www.criminalip.io
Open in
urlscan Pro
2606:4700:10::6816:214
Public Scan
Submitted URL: http://criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On March 08 via manual from US — Scanned from US
Effective URL: https://www.criminalip.io/
Submission: On March 08 via manual from US — Scanned from US
Form analysis
1 forms found in the DOM<form class="form">
<div class="searchStyle__SearchInputWrap-sc-r3o27t-5 lggsSQ SearchInputWrap "><input data-role="inputbox" maxlength="100" placeholder="Try to search assets with the following filter examples below" value="" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-r3o27t-6 cquKTG"><button type="submit" title="search" class="searchStyle__SearchButton-sc-r3o27t-7 itaEil"></button></div>
</form>
Text Content
Cybersecurity Search Engine | Criminal IP Search Intelligence Attack Surface Management Developer Resource About * English * English * 日本語 * 한국어 * Pricing Beta Service * LoginRegister SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET. SEARCH FOR INFORMATION ON COMPUTERS CONNECTED TO THE PUBLIC INTERNET. Top10KeywordIP 10 avaya ip office 10 72.196.166.102 1 SSH-2.0_OpenSSH_9.1 1 190.98.213.61 2 webcam 2 200.84.201.25 3 AudioCodes 3 27.96.132.70 4 Elastix 4 172.217.161.206 5 PowerMTA 5 92.255.57.10 6 FreePBX 6 162.144.96.180 7 vicidial 7 182.253.151.157 8 "긴급" "200 ok" 8 183.145.41.159 9 http. 9 93.90.146.104 10 avaya ip office 10 72.196.166.102 1 SSH-2.0_OpenSSH_9.1 1 190.98.213.61 AssetDomainImageCertificateExploit AssetDomainImageCertificateExploit; Look up my IP addressCreate a Free Account CYBERSECURITY REPORT Cybersecurity Report MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND ESXiArgs ransomware is a new ransomware that takes advantage of the Heap Overflow vulnerability of OpenSLP services used on VMware ESXi servers. The vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE) attacks, which have been exploited by many threat actors and discovere February 24th 2023 Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verificati November 17th 2022 Cybersecurity Report MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND ESXiArgs ransomware is a new ransomware that takes advantage of the Heap Overflow vulnerability of OpenSLP services used on VMware ESXi servers. The vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE) attacks, which have been exploited by many threat actors and discovere February 24th 2023 Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verificati November 17th 2022 Cybersecurity Report MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND ESXiArgs ransomware is a new ransomware that takes advantage of the Heap Overflow vulnerability of OpenSLP services used on VMware ESXi servers. The vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE) attacks, which have been exploited by many threat actors and discovere February 24th 2023 Cybersecurity Report DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510, CVE-2022-27518 In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs a January 20th 2023 Cybersecurity Report DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF Docker is a virtualization platform based on container technology. Virtualization is a technology that creates virtual machines to efficiently utilize hardware, which is a physical resource. Depending on the virtualization method, it is divided into virtual machines and containers. Container technol December 30th 2022 Cybersecurity Report ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS Algolia is a hosted search engine service for web surfing that uses a SaaS model. This service can process searches quickly and ensure easy implementation with websites and mobile applications by issuing an Algolia API key after registration. Thousands of companies use Algolia for this advantage alo December 6th 2022 Cybersecurity Report EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE Redis (Remote Dictionary Server) is a non-relational database management system for storing and managing unstructured data in a key-value structure. Unstructured data is raw data that cannot be filtered without a fixed format, and it includes various formats like web logs, XML, JSON, images, texts, November 26th 2022 Cybersecurity Report NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verificati November 17th 2022 CRIMINAL IP SEARCH TIP HOW TO BE SAFE FROM GOOGLE ADS SCAMS (METAMASK PHISHING SITE) With its unrivaled search algorithm, Google occupies 92% of the global search engine market and is favored by many internet users. Consequently, websites exposed at the top of search results by Google’s algorithm are visited by tens of thousands or even millions of Google search engine users a day. Google is constantly improving its algorithm to exclude malicious or phishing sites from top exposure. Still, cyber attackers skillfully abuse Google’s exposure logic to allow as many victims as possible to visit malicious websites. Among them, phishing website attacks that abuse Google Ads are malicious attack methods that continue to increase. Recently, security media Bleeping Computer reported that Bitwarden password vaults were targeted in Google Ads phishing attacks to steal users’ credentials. In addition, there have been many phishing attacks in which search engine users have been victimized by phishing and fraud by exploiting Google Ads, but such cleverly created fake sites continue to appear at the top of Google search results without appropriate measures.MetaMask Phishing Sites on Google Search AdsMetaMask is a popular cryptocurrency wallet provider with more than 3 million monthly visitors. Many users access the MetaMask website through the Google search engine. Searching for ‘MetaMask’ or ‘MetaMask Wallet’ on Google, you will undoubtedly think that MetaMask’s official website will be exposed. If the searched site at the top has an entirely different title or description, the users will scroll to find the website they want, but what if the search result is displayed with the same title and description as the official site?In fact, MetaMask Google Ads phishing incidents have been reported several times since 2020. After the phishing site ads are blocked, the attacker continues the attack by exposing ads using a new domain after a certain time. Let’s look at Google search results in Korea, a case of MetaMask Google Ads scam we found. As shown in the image below, if you enter “메타 마스크,” which means MetaMask in Korean, into the Google search box, the website with the title MetaMask is displayed with an “Ad” mark at the top of the search results.Google search results of “메타 마스크,” which means MetaMask in Korean: Google Ad is shown firstGoogle users could click on the site exposed at the top with little doubt to access MetaMask. However, if you access this website, you will be connected to a fake website, not the official website of MetaMask, as shown below. Screenshot of a fake MetaMask website exposed at the top of Google search resultsCan users who click on Google search Ads find anything strange after accessing it? It will be hard. Compared to the actual MetaMask website, the favicon, title, and web UI/UX are all made the same.The only thing that is bound to differ from an official website is the URL. The URL of the Google Ads phishing site uses the URL mètamaśk[.]com to look as similar as possible to the actual website.At first glance, it is difficult to distinguish it from the actual website URL, metamask.io, but upon closer inspection, ‘è’ and ‘ś’ are used instead of ‘e’ and ‘s.’How to Identify a Phishing Site in Google Search AdsAs in the case of the MetaMask phishing site above, threat actors are actively exploiting Google Ads for phishing attacks. There is a way to connect directly and compare non-reproducible elements such as URLs to distinguish plausible phishing sites that appear at the top of Google search results. However, using a URL scanner such as Criminal IP is more accurate. We searched for the fake MetaMask URL “mètamaśk[.]com” in Criminal IP Domain Search.mètamaśk[.]com scan result: https://www.criminalip.io/domain/report?scan_id=3043175Criminal IP Domain Search result of MetaMask phishing site: It is detected as a phishing siteAs a result of scanning the MetaMask phishing site exposed in Google search Ads, it is detected with a 99% risk, and the phishing probability is 75%. This domain appears to be recently created for phishing attacks. Screenshot of MetaMask phishing siteAbove all, Criminal IP Domain Search allows you to check screenshots of phishing sites without accessing them. Although this domain is connected to an IP address with no abuse history, most phishing sites often have malicious IP addresses. Therefore, before accessing the website displayed at the top of the Google search Ads, it is safe to detect phishing with a URL scanner such as Criminal IP. Be especially careful when connecting to ad websites because malicious codes such as ransomware can be downloaded with just one click.Another Cyberattack Abusing Google Ads: Google Ads Manager Invitation SpamThere is another cyberattack that exploits Google ads. This is a method of using the Google Ads manager invitation email.A Google Ads advertiser will send an invitation email, as shown below, to the recipient’s Gmail address to invite the co-administrator. An attacker exploits this to register a malicious website (an adult site in this case) as a website to advertise and then sends admin invites to an unspecified number of people. Since the sender of the manager invitation email is ‘Google Ads ads-account-noreply@google.com,’ it bypasses the Gmail spam filter and is usually received in the inbox. Because of this, people who receive the email think they have been invited to the real Google Ad Manager and access the spam link. People using Google ads in their companies are more likely to fall victim to attacks like this.Google Ads spam email that abuses advertiser invitationIf you scan the link used in the above spam email with Criminal IP Domain Search, you can check whether the website is malicious without accessing it. Criminal IP Domain Search results of the link in Google Ads spam email It is an adult site, and the attacker has tried to promote it by exploiting the Google Ads manager invitation email or collecting the visitor’s personal information. How To Prevent Google Ads Phishing AttacksIn some cases, the Google Ads blocker, also known as AdBlock, is used to prevent Google Ads phishing attacks. While this is another good option, requiring everyone to block Google Ads is not advisable. Instead, the fundamental solution will be for Google to strengthen censorship against spam and phishing so that advertisers and consumers can safely use the advertising platform.To prevent phishing and spam attacks on your own, it is recommended to use real-time URL scanners and website inspection tools such as Criminal IP.Please refer to our article on how to detect Flipper Zero phishing sites for relevant information.SourceCriminal IP (https://www.criminalip.io/)Bleeping Computer (https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/, https://www.bleepingcomputer.com/news/security/google-ads-invites-being-abused-to-push-spam-adult-sites/)Related Article : Check ‘Flipper Zero (Hacker’s Tamagochi)’ Phishing Site February 3rd 2023 Read More Search KIOSK HACKING: TIPS TO IMPROVE YOUR KIOSK SECURITY A kiosk is a small machine with an interactive display screen that businesses place in public areas such as government agencies, banks, department stores, and restaurants to provide information or offer self-service options. The use of kiosks keeps increasing in corporates and organizations for its advantages like self-service.As risks always accompany new technologies, security threats to kiosks are constantly raised. Kiosks are very suitable to be targeted by attackers because they store and process personal information as their primary purpose is reservation and payment services. Some kiosks are sold without adequate security measures installed. There are several other ways to hack kiosks. However, this article deals with detecting kiosk systems and admin pages exposed to attack surfaces to prevent threats. Admin Page of the Kiosk Exposed on the InternetOne of the reasons for kiosk hacking is the exposed kiosk admin page on the internet. Kiosk distributors or organizations using kiosks offer services like reservation and payment to the end user. The kiosk must block external access, and the admin page has to be secured with an authentication system.However, several kiosks are exposed to attack surfaces, and you can find those by searching the keyword ‘Tile: Kiosk management console UI‘ on the OSINT search tool Criminal IP.Search Query : Title: Kiosk management console UIhttps://www.criminalip.io/asset/search?query=title%3AKiosk+management+console+UIThe search result of exposed kiosk management systemWith the other keyword, “Title: KIOSK Management System“, it was possible to find the website that shows the admin page of the kiosk like the image below.Search Query : Title: Kiosk Management Systemhttps://www.criminalip.io/asset/search?query=Title%3A+Kiosk+Management+SystemThe kiosk admin page exposed on the internet. The kiosk exposed to cyber threats.Also, you can search “Title: Kiosk Terminal Management System“ and get the below result with information for the authentication page of the kiosk.Search Query: Title: KIOSK Terminal Management Systemhttps://www.criminalip.io/asset/search?query=%22Kiosk%20Terminal%20Management%20System%22The result of searching ‘Title: Kiosk Terminal Management System’ on Criminal IP Asset SearchAuthentication page of the kiosk system is accessible from the outside and is exposed to kiosk hacking threatsTargeting the Kiosk Operated by Specific CorporateHackers can find the kiosk that operates by a specific company or organization. If they succeed, hackers can cause system errors, take customer information from a connected server, and even infiltrate the main server for a severe attack.By adding ‘Hotel’ with the keyword, it was possible to find the kiosk system of a hotel located in Malaysia.Search Query: Title: Uptown Kiosk – Hotel Systemhttps://www.criminalip.io/asset/search?query=title:%20Uptown%20Kiosk%20-%20Hotel%20SystemThe kiosk authentication page, Hotel located in MalaysiaEven you can find the kiosk with the specific title of the company by searching it with the keyword above. The image below shows the information on the German vehicle company’s kiosk system in Korea.Result on Criminal IP Asset Search for vehicle manufacturer ‘V”s kiosk systemThe kiosk authentication page of vehicle manufacturer ‘V’, Exposed on the internetKiosk without Authentication, Easy to HackThe kiosk system exposure is a critical security issue. We even found the kiosk system without a proper authentication procedure. It was defenseless. The website searched on CIP seems to be a kiosk system for company S. It shows a critical security issue that allows one to enter the website without the authentication procedure. The kiosk system for Large Enterprise ‘S’, Possible to access without authenticationThe image below is the theater admin system for a kiosk. It can be accessed without authentication, making it vulnerable to hacking.Theater kiosk admin page, Possible to access without authenticationThe purpose of kiosk is to increase the efficiency of the company and the convenience of the customer. However, it is necessary to keep it safe from the cyber attacks to avoid severe damage. The fact that various IoT devices such as kiosks can be easily found through the OSINT tool means that hackers can also easily attack assets that are exposed to the attack surface. Enterprises and institutions are advised to thoroughly ensure that all assets are exposed with an attack surface management solution such as Criminal IP ASM, and consider security when introducing IoT equipment such as kiosks. If the kiosk is outdated, consider replacing it. Also, you should check the regular security patch updates for kiosk system.Please refer to Default welcome page exposure: A Significant Security Risk, for more information.Source : Criminal IP (https://www.criminalip.io/)Related article : Default welcome page exposure: A Significant Security Risk January 13th 2023 Read More Search CHECK ‘FLIPPER ZERO (HACKER’S TAMAGOCHI)’ PHISHING SITE Flipper Zero, a portable multitool for pentester is priced at $200, is a popular product that has recently been sold out among penetration testers and hackers. This, called ‘hacker’s Tamagochi’ due to its appearance, has been reviewed on various security communities such as TikTok, Twitter, and Telegram. Popularity skyrocketed, and ‘Flipper zero’ is flying off the shelves in an online store. A recent article by Bleeping Computer reported that phishing attackers seek chances, from this situation, to fool customers through ‘Flipper Zero’ Phishing site that look like official sales sites to induce people to pay in cryptocurrencies such as Bitcoin. Of course, a purchaser will get nothing.It’s an interesting irony that these hackers are targeting hackers, penetration testers and security researchers vying to purchase Flipper Zeroes for themselves.Flipper Zero Phishing Site vs. Official SiteWe visited several Flipper Zero phishing sites found on SNS like Twitter.They camouflage with similar URLs and favicons that, if you are not a frequent visitor, it is almost impossible to notice the phishing site as below. Flipper Zero phishing siteOfficial Flipper Zero online storeFlipper Zero phishing site (Left) and Official Flipper Zero online store (Right)Smart Way to Check Fake Flipper Zero WebsitesWe can spot differences between the official site and the phishing sites in the URL, page UI, logo, etc.A more accurate and faster way to check is to use the OSINT search tool. On Criminal IP’s Domain Search, input ‘flipperzerovendoronline[.]com‘, or ‘flipperzeroinstock[.]net‘ which is not yet known as phishing on Twitter and other social networks. Then it will lead you to the result below.flipperzerovendoronline[.]com Search Results : https://www.criminalip.io/domain/report?scan_id=2878623flipperzeroinsock[.]net Search Results : https://www.criminalip.io/domain/report?scan_id=2880403Search Results of Flipper Zero Phishing Site on Criminal IPThe result shows that phishing sites are using malicious domains, and the algorithm tells us the phishing probability is over 50%.In particular, the Newborn Domain information shows that it has been for one and a half months. Still, there are attempts to generate new ‘Flipper Zero’ phishing sites that recommend being aware of the OSINT tool to prevent being a victim.Some detecting tools for phishing rely on user reports, Google results, and phishing check websites, but these are the reactive approaches that only can detect after being reported. In other words, it is impossible to detect newborn phishing sites.Domain Search results of malicious IP associated with Flipper Zero phishing site of screenshotsCriminal IP, a proactive way of detecting phishing sites, shows real-time screenshots, technology used, and mapped IPs on ‘Domain Search’. This includes recently emerging domains.Flipper Zero Phishing Attack Likely to SpreadIn TikTok, a video platform, several users review the ‘Flipper Zero’ to upload hacking videos and get thousands and millions of views. ‘Flipper Zero’ gets famous not only to hackers but also to generals, so it is necessary to be aware of ways to check phishing sites to prevent being victims.Also, the fact that such phishing damage continues is one of the reasons why phishing prevention methods using the OSINT search engine are necessary not only for those in security-related occupations but also for general internet users.Check out this article on Instagram Phishing Scams for relevant information. January 6th 2023 Read More Search IP CAMERA HACKING – A NIGHTMARE TO YOUR IOT CHRISTMAS GIFTS Christmas, which many people look forward to, is the peak season for hackers to spread malware, leak information, and conduct phishing scams. With all the end-of-year celebrations and public holidays, there is a lack of security staff monitoring the increase in online shopping and congratulatory messages being sent. Hackers will take advantage of the loosening cyber defenses and carry out cyber crimes. In particular, IoT and smart home products, which are becoming increasingly popular Christmas gifts, are good targets for hackers to exploit. Therefore, it is important to be careful of IoT and IP camera hackings that may occur. If you happen to come across an incredibly cheap Christmas special-priced IoT device, be careful, as devices sold at affordable prices often suggest that they have security flaws.For example. an IP camera called Wireless IP Camera (P2P) WIFICAM has an authentication bypass vulnerability (CVE-2017-8225), so there have been many cases where the product was found to be infected with botnets. Smart products with security flaws allow hackers to easily hack into users’ accounts and access all their information. In all the IP cameras, AI speakers, and cordless vacuum cleaners sold on Amazon, eBay, and AliExpress, there is a good chance that it has already been hacked and is being used with malicious intent.IP Cameras With Sub-Par Authentication Settings Are the Primary Targets Hackers who hack robot vacuum cleaners and IP cameras monitor the homes of their victims or illegally distribute videos of them. Devices that do not have login authentication enabled or use a default password without changing them are usually the prime target of attacks. Searching for exposed IP cameras on the internet using Tag: IP Camera on Criminal IP Asset Search gives a total of 428,473 results. [Criminal IP Search 101 – How to Find Exposed IP cameras]https://www.criminalip.io/asset/search?query=tag%3A+%22IP+Camera%22Search Query : Tag: IP CameraSearch For “tag: IP Camera” on Criminal IP Gives a Total Result of 428,473 Exposed IP Camera ServersIn some cases, hacked IP camera screens can be viewed without any login authentication. Hacked IP Camera Screen Exposed to the Internet Without Any Login AuthenticationIoT Quitely Becoming Infected Like a ZombieIf a vulnerability is found in an IoT device, attackers can use the vulnerability to infect and inject malicious code. This makes a zombie device for DDoS attacks.Inputting IoT keywords into the tag filter helps you to identify exposed IoT products and vulnerabilities.https://www.criminalip.io/asset/search?query=tag%3A+IoTSearch Query : Tag: IoTSearch For “tag: IoT” on Criminal IP Gives a Total Result of 46,737 Exposed IoT ServersAmong them, one IoT device was discovered to have as many as 39 vulnerabilities. This is something hackers can exploit for another cyber attack or sell information about the device on the dark web. Exposed IoT Server Intelligence Analysis Results, Found to have a Total of 39 VulnerabilitiesIoT Product, IP Camera Hacking Prevention ChecklistTo ensure an exciting Christmas, not a security nightmare, the following security protocols should be implemented:Use products that are known to be secure Set up login authentication on devices and use complex passwords. Remember to change passwords from time to time.Ensure all product software is updated to the latest version Most importantly, it is imperative to regularly use Criminal IP to ensure that your IoT is not exposed to the internet or has any vulnerabilities.Please refer to our ‘Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability’ article for more information on IoT device vulnerability. Source : Criminal IP (https://www.criminalip.io)Related Article(s) : Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability December 22nd 2022 Read More Search BEST PRACTICES CRIMINAL IP, SPLUNK INTEGRATED FDS APP RELEASED If you are a Criminal IP and Spunk user, here’s good news! The Criminal IP and Splunk integrated app that integrates the log analysis platform Splunk dashboard and the Criminal IP FDS (Fraud Detection System) API function has been released.You can now download Criminal IP FDS from Splunkbase and mon December 15th 2022 IP INTELLIGENCE: HOW TO HANDLE IP ADDRESSES THAT ATTEMPT TO BYPASS ANTI-SPAM SOLUTIONS To stop spam emails, it is common for companies to implement several anti-spam solutions, such as spam filters, in their mail servers. Nevertheless, there are many cases where anti-spam solutions are often bypassed. In order to bypass the anti-spam system, attackers use official mail services from w October 11th 2022 ATTACK SURFACE MANAGEMENT: MONITORING UNKNOWN ASSETS AND VULNERABILITIES It is well-known that most companies utilize various network equipment, databases, applications, and domains and that these IT properties often operate under a myriad of IP addresses and ports. Hackers with malicious intent, with this knowledge, begin their methods of infiltration by searching for o August 16th 2022 OPEN PORT VULNERABILITY DETECTION: THE MORE OPEN PORTS YOU HAVE, THE MORE CYBER THREATS EXIST Global IP address data collected by Criminal IP (https://www.criminalip.io) includes synthetic CTI intelligence which is including connected domains and Whois information, location information, vulnerabilities and port information. Port is primarily used in software as a unit to distinguish between August 4th 2022 WHAT'S NEW ON CRIMINAL IP March 3rd 2023[#Criminal_IP v1.17.1 Release Note] #Jarm Hash data has been added to Asset Search search results and the API category of IP data and banner search. Additionally, at the top of IP search result page, you can take a glance at #openport issues and tags. https://t.co/KxfTCmfd9SJanuary 19th 2023[#Criminal_IP v1.12.1 Release note] Pages for IP address ranges added. You can check the list of all IPv4 addresses and the details. For your convenience, we added new functions for Asset Search and Domain Search. https://t.co/Jw6Tn2AWXK #OSINT #Cybersecurity #Infosec #CTI #ASMJanuary 10th 2023[#Criminal_IP v1.10.1 Release Notes] For better individual support, new features have been updated: File Attachment Functions, Thread system for additional inquiries, and Ticket status for reponses. Check out the full details of our release notes. https://t.co/mw3VDr2GKIDecember 9th 2022[#Criminal_IP v1.5.1 Release Notes] More Domain Search and APIs are available for Criminal IP Beta members! Credits for Domain Searche are granted separately, increasing from 10 per day to 1,000 per month. https://t.co/3erQj6IaiX #cybersecurity #Sandbox #domain #jarm Subscribe CYBERSECURITY NEWS February 20th, 2023Microsoft Outlook flooded with spam due to broken email filters According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. February 19th, 2023Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy Fortinet has released security updates to address 40 vulnerabilities in its software, including FortiWeb, FortiOS, FortiNAS, and FortiProxy. February 17th, 2023GoDaddy: Hackers stole source code, installed malware in multi-year breach Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. API INTEGRATION We provide straightforward, easy-to-use APIs that are designed to block risk-scored IPs or malicious domain links. Use Criminal IP code samples to seamlessly integrate all other functions and the database in your organization's infrastructure. Get StartedCode Samples * Identification of VPN/hosting/Tor of the accessed IP * Detection of malicious domain links * Management of attack surface vulnerabilities within an organizational infrastructure → root@criminalip ~ % | { "ip": "5.5.5.5", "score": { "inbound": 0, "outbound": 0 }, "country": "de", "country_code": "de", "isp": "O2 Deutschland", "status": 200 } → root@criminalip ~ % | HOW API WORKS Criminal IP’s API integration will detect and block potential malicious users accessing login services in real time. FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP Criminal IP Overview What is Criminal IP? Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated with other security systems through consumer-grade web UI and API interface to search for malicious IP addresses, specific IP address history with risk-based scoring based on AI Spera's proprietary algorithm. Fast display of search results and optimized system communications satisfy the needs of end users accessing the Live Service and Integration. What are some features of Criminal IP? Search for all your digital assets and vulnerabilities connected to the internet, such as IPs, domains, IoTs, and ICS. What can the Criminal IP search engine be used for? Criminal IP search engine provides comprehensive information on IT asset exposure, risk, vulnerabilities, and history of malicious IPs from the outside, all of which enable you to make better data-informed decisions against cyberthreats. For more details, please see the Developer > Best Practices page. How frequently does Criminal IP update data? Criminal IP constantly collects and updates data in real time. Which internet browsers can be used for Criminal IP? All web browsers accessible via computers, mobile devices, and tablets are available, but it has been especially optimized for Chrome browser. Do I need a separate installation? Criminal IP does not require the installation of separate programs. Since it is provided as a simple cloud SaaS service, you can use it through the web, tablets, or mobile devices, practically any place where the internet is available. Do you have any sample code for Criminal IP? Criminal IP provides API and sample code for each Search and Intelligence feature. For more detailed information, see Developer > Sample Code. How do I create a Criminal IP account? Click "Register" at the top right to create a new account using your email or a Google or Twitter account. I want to change my account email. Click the My page icon in the upper right corner and jump to the My Information page where you can edit through the E-mail Edit button. I'd like to get the latest news on Criminal IP. Follow Criminal IP's official Twitter and AI Spera's LinkedIn to receive the latest updates on Criminal IP. You can also receive Criminal IP newsletter via the email you entered during sign-up. Criminal IP Searching Quick Reference What is "Asset Search?" This is a search feature that provides 5-level risk scores combined with a comprehensive set of information including domains, open ports, vulnerabilities, Whois, and screenshots. Please see the Asset Search page for more details. What is "Domain Search?" This is a search feature that provides comprehensive data on IP, subdomains and network logs that are associated with domain risks. Please see the Domain Search page for more details. What is "Image Search?" This is a search feature that provides images of externally exposed devices, website information, and enterprise and personal information. Please see the Image Search page for more details. What is "Exploit Search?" This is a search feature that provides a full list of exploitable vulnerabilities mapped in real time through searches for CVE ID, vulnerability type, and platforms. Please see the Exploit Search page for more details. What is "Banner Explorer?" This is an intelligence feature that provides threat-related information categorized by products and services such as cryptocurrency, database, and IoT. For more details, please see the Banner Explorer page. What is "Vulnerability?" This is an intelligence feature that provides information on attack surface exposure and vulnerability of assets via classification by CVE ID and product name, which helps proactively monitor vulnerabilities of the applications in use. Please see the Vulnerability page for more details. What is "Statistics?" This is an intelligence feature that identifies malicious IP and domain information as well as VPN. It also provides a 10-day statistical graph in the form of a dashboard. Please see the Statistics page for more details. What is "Element Analysis?" This is an intelligence feature that generates filter-specific results based on an analysis of assets and vulnerabilities. Please see the Element Analysis page for more details. What is "Maps?" This is an intelligence feature that visually represents IP geolocation information and provides statistics on AS name, product, and country. Please see the Maps page for more details. Which filters are available for "Asset Search?" Asset Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which filters are available for "Image Search?" Image Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which filters are available for "Exploit Search?" Exploit Search provides filters that boost search accuracy and simplicity. Please see the Developer > Filters page. Which tags can I use for "Asset Search?" Asset Search provides tags that boost search accuracy and simplicity. Please see the Developer > Filters page. Which tags can I use for "Image Search?" Image Search provides tags that boost search accuracy and simplicity. Please see the Developer > Filters page. Which categories are searchable through "Banner Explorer?" Banner Explorer provides category-specific searches for cryptocurrencies, databases, industrial control systems, IoT, network infrastructure, and video games. For more details, please see the Banner Explorer page. Which products are searchable through "Vulnerability?" Vulnerability provides various major product categories such as MySQL, Linux, WebLogic Server, and HTTP server that help you easily search for vulnerabilities within a specific product. Please see our Vulnerability page for more product categories. What can I search for on the "Element Analysis" page? Search for all the assets and vulnerabilities collected through Criminal IP and sorted by country, service, ASN, product, and port number. Please see the Element Analysis page for more details. API Integration Where can I get an API key? Copy the API key by clicking the My page icon in the upper right corner and jump to the My Information page. Where can I get the API code? Feature-specific API codes are available on the Developer > API page. Do I need to use separate software for the API? No separate software is required. How do I make API calls? After copying the API key, call the API using the API code listed on the Developer > API page, and then check the results presented in JSON response value. Is there a limit on the number of API calls? The number of API calls varies by license, and the Enterprise license supports unlimited API calls. Please see the Beta Service page for more details. What is the API call speed? The speed of API calls varies by each license, and Enterprise license supports an API call speed of less than 1 second. Please see the Beta Service page for more details. Which data can be provided by the API? Integrate Criminal IP API with the user dataset log and identify VPN IP, Hosting IP, Blacklist IP, Tor IP, Proxy IP, Foreign IP with a risk score. How can the Criminal IP API be utilized? Criminal IP API can be simply integrated with your existing database and security systems. Identify malicious IP, domains, and vulnerabilities in real time, enabling you to preempt attempts of account takeover, credential stuffing, and malicious access and protect customers as well as assets. For more details, please see the Developer > Best Practice page. About Membership Is the beta service free? Criminal IP beta service will be provided free of charge, and the Enterprise License for customized service is available for a fee. For more information, please see the Beta Service page. Do I need to sign up for a paid service to use the same features after the beta service period is over? After the beta service period ends, the same features will be available for a fee. Those who have submitted feedback about the beta service can use the free service for an additional month. Do you have any other plans? At the current stage, there are only three plans available for the beta version. Various plans will soon be added, right after the official launch. For more information, please see the Beta Service page. What if the existing plans don't meet my needs? We highly recommend choosing our unlimited custom Enterprise subscription plan. It's the most flexible plan that is currently available, and we are always open to address your data needs. For more information, please see the Beta Service page. Is it possible to get unlimited access to the database? Yes, Enterprise licenses allow unlimited use of services and functions. For more information, please see the Beta Service page. How can I check my payment information? Click the My page icon in the upper right corner and jump to the My Information page to check your current membership and payment history. What if I want to change my license? Click the My page icon in the upper right corner and contact us through the Support Ticket page. Which payment methods are accepted? We support all major credit/debit cards and Stripe payment systems. Please note that the current Beta version is provided free of charge, with the exception of the Enterprise plan, which is only available through consultation. For more information, please see the Beta Service page. I want to cancel my license. Click the My page icon in the upper right corner and contact us through the Support Ticket page. I have a question about Enterprise License. Please contact us through the About > Contact Us page. Support Request If you already have a Criminal IP account, click the My page icon in the upper right corner and contact us through the Support Ticket page. If you do not have an account or if you have any inquiries regarding Enterprise membership, please contact us through the About > Contact Us page. SHARE YOUR FEEDBACK WITH US AND GET A ONE-MONTH LICENSE FOR FREE We are thrilled to have you on board for our first beta trial. Your genuine feedback will be greatly appreciated since it drives us to build a top-notch customer experience. Please take a moment to fill out the survey. Upon completion, all participants will be entitled to a one-month complimentary “early bird package” subscription. Tell us what you think go to top PRIVACY We use cookies to provide you with the best experience on our websites. Click ‘Accept All’ to accept all cookies. If you want to choose which others we use, you can do so through 'Cookie settings'. Please see our Cookie Policy for more information. Cookie SettingsAccept All * Search * Asset Search * Domain Search * Image Search * Exploit Search * Intelligence * Banner Explorer * Vulnerability * Statistics * Element Analysis * Maps * Attack Surface Management * What is ASM? * Developer * Best Practice * Filters, Tags * API * Code Samples * Resource * Blog * About * AI Spera * Contact Us * Terms of Use * Privacy Policy * Cookie Policy Contact Ussupport@aispera.com © 2022, All Rights Reserved - AI Spera Inc.v1.17.3 - 2023.03.07