Asset SearchAuthentication page of the kiosk system is accessible from the outside and is exposed to kiosk hacking threatsTargeting the Kiosk Operated by Specific CorporateHackers can find the kiosk that operates by a specific company or organization. If they succeed, hackers can cause system errors, take customer information from a connected server, and even infiltrate the main server for a severe attack.By adding ‘Hotel’ with the keyword, it was possible to find the kiosk system of a hotel located in Malaysia.Search Query: Title: Uptown Kiosk – Hotel Systemhttps://www.criminalip.io/asset/search?query=title:%20Uptown%20Kiosk%20-%20Hotel%20SystemThe kiosk authentication page, Hotel located in MalaysiaEven you can find the kiosk with the specific title of the company by searching it with the keyword above. The image below shows the information on the German vehicle company’s kiosk system in Korea.Result on Criminal IP Asset Search for vehicle manufacturer ‘V”s kiosk systemThe kiosk authentication page of vehicle manufacturer ‘V’, Exposed on the internetKiosk without Authentication, Easy to HackThe kiosk system exposure is a critical security issue. We even found the kiosk system without a proper authentication procedure. It was defenseless. The website searched on CIP seems to be a kiosk system for company S. It shows a critical security issue that allows one to enter the website without the authentication procedure. The kiosk system for Large Enterprise ‘S’, Possible to access without authenticationThe image below is the theater admin system for a kiosk. It can be accessed without authentication, making it vulnerable to hacking.Theater kiosk admin page, Possible to access without authenticationThe purpose of kiosk is to increase the efficiency of the company and the convenience of the customer. However, it is necessary to keep it safe from the cyber attacks to avoid severe damage. The fact that various IoT devices such as kiosks can be easily found through the OSINT tool means that hackers can also easily attack assets that are exposed to the attack surface. Enterprises and institutions are advised to thoroughly ensure that all assets are exposed with an attack surface management solution such as Criminal IP ASM, and consider security when introducing IoT equipment such as kiosks. If the kiosk is outdated, consider replacing it. Also, you should check the regular security patch updates for kiosk system.Please refer to Default welcome page exposure: A Significant Security Risk, for more information.Source : Criminal IP (https://www.criminalip.io/)Related article : Default welcome page exposure: A Significant Security Risk January 13th 2023 Read More Search CHECK ‘FLIPPER ZERO (HACKER’S TAMAGOCHI)’ PHISHING SITE Flipper Zero, a portable multitool for pentester is priced at $200, is a popular product that has recently been sold out among penetration testers and hackers. This, called ‘hacker’s Tamagochi’ due to its appearance, has been reviewed on various security communities such as TikTok, Twitter, and Telegram. Popularity skyrocketed, and ‘Flipper zero’ is flying off the shelves in an online store. A recent article by Bleeping Computer reported that phishing attackers seek chances, from this situation, to fool customers through ‘Flipper Zero’ Phishing site that look like official sales sites to induce people to pay in cryptocurrencies such as Bitcoin. Of course, a purchaser will get nothing.It’s an interesting irony that these hackers are targeting hackers, penetration testers and security researchers vying to purchase Flipper Zeroes for themselves.Flipper Zero Phishing Site vs. Official SiteWe visited several Flipper Zero phishing sites found on SNS like Twitter.They camouflage with similar URLs and favicons that, if you are not a frequent visitor, it is almost impossible to notice the phishing site as below. Flipper Zero phishing siteOfficial Flipper Zero online storeFlipper Zero phishing site (Left) and Official Flipper Zero online store (Right)Smart Way to Check Fake Flipper Zero WebsitesWe can spot differences between the official site and the phishing sites in the URL, page UI, logo, etc.A more accurate and faster way to check is to use the OSINT search tool. On Criminal IP’s Domain Search, input ‘flipperzerovendoronline[.]com‘, or ‘flipperzeroinstock[.]net‘ which is not yet known as phishing on Twitter and other social networks. Then it will lead you to the result below.flipperzerovendoronline[.]com Search Results : https://www.criminalip.io/domain/report?scan_id=2878623flipperzeroinsock[.]net Search Results : https://www.criminalip.io/domain/report?scan_id=2880403Search Results of Flipper Zero Phishing Site on Criminal IPThe result shows that phishing sites are using malicious domains, and the algorithm tells us the phishing probability is over 50%.In particular, the Newborn Domain information shows that it has been for one and a half months. Still, there are attempts to generate new ‘Flipper Zero’ phishing sites that recommend being aware of the OSINT tool to prevent being a victim.Some detecting tools for phishing rely on user reports, Google results, and phishing check websites, but these are the reactive approaches that only can detect after being reported. In other words, it is impossible to detect newborn phishing sites.Domain Search results of malicious IP associated with Flipper Zero phishing site of screenshotsCriminal IP, a proactive way of detecting phishing sites, shows real-time screenshots, technology used, and mapped IPs on ‘Domain Search’. This includes recently emerging domains.Flipper Zero Phishing Attack Likely to SpreadIn TikTok, a video platform, several users review the ‘Flipper Zero’ to upload hacking videos and get thousands and millions of views. ‘Flipper Zero’ gets famous not only to hackers but also to generals, so it is necessary to be aware of ways to check phishing sites to prevent being victims.Also, the fact that such phishing damage continues is one of the reasons why phishing prevention methods using the OSINT search engine are necessary not only for those in security-related occupations but also for general internet users.Check out this article on Instagram Phishing Scams for relevant information. January 6th 2023 Read More Search IP CAMERA HACKING – A NIGHTMARE TO YOUR IOT CHRISTMAS GIFTS Christmas, which many people look forward to, is the peak season for hackers to spread malware, leak information, and conduct phishing scams. With all the end-of-year celebrations and public holidays, there is a lack of security staff monitoring the increase in online shopping and congratulatory messages being sent. Hackers will take advantage of the loosening cyber defenses and carry out cyber crimes. In particular, IoT and smart home products, which are becoming increasingly popular Christmas gifts, are good targets for hackers to exploit. Therefore, it is important to be careful of IoT and IP camera hackings that may occur. If you happen to come across an incredibly cheap Christmas special-priced IoT device, be careful, as devices sold at affordable prices often suggest that they have security flaws.For example. an IP camera called Wireless IP Camera (P2P) WIFICAM has an authentication bypass vulnerability (CVE-2017-8225), so there have been many cases where the product was found to be infected with botnets. Smart products with security flaws allow hackers to easily hack into users’ accounts and access all their information. In all the IP cameras, AI speakers, and cordless vacuum cleaners sold on Amazon, eBay, and AliExpress, there is a good chance that it has already been hacked and is being used with malicious intent.IP Cameras With Sub-Par Authentication Settings Are the Primary Targets Hackers who hack robot vacuum cleaners and IP cameras monitor the homes of their victims or illegally distribute videos of them. Devices that do not have login authentication enabled or use a default password without changing them are usually the prime target of attacks. Searching for exposed IP cameras on the internet using Tag: IP Camera on Criminal IP Asset Search gives a total of 428,473 results. [Criminal IP Search 101 – How to Find Exposed IP cameras]https://www.criminalip.io/asset/search?query=tag%3A+%22IP+Camera%22Search Query : Tag: IP CameraSearch For “tag: IP Camera” on Criminal IP Gives a Total Result of 428,473 Exposed IP Camera ServersIn some cases, hacked IP camera screens can be viewed without any login authentication. Hacked IP Camera Screen Exposed to the Internet Without Any Login AuthenticationIoT Quitely Becoming Infected Like a ZombieIf a vulnerability is found in an IoT device, attackers can use the vulnerability to infect and inject malicious code. This makes a zombie device for DDoS attacks.Inputting IoT keywords into the tag filter helps you to identify exposed IoT products and vulnerabilities.https://www.criminalip.io/asset/search?query=tag%3A+IoTSearch Query : Tag: IoTSearch For “tag: IoT” on Criminal IP Gives a Total Result of 46,737 Exposed IoT ServersAmong them, one IoT device was discovered to have as many as 39 vulnerabilities. This is something hackers can exploit for another cyber attack or sell information about the device on the dark web. Exposed IoT Server Intelligence Analysis Results, Found to have a Total of 39 VulnerabilitiesIoT Product, IP Camera Hacking Prevention ChecklistTo ensure an exciting Christmas, not a security nightmare, the following security protocols should be implemented:Use products that are known to be secure Set up login authentication on devices and use complex passwords. Remember to change passwords from time to time.Ensure all product software is updated to the latest version Most importantly, it is imperative to regularly use Criminal IP to ensure that your IoT is not exposed to the internet or has any vulnerabilities.Please refer to our ‘Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability’ article for more information on IoT device vulnerability. Source : Criminal IP (https://www.criminalip.io)Related Article(s) : Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability December 22nd 2022 Read More Search COBALT STRIKE BEACON: FINDING INFECTED BOTNET SERVERS There have been multiple instances of Cobalt Strike (a penetration testing tool) being used maliciously for ransomware attacks or intrusion into company’s internal systems. This method of attack consists of using a botnet to distribute Cobalt Strike malware and using ransomware and PC attacks to do so. This article, therefore, discusses methods for finding web servers infected with Cobalt Strike (for legal pentesting or due to malicious intent) with Criminal IP.What is Cobalt Strike?Cobalt Strike is a paid penetration testing service, and plenty of Red Team users use this software to simulate penetration attacks.Cobalt Strike is a tool used for penetration testingHowever, not everyone uses Cobalt Strike in legally. Cyber attackers use a pirated version of this application to launch attacks on vulnerable servers. Because of this, Cobalt Strike is both classified as a useful pentesting tool and malware simultaneously. The legal distribution of this pentesting tool means that it’s harder to determine malicious attacks launched by this software. Because of this, the Google Cloud Threat Intelligence team recently released opensource YARA rules for determining malicious Cobalt Strike attacks.Detect BotNet Servers Infected With Cobalt Strike MalwareWhile we can determine Cobalt Strike attacks through open source YARA rules, there is an easier way to find servers infected with this form of malware. It’s simply a matter of using the Tag filter in Criminal IP’s Asset Search.https://www.criminalip.io/ko/asset/search?query=tag:%20Cobalt%20StrikeSearch Query : “tag: Cobalt Strike”Results shown for “tag: Cobalt Strike” on Criminal IPAs shown in the results, there are a total of 102 servers infected with Cobalt Strike out of all external servers. These 102 servers can be considered botnet servers already infected with Cobalt Strike malware. Of course, they may include the legally used Cobalt Strike, so not all of them can be judged as attacks. However, the discovered servers are either allowing access to internal systems or are highly likely to be infected with ransomware.Statistics Show that Country with most servers infected with Cobalt Strike Malware is ChinaA total of 54 botnet servers are located in China, making it the country that owns most of the Cobalt Strike malware-infected servers.https://www.criminalip.io/ko/intelligence/element-analysis/search?query=tag%3A+Cobalt+StrikeCountry statistics shown on Criminal IP determine that China owns the most Cobalt Strike infected serversFurthermore, port statistics show that most servers have infected port 80 or 8080.https://www.criminalip.io/intelligence/element-analysis/search?query=tag%3A+Cobalt+StrikeStatistics shown regarding open ports of Cobalt Strike infected servers. As shown above, most of them have infected port 80Cobalt Strike Beacon Malware-Infected BotNet ServersWe can further analyze the IP intelligence of BotNet IP Addresses with Beacon installed by Cobalt Strike through Criminal IP Asset Search.IP Intelligence analysis results of BotNet servers infected with Beacon malware by Cobalt StrikeThis IP address’s Inbound Critical Scoring yield a danger level of 99%. This is because Criminal IP detected that this IP could be used in a cyber attack, or was used for it. Check the Cobalt Strike tag in TCP 80 of available Banner Information to find Cobalt Strike data associated with the server.Data about Cobalt Strike is included in Banner Information along with BotNet IP address and open Port 80As shown above, Criminal IP can easily find servers infected with Cobalt Strike Beacon. This can be detected through the Criminal IP Search Engine. Users can automatically detect infected servers with APIs. Furthermore, information about these infected BotNet servers can be gathered to create an Inbound IP Blacklist to prevent these servers from spreading malware.For more content related to this discussion, check out this article about Cryptojacking, and how your device could potentially be mining crypto behind your back.Source : Criminal IP (https://www.criminalip.io/)Related Article(s) : Cryptojacking : Your Device is Mining Crypto Behind Your Back November 24th 2022 Read More Search BEST PRACTICES CRIMINAL IP, SPLUNK INTEGRATED FDS APP RELEASED If you are a Criminal IP and Spunk user, here’s good news! The Criminal IP and Splunk integrated app that integrates the log analysis platform Splunk dashboard and the Criminal IP FDS (Fraud Detection System) API function has been released.You can now download Criminal IP FDS from Splunkbase and mon December 15th 2022 IP INTELLIGENCE: HOW TO HANDLE IP ADDRESSES THAT ATTEMPT TO CIRCUMVENT ANTI-SPAM SYSTEM In order to stop spam mails, it is common for companies to have several anti-spam systems and spam filters implemented in their mail servers. Nevertheless, there are many cases where anti-spam system are often bypassed. In order to bypass the anti-spam system, attackers use official mail services fr October 11th 2022 ATTACK SURFACE MANAGEMENT: MONITORING UNKNOWN ASSETS AND VULNERABILITIES It is well-known that most companies utilize various network equipment, databases, applications, and domains and that these IT properties often operate under a myriad of IP addresses and ports. Hackers with malicious intent, with this knowledge, begin their methods of infiltration by searching for o August 16th 2022 OPEN PORT VULNERABILITY DETECTION: THE MORE OPEN PORTS YOU HAVE, THE MORE CYBER THREATS EXIST Global IP address data collected by Criminal IP (https://www.criminalip.io) includes synthetic CTI intelligence which is including connected domains and Whois information, location information, vulnerabilities and port information. Port is primarily used in software as a unit to distinguish between August 4th 2022 WHAT'S NEW ON CRIMINAL IP January 19th 2023[#Criminal_IP v1.12.1 Release note] Pages for IP address ranges added. You can check the list of all IPv4 addresses and the details. For your convenience, we added new functions for Asset Search and Domain Search. https://t.co/Jw6Tn2AWXK #OSINT #Cybersecurity #Infosec #CTI #ASMJanuary 10th 2023[#Criminal_IP v1.10.1 Release Notes] For better individual support, new features have been updated: File Attachment Functions, Thread system for additional inquiries, and Ticket status for reponses. Check out the full details of our release notes. https://t.co/mw3VDr2GKIDecember 9th 2022[#Criminal_IP v1.5.1 Release Notes] More Domain Search and APIs are available for Criminal IP Beta members! Credits for Domain Searche are granted separately, increasing from 10 per day to 1,000 per month. https://t.co/3erQj6IaiX #cybersecurity #Sandbox #domain #jarmNovember 22nd 2022[#Criminal_IP v1.3.1 Release Notes] New Domain Search’s Top 10 Ranking and Report Download features added. New features and data are available now on Criminal IP. https://t.co/fBBJLzZUbP #Domain #HTTP #malware #CobaltStrike Subscribe CYBERSECURITY NEWS January 15th 2023CircleCI says hackers stole encryption keys and customers' secrets In a post-mortem, CircleCi blamed malware stole an employee's session token allowing intruders to access customer data. January 14th 2023Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability A critical vulnerability is being actively exploited in the wild and a majority of internet-exposed servers have not been patched yet. January 12th 2023Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. API INTEGRATION We provide straightforward, easy-to-use APIs that are designed to block risk-scored IPs or malicious domain links. Use Criminal IP code samples to seamlessly integrate all other functions and the database in your organization's infrastructure. Get StartedCode Samples * Identification of VPN/hosting/Tor of the accessed IP * Detection of malicious domain links * Management of attack surface vulnerabilities within an organizational infrastructure → root@criminalip ~ % | { "ip": "5.5.5.5", "score": { "inbound": 0, "outbound": 0 }, "country": "de", "country_code": "de", "isp": "O2 Deutschland", "status": 200 } → root@criminalip ~ % | HOW API WORKS Criminal IP’s API integration will detect and block potential malicious users accessing login services in real time. FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP Criminal IP Overview What is Criminal IP? Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated with other security systems through consumer-grade web UI and API interface to search for malicious IP addresses, specific IP address history with risk-based scoring based on AI Spera's proprietary algorithm. Fast display of search results and optimized system communications satisfy the needs of end users accessing the Live Service and Integration. What are some features of Criminal IP? Search for all your digital assets and vulnerabilities connected to the internet, such as IPs, domains, IoTs, and ICS. What can the Criminal IP search engine be used for? Criminal IP search engine provides comprehensive information on IT asset exposure, risk, vulnerabilities, and history of malicious IPs from the outside, all of which enable you to make better data-informed decisions against cyberthreats. For more details, please see the Developer > Best Practices page. How frequently does Criminal IP update data? Criminal IP constantly collects and updates data in real time. Which internet browsers can be used for Criminal IP? All web browsers accessible via computers, mobile devices, and tablets are available, but it has been especially optimized for Chrome browser. Do I need a separate installation? Criminal IP does not require the installation of separate programs. Since it is provided as a simple cloud SaaS service, you can use it through the web, tablets, or mobile devices, practically any place where the internet is available. Do you have any sample code for Criminal IP? Criminal IP provides API and sample code for each Search and Intelligence feature. For more detailed information, see Developer > Sample Code. How do I create a Criminal IP account? Click "Register" at the top right to create a new account using your email or a Google or Twitter account. I want to change my account email. Click the My page icon in the upper right corner and jump to the My Information page where you can edit through the E-mail Edit button. I'd like to get the latest news on Criminal IP. Follow Criminal IP's official Twitter and AI Spera's LinkedIn to receive the latest updates on Criminal IP. You can also receive Criminal IP newsletter via the email you entered during sign-up. Criminal IP Searching Quick Reference What is "Asset Search?" This is a search feature that provides 5-level risk scores combined with a comprehensive set of information including domains, open ports, vulnerabilities, Whois, and screenshots. Please see the Asset Search page for more details. What is "Domain Search?" This is a search feature that provides comprehensive data on IP, subdomains and network logs that are associated with domain risks. Please see the Domain Search page for more details. What is "Image Search?" This is a search feature that provides images of externally exposed devices, website information, and enterprise and personal information. Please see the Image Search page for more details. What is "Exploit Search?" This is a search feature that provides a full list of exploitable vulnerabilities mapped in real time through searches for CVE ID, vulnerability type, and platforms. Please see the Exploit Search page for more details. What is "Banner Explorer?" This is an intelligence feature that provides threat-related information categorized by products and services such as cryptocurrency, database, and IoT. For more details, please see the Banner Explorer page. What is "Vulnerability?" This is an intelligence feature that provides information on attack surface exposure and vulnerability of assets via classification by CVE ID and product name, which helps proactively monitor vulnerabilities of the applications in use. Please see the Vulnerability page for more details. What is "Statistics?" This is an intelligence feature that identifies malicious IP and domain information as well as VPN. It also provides a 10-day statistical graph in the form of a dashboard. Please see the Statistics page for more details. What is "Element Analysis?" This is an intelligence feature that generates filter-specific results based on an analysis of assets and vulnerabilities. Please see the Element Analysis page for more details. What is "Maps?" This is an intelligence feature that visually represents IP geolocation information and provides statistics on AS name, product, and country. Please see the Maps page for more details. Which filters are available for "Asset Search?" Asset Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which filters are available for "Image Search?" Image Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which filters are available for "Exploit Search?" Exploit Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which tags can I use for "Asset Search?" Asset Search provides tags that boost search accuracy and simplicity. Please see the Developer > Filters page. Which tags can I use for "Image Search?" Image Search provides tags that boost search accuracy and simplicity. Please see the Developer > Filters page. Which categories are searchable through "Banner Explorer?" Banner Explorer provides category-specific searches for cryptocurrencies, databases, industrial control systems, IoT, network infrastructure, and video games. For more details, please see the Banner Explorer page. Which products are searchable through "Vulnerability?" Vulnerability provides various major product categories such as MySQL, Linux, WebLogic Server, and HTTP server that help you easily search for vulnerabilities within a specific product. Please see our Vulnerability page for more product categories. What can I search for on the "Element Analysis" page? Search for all the assets and vulnerabilities collected through Criminal IP and sorted by country, service, ASN, product, and port number. Please see the Element Analysis page for more details. API Integration Where can I get an API key? Copy the API key by clicking the My page icon in the upper right corner and jump to the My Information page. Where can I get the API code? Feature-specific API codes are available on the Developer > API page. Do I need to use separate software for the API? No separate software is required. How do I make API calls? After copying the API key, call the API using the API code listed on the Developer > API page, and then check the results presented in JSON response value. Is there a limit on the number of API calls? The number of API calls varies by license, and the Enterprise license supports unlimited API calls. Please see the Beta Service page for more details. What is the API call speed? The speed of API calls varies by each license, and Enterprise license supports an API call speed of less than 1 second. Please see the Beta Service page for more details. Which data can be provided by the API? Integrate Criminal IP API with the user dataset log and identify VPN IP, Hosting IP, Blacklist IP, Tor IP, Proxy IP, Foreign IP with a risk score. How can the Criminal IP API be utilized? Criminal IP API can be simply integrated with your existing database and security systems. Identify malicious IP, domains, and vulnerabilities in real time, enabling you to preempt attempts of account takeover, credential stuffing, and malicious access and protect customers as well as assets. For more details, please see the Developer > Best Practice page. About Membership Is the beta service free? Criminal IP beta service will be provided free of charge, and the Enterprise License for customized service is available for a fee. For more information, please see the Beta Service page. Do I need to sign up for a paid service to use the same features after the beta service period is over? After the beta service period ends, the same features will be available for a fee. Those who have submitted feedback about the beta service can use the free service for an additional month. Do you have any other plans? At the current stage, there are only three plans available for the beta version. Various plans will soon be added, right after the official launch. For more information, please see the Beta Service page. What if the existing plans don't meet my needs? We highly recommend choosing our unlimited custom Enterprise subscription plan. It's the most flexible plan that is currently available, and we are always open to address your data needs. For more information, please see the Beta Service page. Is it possible to get unlimited access to the database? Yes, Enterprise licenses allow unlimited use of services and functions. For more information, please see the Beta Service page. How can I check my payment information? Click the My page icon in the upper right corner and jump to the My Information page to check your current membership and payment history. What if I want to change my license? Click the My page icon in the upper right corner and contact us through the Support Ticket page. Which payment methods are accepted? We support all major credit/debit cards and Stripe payment systems. Please note that the current Beta version is provided free of charge, with the exception of the Enterprise plan, which is only available through consultation. For more information, please see the Beta Service page. I want to cancel my license. Click the My page icon in the upper right corner and contact us through the Support Ticket page. I have a question about Enterprise License. Please contact us through the About > Contact Us page. Support Request If you already have a Criminal IP account, click the My page icon in the upper right corner and contact us through the Support Ticket page. If you do not have an account or if you have any inquiries regarding Enterprise membership, please contact us through the About > Contact Us page. SHARE YOUR FEEDBACK WITH US AND GET A ONE-MONTH LICENSE FOR FREE We are thrilled to have you on board for our first beta trial. Your genuine feedback will be greatly appreciated since it drives us to build a top-notch customer experience. Please take a moment to fill out the survey. Upon completion, all participants will be entitled to a one-month complimentary “early bird package” subscription. Tell us what you think go to top PRIVACY We use cookies to provide you with the best experience on our websites. Click ‘Accept All’ to accept all cookies. If you want to choose which others we use, you can do so through 'Cookie settings'. Please see our Cookie Policy for more information. Cookie SettingsAccept All * Search * Asset Search * Domain Search * Image Search * Exploit Search * Intelligence * Banner Explorer * Vulnerability * Statistics * Element Analysis * Maps * Attack Surface Management * What is ASM? * Developer * Best Practice * Filters, Tags * API * Code Samples * Resource * Blog * About * AI Spera * Contact Us * Terms of Use * Privacy Policy * Cookie Policy Contact Ussupport@aispera.com © 2022, All Rights Reserved - AI Spera Inc.v1.12.1 - 2023.01.19