www.criminalip.io
Open in
urlscan Pro
2606:4700:10::6816:214
Public Scan
Submitted URL: http://criminalip.io/
Effective URL: https://www.criminalip.io/
Submission: On March 08 via manual from US — Scanned from US
Effective URL: https://www.criminalip.io/
Submission: On March 08 via manual from US — Scanned from US
Form analysis 1 forms found in the DOM
<form class="form">
<div class="searchStyle__SearchInputWrap-sc-r3o27t-5 lggsSQ SearchInputWrap "><input data-role="inputbox" maxlength="100" placeholder="Try to search assets with the following filter examples below" value="" autocomplete="off" name="query"
class="searchStyle__SearchInput-sc-r3o27t-6 cquKTG"><button type="submit" title="search" class="searchStyle__SearchButton-sc-r3o27t-7 itaEil"></button></div>
</form>Text Content
Cybersecurity Search Engine | Criminal IP
Search
Intelligence
Attack Surface Management
Developer
Resource
About
* English
* English
* 日本語
* 한국어
* Pricing
Beta Service
* LoginRegister
SEARCH FOR INFORMATION ON EVERYTHING CONNECTED TO THE PUBLIC INTERNET.
SEARCH FOR INFORMATION ON COMPUTERS
CONNECTED TO THE PUBLIC INTERNET.
Top10KeywordIP
10
avaya ip office
10
72.196.166.102
1
SSH-2.0_OpenSSH_9.1
1
190.98.213.61
2
webcam
2
200.84.201.25
3
AudioCodes
3
27.96.132.70
4
Elastix
4
172.217.161.206
5
PowerMTA
5
92.255.57.10
6
FreePBX
6
162.144.96.180
7
vicidial
7
182.253.151.157
8
"긴급" "200 ok"
8
183.145.41.159
9
http.
9
93.90.146.104
10
avaya ip office
10
72.196.166.102
1
SSH-2.0_OpenSSH_9.1
1
190.98.213.61
AssetDomainImageCertificateExploit
AssetDomainImageCertificateExploit;
Look up my IP addressCreate a Free Account
CYBERSECURITY REPORT
Cybersecurity Report
MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND
ESXiArgs ransomware is a new ransomware that takes advantage of the Heap
Overflow vulnerability of OpenSLP services used on VMware ESXi servers.�The
vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE)
attacks, which have been exploited by many threat actors and discovere
February 24th 2023
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st, new OpenSSL vulnerabilities were
discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to
X.509 Email Address Buffer Overflow. In particular, overflow may occur due to
Punycode used to process the name constraint checking function for X.509
certificate verificati
November 17th 2022
Cybersecurity Report
MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND
ESXiArgs ransomware is a new ransomware that takes advantage of the Heap
Overflow vulnerability of OpenSLP services used on VMware ESXi servers.�The
vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE)
attacks, which have been exploited by many threat actors and discovere
February 24th 2023
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st, new OpenSSL vulnerabilities were
discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to
X.509 Email Address Buffer Overflow. In particular, overflow may occur due to
Punycode used to process the name constraint checking function for X.509
certificate verificati
November 17th 2022
Cybersecurity Report
MORE THAN 3,700 ESXIARGS RANSOMWARE INFECTED SERVERS FOUND
ESXiArgs ransomware is a new ransomware that takes advantage of the Heap
Overflow vulnerability of OpenSLP services used on VMware ESXi servers.�The
vulnerability, also known as CVE-2021-21974, enables Remote Code Execution (RCE)
attacks, which have been exploited by many threat actors and discovere
February 24th 2023
Cybersecurity Report
DETECT CITRIX VULNERABILITIES WITH THE OSINT TOOL: CVE-2022-27510,
CVE-2022-27518
In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were
reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are
a critical issue with a CVSS score of 9.8, and reports are still being made
about how these CVEs are used in hacking attempts. Many Citrix ADCs a
January 20th 2023
Cybersecurity Report
DOCKER CONTAINER SECURITY RISKS FOR YOU TO BE AWARE OF
Docker is a virtualization platform based on container technology.
Virtualization is a technology that creates virtual machines to efficiently
utilize hardware, which is a physical resource. Depending on the virtualization
method, it is divided into virtual machines and containers.�Container technol
December 30th 2022
Cybersecurity Report
ALGOLIA API KEY RAISES SEVERE HACKING CONCERNS
Algolia is a hosted search engine service for web surfing that uses a SaaS
model. This service can process searches quickly and ensure easy implementation
with websites and mobile applications by issuing an Algolia API key after
registration. Thousands of companies use Algolia for this advantage alo
December 6th 2022
Cybersecurity Report
EXPOSED REDIS SERVER, A DISTRIBUTOR OF COIN MINING MALICIOUS CODE
Redis (Remote Dictionary Server) is a non-relational database management system
for storing and managing unstructured data in a key-value structure.
Unstructured data is raw data that cannot be filtered without a fixed format,
and it includes various formats like web logs, XML, JSON, images, texts,
November 26th 2022
Cybersecurity Report
NEW OPENSSL VULNERABILITY : MORE THAN 14,000 UNPATCHED SERVERS
On October 31st, new OpenSSL vulnerabilities were
discovered: CVE-2022-3786 and CVE-2022-3602.This vulnerability is related to
X.509 Email Address Buffer Overflow. In particular, overflow may occur due to
Punycode used to process the name constraint checking function for X.509
certificate verificati
November 17th 2022
CRIMINAL IP SEARCH TIP
HOW TO BE SAFE FROM GOOGLE ADS SCAMS (METAMASK PHISHING SITE)
With its unrivaled search algorithm, Google occupies 92% of the global search
engine market and is favored by many internet users. Consequently, websites
exposed at the top of search results by Google’s algorithm are visited by tens
of thousands or even millions of Google search engine users a day. Google is
constantly improving its algorithm to exclude malicious or phishing sites from
top exposure. Still, cyber attackers skillfully abuse Google’s exposure logic to
allow as many victims as possible to visit malicious websites. Among them,
phishing website attacks that abuse Google Ads are malicious attack methods that
continue to increase.�Recently, security media Bleeping Computer reported
that�Bitwarden password vaults were targeted in Google Ads phishing attacks to
steal users’ credentials. In addition, there have been many phishing attacks in
which search engine users have been victimized by phishing and fraud by
exploiting Google Ads, but such cleverly created fake sites continue to appear
at the top of Google search results without appropriate measures.MetaMask
Phishing Sites on Google Search AdsMetaMask is a popular cryptocurrency wallet
provider with more than 3 million monthly visitors. Many users access the
MetaMask website through the Google search engine. Searching for ‘MetaMask’ or
‘MetaMask Wallet’ on Google, you will undoubtedly think that MetaMask’s official
website will be exposed. If the searched site at the top has an entirely
different title or description, the users will scroll to find the website they
want, but what if the search result is displayed with the same title and
description as the official site?In fact, MetaMask Google Ads phishing incidents
have been reported several times since 2020. After the phishing site ads are
blocked, the attacker continues the attack by exposing ads using a new domain
after a certain time. Let’s look at Google search results in Korea, a case of
MetaMask Google Ads scam we found. As shown in the image below, if you enter “메타
마스크,” which means MetaMask in Korean, into the Google search box, the website
with the title MetaMask is displayed with an “Ad” mark at the top of the search
results.Google search results of “메타 마스크,” which means MetaMask in Korean:
Google Ad is shown firstGoogle users could click on the site exposed at the top
with little doubt to access MetaMask.�However, if you access this website, you
will be connected to a fake website, not the official website of MetaMask, as
shown below.�Screenshot of a fake MetaMask website exposed at the top of Google
search resultsCan users who click on Google search Ads find anything strange
after accessing it? It will be hard. Compared to the actual MetaMask website,
the favicon, title, and web UI/UX are all made the same.The only thing that is
bound to differ from an official website is the URL.�The URL of the Google Ads
phishing site uses the URL mètamaśk[.]com to look as similar as possible to the
actual website.At first glance, it is difficult to distinguish it from the
actual website URL,�metamask.io, but upon closer inspection, ‘è’ and ‘ś’ are
used instead of ‘e’ and ‘s.’How to Identify a Phishing Site in Google Search
AdsAs in the case of the MetaMask phishing site above, threat actors are
actively exploiting Google Ads for phishing attacks. There is a way to connect
directly and compare non-reproducible elements such as URLs to distinguish
plausible phishing sites that appear at the top of Google search results.
However, using a URL scanner such as Criminal IP is more accurate.�We searched
for the fake MetaMask URL “mètamaśk[.]com”�in�Criminal IP Domain
Search.mètamaśk[.]com�scan
result:�https://www.criminalip.io/domain/report?scan_id=3043175Criminal IP
Domain Search result of MetaMask phishing site: It is detected as a phishing
siteAs a result of scanning the MetaMask phishing site exposed in Google search
Ads,�it is detected with a 99% risk, and the phishing probability is 75%.�This
domain appears to be recently created for phishing attacks.��Screenshot of
MetaMask phishing siteAbove all, Criminal IP Domain Search allows you to check
screenshots of phishing sites without accessing them. Although this domain is
connected to an IP address with no abuse history, most phishing sites often have
malicious IP addresses. Therefore, before accessing the website displayed at the
top of the Google search Ads, it is safe to detect phishing with a URL scanner
such as Criminal IP. Be especially careful when connecting to ad websites
because malicious codes such as ransomware can be downloaded with just one
click.Another Cyberattack Abusing Google Ads: Google Ads Manager Invitation
SpamThere is another cyberattack that exploits Google ads.�This is a method of
using the Google Ads manager invitation email.A Google Ads advertiser will send
an invitation email, as shown below, to the recipient’s Gmail address to invite
the co-administrator. An attacker exploits this to register a malicious website
(an adult site in this case) as a website to advertise and then sends admin
invites to an unspecified number of people.�Since the sender of the manager
invitation email is ‘Google Ads�ads-account-noreply@google.com,’ it bypasses the
Gmail spam filter and is usually received in the inbox. Because of this, people
who receive the email think they have been invited to the real Google Ad Manager
and access the spam link.�People using Google ads in their companies are more
likely to fall victim to attacks like this.Google Ads spam email that abuses
advertiser invitationIf you scan the link used in the above spam email with
Criminal IP Domain Search, you can check whether the website is malicious
without accessing it.�Criminal IP Domain Search results of the link in Google
Ads spam email�It is an adult site, and the attacker has tried to promote it by
exploiting the Google Ads manager invitation email or collecting the visitor’s
personal information. �How To Prevent Google Ads Phishing AttacksIn some cases,
the Google Ads blocker, also known as AdBlock, is used to prevent Google Ads
phishing attacks.�While this is another good option, requiring everyone to block
Google Ads is not advisable. Instead, the fundamental solution will be for
Google to strengthen censorship against spam and phishing so that advertisers
and consumers can safely use the advertising platform.To prevent phishing and
spam attacks on your own, it is recommended to use real-time URL scanners and
website inspection tools such as Criminal IP.Please refer to our article on�how
to detect Flipper Zero phishing sites�for relevant information.SourceCriminal IP
(https://www.criminalip.io/)Bleeping Computer
(https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/,�https://www.bleepingcomputer.com/news/security/google-ads-invites-being-abused-to-push-spam-adult-sites/)Related
Article :�Check ‘Flipper Zero (Hacker’s Tamagochi)’ Phishing Site
February 3rd 2023
Read More
Search
KIOSK HACKING: TIPS TO IMPROVE YOUR KIOSK SECURITY
A kiosk is a small machine with an interactive display screen that businesses
place in public areas such as government agencies, banks, department stores, and
restaurants to provide information or offer self-service options. The use of
kiosks keeps increasing in corporates and organizations for its advantages like
self-service.As risks always accompany new technologies, security threats to
kiosks are constantly raised. Kiosks are very suitable to be targeted by
attackers because they store and process personal information as their primary
purpose is reservation and payment services. Some kiosks are sold without
adequate security measures installed. There are several other ways to hack
kiosks. However, this article deals with detecting kiosk systems and admin pages
exposed to attack surfaces to prevent threats.�Admin Page of the Kiosk Exposed
on the InternetOne of the reasons for kiosk hacking is the exposed kiosk admin
page on the internet. Kiosk distributors or organizations using kiosks offer
services like reservation and payment to the end user. The kiosk must block
external access, and the admin page has to be secured with an authentication
system.However, several kiosks are exposed to attack surfaces, and you can find
those by searching the keyword ‘Tile: Kiosk management console UI‘ on the OSINT
search tool Criminal IP.Search Query :�Title: Kiosk management console
UIhttps://www.criminalip.io/asset/search?query=title%3AKiosk+management+console+UIThe
search result of exposed kiosk management systemWith the other keyword, “Title:
KIOSK Management System“, it was possible to find the website that shows the
admin page of the kiosk like the image below.Search Query :�Title: Kiosk
Management
Systemhttps://www.criminalip.io/asset/search?query=Title%3A+Kiosk+Management+SystemThe
kiosk admin page exposed on the internet. The kiosk exposed to cyber
threats.Also, you can search�“Title: Kiosk Terminal Management System“�and get
the below result with information for the authentication page of the
kiosk.Search Query:�Title: KIOSK Terminal Management
Systemhttps://www.criminalip.io/asset/search?query=%22Kiosk%20Terminal%20Management%20System%22The
result of searching ‘Title: Kiosk Terminal Management System’ on Criminal IP
Asset SearchAuthentication page of the kiosk system is accessible from the
outside and is exposed to kiosk hacking threatsTargeting the Kiosk Operated by
Specific CorporateHackers can find the kiosk that operates by a specific company
or organization.�If they succeed, hackers can cause system errors, take customer
information from a connected server, and even infiltrate the main server for a
severe attack.By adding ‘Hotel’ with the keyword, it was possible to find the
kiosk system of a hotel located in Malaysia.Search Query: Title: Uptown Kiosk –
Hotel
Systemhttps://www.criminalip.io/asset/search?query=title:%20Uptown%20Kiosk%20-%20Hotel%20SystemThe
kiosk authentication page, Hotel located in MalaysiaEven you can find the kiosk
with the specific title of the company by searching it with the keyword above.
The image below shows the information on the German vehicle company’s kiosk
system in Korea.Result on Criminal IP Asset Search for vehicle manufacturer ‘V”s
kiosk systemThe kiosk authentication page of vehicle manufacturer ‘V’, Exposed
on the internetKiosk without Authentication, Easy to HackThe kiosk system
exposure is a critical security issue.�We even found the kiosk system without a
proper authentication procedure. It was defenseless. The website searched on CIP
seems to be a kiosk system for company S. It shows a critical security issue
that allows one to enter the website without the authentication procedure.�The
kiosk system for Large Enterprise ‘S’, Possible to access without
authenticationThe image below is the theater admin system for a kiosk.�It can be
accessed without authentication, making it vulnerable to hacking.Theater kiosk
admin page, Possible to access without authenticationThe purpose of kiosk is to
increase the efficiency of the company and the convenience of the customer.
However, it is necessary to keep it safe from the cyber attacks to avoid severe
damage. The fact that various IoT devices such as kiosks can be easily found
through the OSINT tool means that hackers can also easily attack assets that are
exposed to the attack surface.�Enterprises and institutions are advised to
thoroughly ensure that all assets are exposed with an attack surface management
solution such as Criminal IP ASM, and consider security when introducing IoT
equipment such as kiosks.�If the kiosk is outdated, consider replacing it. Also,
you should check the regular security patch updates for kiosk system.Please
refer to Default welcome page exposure: A Significant Security Risk, for more
information.Source :�Criminal IP (https://www.criminalip.io/)Related article
:�Default welcome page exposure: A Significant Security Risk
January 13th 2023
Read More
Search
CHECK ‘FLIPPER ZERO (HACKER’S TAMAGOCHI)’ PHISHING SITE
Flipper Zero, a portable multitool for pentester is priced at $200, is a popular
product that has recently been sold out among penetration testers and hackers.
This, called ‘hacker’s Tamagochi’ due to its appearance, has been reviewed on
various security communities such as TikTok, Twitter, and Telegram. Popularity
skyrocketed, and ‘Flipper zero’ is flying off the shelves in an online store. A
recent article by Bleeping Computer reported that phishing attackers seek
chances, from this situation, to fool customers through ‘Flipper Zero’ Phishing
site that look like official sales sites to induce people to pay in
cryptocurrencies such as Bitcoin. Of course, a purchaser will get nothing.It’s
an interesting irony that these hackers are targeting hackers, penetration
testers and security researchers vying to purchase Flipper Zeroes for
themselves.Flipper Zero Phishing Site vs. Official SiteWe visited several
Flipper Zero phishing sites found on SNS like Twitter.They camouflage with
similar URLs and favicons that, if you are not a frequent visitor, it is almost
impossible to notice the phishing site as below.�Flipper Zero phishing
siteOfficial Flipper Zero online storeFlipper Zero phishing site (Left) and
Official Flipper Zero online store (Right)Smart Way to Check Fake Flipper Zero
WebsitesWe can spot differences between the official site and the phishing sites
in the URL, page UI, logo, etc.A more accurate and faster way to check is to use
the OSINT search tool.�On Criminal IP’s Domain Search,
input�‘flipperzerovendoronline[.]com‘, or ‘flipperzeroinstock[.]net‘�which is
not yet known as phishing on Twitter and other�social networks.��Then it will
lead you to the result below.flipperzerovendoronline[.]com Search Results
:�https://www.criminalip.io/domain/report?scan_id=2878623flipperzeroinsock[.]net
Search Results :�https://www.criminalip.io/domain/report?scan_id=2880403Search
Results of Flipper Zero Phishing Site on Criminal IPThe result shows that
phishing sites are using malicious domains, and the algorithm tells us the
phishing probability is over 50%.In particular, the Newborn Domain information
shows that it has been for one and a half months. Still, there are attempts to
generate new ‘Flipper Zero’ phishing sites that recommend being aware of the
OSINT tool to prevent being a victim.Some detecting tools for phishing rely on
user reports, Google results, and phishing check websites, but these are the
reactive approaches that only can detect after being reported. In other words,
it is impossible to detect newborn phishing sites.Domain Search results of
malicious IP associated with Flipper Zero phishing site of screenshotsCriminal
IP, a proactive way of detecting phishing sites, shows real-time screenshots,
technology used, and mapped IPs on ‘Domain Search’. This includes recently
emerging domains.Flipper Zero Phishing Attack Likely to SpreadIn TikTok, a video
platform, several users review the ‘Flipper Zero’ to upload hacking videos and
get thousands and millions of views. ‘Flipper Zero’ gets famous not only to
hackers but also to generals, so it is necessary to be aware of ways to check
phishing sites to prevent being victims.Also, the fact that such phishing damage
continues is one of the reasons why phishing prevention methods using the OSINT
search engine are necessary not only for those in security-related occupations
but also for general internet users.Check out this article on�Instagram Phishing
Scams�for relevant information.
January 6th 2023
Read More
Search
IP CAMERA HACKING – A NIGHTMARE TO YOUR IOT CHRISTMAS GIFTS
Christmas, which many people look forward to, is the peak season for hackers to
spread malware, leak information, and conduct phishing scams. With all the
end-of-year celebrations and public holidays, there is a lack of security staff
monitoring the increase in online shopping and congratulatory messages being
sent. Hackers will take advantage of the loosening cyber defenses and carry out
cyber crimes. In particular, IoT and smart home products, which are becoming
increasingly popular Christmas gifts, are good targets for hackers to exploit.
Therefore, it is important to be careful of IoT and IP camera hackings that may
occur. If you happen to come across an incredibly cheap Christmas special-priced
IoT device, be careful, as devices sold at affordable prices often suggest that
they have security flaws.For example. an IP camera called Wireless IP Camera
(P2P) WIFICAM has an authentication bypass vulnerability (CVE-2017-8225), so
there have been many cases where the product was found to be infected with
botnets. Smart products with security flaws allow hackers to easily hack into
users’ accounts and access all their information. In all the IP cameras, AI
speakers, and cordless vacuum cleaners sold on Amazon, eBay, and AliExpress,
there is a good chance that it has already been hacked and is being used with
malicious intent.IP Cameras With Sub-Par Authentication Settings Are the Primary
Targets�Hackers who hack robot vacuum cleaners and IP cameras monitor the homes
of their victims or illegally distribute videos of them.�Devices that do not
have login authentication enabled or use a default password without changing
them are usually the prime target of attacks.�Searching for exposed IP cameras
on the internet using�Tag:�IP Camera�on�Criminal IP Asset Search�gives a total
of 428,473 results.�[Criminal IP Search 101 – How to Find Exposed IP
cameras]https://www.criminalip.io/asset/search?query=tag%3A+%22IP+Camera%22Search
Query :�Tag:�IP CameraSearch For “tag: IP Camera” on Criminal IP Gives a Total
Result of 428,473 Exposed IP Camera ServersIn some cases, hacked IP camera
screens can be viewed without any login authentication.� �Hacked IP Camera
Screen Exposed to the Internet Without Any Login AuthenticationIoT Quitely
Becoming Infected Like a ZombieIf a vulnerability is found in an IoT device,
attackers can use the vulnerability to infect and inject malicious code. This
makes a zombie device for DDoS attacks.Inputting IoT keywords into the tag
filter helps you to identify exposed IoT products and
vulnerabilities.https://www.criminalip.io/asset/search?query=tag%3A+IoTSearch
Query :�Tag:�IoTSearch For “tag: IoT” on Criminal IP Gives a Total Result of
46,737 Exposed IoT ServersAmong them, one IoT device was discovered to have as
many as 39 vulnerabilities. This is something hackers can exploit for another
cyber attack or sell information about the device on the dark web.�Exposed IoT
Server Intelligence Analysis Results, Found to have a Total of 39
VulnerabilitiesIoT Product,�IP Camera Hacking Prevention ChecklistTo ensure an
exciting Christmas, not a security nightmare, the following security protocols
should be implemented:Use products that are known to be secure�Set up login
authentication on devices and use complex passwords. Remember to change
passwords from time to time.Ensure all product software is updated to the latest
version Most importantly, it is imperative to regularly use Criminal IP to
ensure that your IoT is not exposed to the internet or has any
vulnerabilities.Please refer to our ‘Criminal IP Analysis Report on Overlooked
Multi-Function Printer Vulnerability’ article for more information on IoT device
vulnerability. Source : Criminal IP (https://www.criminalip.io)Related
Article(s) :�Criminal IP Analysis Report on Overlooked Multi-Function Printer
Vulnerability
December 22nd 2022
Read More
Search
BEST PRACTICES
CRIMINAL IP, SPLUNK INTEGRATED FDS APP RELEASED
If you are a Criminal IP and Spunk user,�here’s good news! The Criminal IP and
Splunk integrated app that integrates the log analysis platform Splunk dashboard
and the Criminal IP FDS (Fraud Detection System) API function has been
released.You can now download�Criminal IP FDS�from�Splunkbase�and mon
December 15th 2022
IP INTELLIGENCE: HOW TO HANDLE IP ADDRESSES THAT ATTEMPT TO BYPASS ANTI-SPAM
SOLUTIONS
To stop spam emails, it is common for companies to implement several anti-spam
solutions, such as spam filters, in their mail servers. Nevertheless, there are
many cases where anti-spam solutions are often bypassed. In order to bypass the
anti-spam system, attackers use official mail services from w
October 11th 2022
ATTACK SURFACE MANAGEMENT: MONITORING UNKNOWN ASSETS AND VULNERABILITIES
It is well-known that most companies utilize various network equipment,
databases, applications, and domains and that these IT properties often operate
under a myriad of IP addresses and ports. Hackers with malicious intent, with
this knowledge, begin their methods of infiltration by searching for o
August 16th 2022
OPEN PORT VULNERABILITY DETECTION: THE MORE OPEN PORTS YOU HAVE, THE MORE CYBER
THREATS EXIST
Global IP address data collected by Criminal IP (https://www.criminalip.io)
includes synthetic CTI intelligence which is including connected domains and
Whois information, location information, vulnerabilities and port
information. Port is primarily used in software as a unit to distinguish between
August 4th 2022
WHAT'S NEW ON CRIMINAL IP
March 3rd 2023[#Criminal_IP v1.17.1 Release Note] #Jarm Hash data has been added
to Asset Search search results and the API category of IP data and banner
search. Additionally, at the top of IP search result page, you can take a glance
at #openport issues and tags. https://t.co/KxfTCmfd9SJanuary 19th
2023[#Criminal_IP v1.12.1 Release note] Pages for IP address ranges added. You
can check the list of all IPv4 addresses and the details. For your convenience,
we added new functions for Asset Search and Domain Search.
https://t.co/Jw6Tn2AWXK #OSINT #Cybersecurity #Infosec #CTI #ASMJanuary 10th
2023[#Criminal_IP v1.10.1 Release Notes] For better individual support, new
features have been updated: File Attachment Functions, Thread system for
additional inquiries, and Ticket status for reponses. Check out the full details
of our release notes. https://t.co/mw3VDr2GKIDecember 9th 2022[#Criminal_IP
v1.5.1 Release Notes] More Domain Search and APIs are available for Criminal IP
Beta members! Credits for Domain Searche are granted separately, increasing from
10 per day to 1,000 per month. https://t.co/3erQj6IaiX #cybersecurity #Sandbox
#domain #jarm
Subscribe
CYBERSECURITY NEWS
February 20th, 2023Microsoft Outlook flooded with spam due to broken email
filters
According to reports from an increasing number of Microsoft customers, Outlook
inboxes have been flooded with spam emails over the last nine hours because
email spam filters are currently broken.
February 19th, 2023Fortinet Issues Patches for 40 Flaws Affecting FortiWeb,
FortiOS, FortiNAC, and FortiProxy
Fortinet has released security updates to address 40 vulnerabilities in its
software, including FortiWeb, FortiOS, FortiNAS, and FortiProxy.
February 17th, 2023GoDaddy: Hackers stole source code, installed malware in
multi-year breach
Web hosting giant GoDaddy says it suffered a breach where unknown attackers have
stolen source code and installed malware on its servers after breaching its
cPanel shared hosting environment in a multi-year attack.
API INTEGRATION
We provide straightforward, easy-to-use APIs that are designed to block
risk-scored IPs or malicious domain links. Use Criminal IP code samples to
seamlessly integrate all other functions and the database in your organization's
infrastructure.
Get StartedCode Samples
* Identification of VPN/hosting/Tor of the accessed IP
* Detection of malicious domain links
* Management of attack surface vulnerabilities within an organizational
infrastructure
→ root@criminalip ~ % |
{
"ip": "5.5.5.5",
"score": { "inbound": 0, "outbound": 0 },
"country": "de",
"country_code": "de",
"isp": "O2 Deutschland",
"status": 200
}
→ root@criminalip ~ % |
HOW API WORKS
Criminal IP’s API integration will detect and block potential malicious users
accessing login services in real time.
FAQMOST FREQUENTLY ASKED QUESTIONS ABOUT CRIMINAL IP
Criminal IP Overview
What is Criminal IP?
Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that
allows users to search for various security-related information such as
malicious IP addresses, domains, banners, etc. It can be widely integrated with
other security systems through consumer-grade web UI and API interface to search
for malicious IP addresses, specific IP address history with risk-based scoring
based on AI Spera's proprietary algorithm. Fast display of search results and
optimized system communications satisfy the needs of end users accessing the
Live Service and Integration.
What are some features of Criminal IP?
Search for all your digital assets and vulnerabilities connected to the
internet, such as IPs, domains, IoTs, and ICS.
What can the Criminal IP search engine be used for?
Criminal IP search engine provides comprehensive information on IT asset
exposure, risk, vulnerabilities, and history of malicious IPs from the outside,
all of which enable you to make better data-informed decisions against
cyberthreats. For more details, please see the Developer > Best Practices page.
How frequently does Criminal IP update data?
Criminal IP constantly collects and updates data in real time.
Which internet browsers can be used for Criminal IP?
All web browsers accessible via computers, mobile devices, and tablets are
available, but it has been especially optimized for Chrome browser.
Do I need a separate installation?
Criminal IP does not require the installation of separate programs. Since it is
provided as a simple cloud SaaS service, you can use it through the web,
tablets, or mobile devices, practically any place where the internet is
available.
Do you have any sample code for Criminal IP?
Criminal IP provides API and sample code for each Search and Intelligence
feature. For more detailed information, see Developer > Sample Code.
How do I create a Criminal IP account?
Click "Register" at the top right to create a new account using your email or a
Google or Twitter account.
I want to change my account email.
Click the My page icon in the upper right corner and jump to the My Information
page where you can edit through the E-mail Edit button.
I'd like to get the latest news on Criminal IP.
Follow Criminal IP's official Twitter and AI Spera's LinkedIn to receive the
latest updates on Criminal IP. You can also receive Criminal IP newsletter via
the email you entered during sign-up.
Criminal IP Searching Quick Reference
What is "Asset Search?"
This is a search feature that provides 5-level risk scores combined with a
comprehensive set of information including domains, open ports, vulnerabilities,
Whois, and screenshots. Please see the Asset Search page for more details.
What is "Domain Search?"
This is a search feature that provides comprehensive data on IP, subdomains and
network logs that are associated with domain risks. Please see the Domain Search
page for more details.
What is "Image Search?"
This is a search feature that provides images of externally exposed devices,
website information, and enterprise and personal information. Please see the
Image Search page for more details.
What is "Exploit Search?"
This is a search feature that provides a full list of exploitable
vulnerabilities mapped in real time through searches for CVE ID, vulnerability
type, and platforms. Please see the Exploit Search page for more details.
What is "Banner Explorer?"
This is an intelligence feature that provides threat-related information
categorized by products and services such as cryptocurrency, database, and IoT.
For more details, please see the Banner Explorer page.
What is "Vulnerability?"
This is an intelligence feature that provides information on attack surface
exposure and vulnerability of assets via classification by CVE ID and product
name, which helps proactively monitor vulnerabilities of the applications in
use. Please see the Vulnerability page for more details.
What is "Statistics?"
This is an intelligence feature that identifies malicious IP and domain
information as well as VPN. It also provides a 10-day statistical graph in the
form of a dashboard. Please see the Statistics page for more details.
What is "Element Analysis?"
This is an intelligence feature that generates filter-specific results based on
an analysis of assets and vulnerabilities. Please see the Element Analysis page
for more details.
What is "Maps?"
This is an intelligence feature that visually represents IP geolocation
information and provides statistics on AS name, product, and country. Please see
the Maps page for more details.
Which filters are available for "Asset Search?"
Asset Search provides filters that boost search accuracy and simplicity. Please
see the Developer > Filters page.
Which filters are available for "Image Search?"
Image Search provides filters that boost search accuracy and simplicity. Please
see the Developer > Filters page.
Which filters are available for "Exploit Search?"
Exploit Search provides filters that boost search accuracy and simplicity.
Please see the Developer > Filters page.
Which tags can I use for "Asset Search?"
Asset Search provides tags that boost search accuracy and simplicity. Please see
the Developer > Filters page.
Which tags can I use for "Image Search?"
Image Search provides tags that boost search accuracy and simplicity. Please see
the Developer > Filters page.
Which categories are searchable through "Banner Explorer?"
Banner Explorer provides category-specific searches for cryptocurrencies,
databases, industrial control systems, IoT, network infrastructure, and video
games. For more details, please see the Banner Explorer page.
Which products are searchable through "Vulnerability?"
Vulnerability provides various major product categories such as MySQL, Linux,
WebLogic Server, and HTTP server that help you easily search for vulnerabilities
within a specific product. Please see our Vulnerability page for more product
categories.
What can I search for on the "Element Analysis" page?
Search for all the assets and vulnerabilities collected through Criminal IP and
sorted by country, service, ASN, product, and port number. Please see the
Element Analysis page for more details.
API Integration
Where can I get an API key?
Copy the API key by clicking the My page icon in the upper right corner and jump
to the My Information page.
Where can I get the API code?
Feature-specific API codes are available on the Developer > API page.
Do I need to use separate software for the API?
No separate software is required.
How do I make API calls?
After copying the API key, call the API using the API code listed on the
Developer > API page, and then check the results presented in JSON response
value.
Is there a limit on the number of API calls?
The number of API calls varies by license, and the Enterprise license supports
unlimited API calls. Please see the Beta Service page for more details.
What is the API call speed?
The speed of API calls varies by each license, and Enterprise license supports
an API call speed of less than 1 second. Please see the Beta Service page for
more details.
Which data can be provided by the API?
Integrate Criminal IP API with the user dataset log and identify VPN IP, Hosting
IP, Blacklist IP, Tor IP, Proxy IP, Foreign IP with a risk score.
How can the Criminal IP API be utilized?
Criminal IP API can be simply integrated with your existing database and
security systems. Identify malicious IP, domains, and vulnerabilities in real
time, enabling you to preempt attempts of account takeover, credential stuffing,
and malicious access and protect customers as well as assets. For more details,
please see the Developer > Best Practice page.
About Membership
Is the beta service free?
Criminal IP beta service will be provided free of charge, and the Enterprise
License for customized service is available for a fee. For more information,
please see the Beta Service page.
Do I need to sign up for a paid service to use the same features after the beta
service period is over?
After the beta service period ends, the same features will be available for a
fee. Those who have submitted feedback about the beta service can use the free
service for an additional month.
Do you have any other plans?
At the current stage, there are only three plans available for the beta version.
Various plans will soon be added, right after the official launch. For more
information, please see the Beta Service page.
What if the existing plans don't meet my needs?
We highly recommend choosing our unlimited custom Enterprise subscription plan.
It's the most flexible plan that is currently available, and we are always open
to address your data needs. For more information, please see the Beta Service
page.
Is it possible to get unlimited access to the database?
Yes, Enterprise licenses allow unlimited use of services and functions. For more
information, please see the Beta Service page.
How can I check my payment information?
Click the My page icon in the upper right corner and jump to the My Information
page to check your current membership and payment history.
What if I want to change my license?
Click the My page icon in the upper right corner and contact us through the
Support Ticket page.
Which payment methods are accepted?
We support all major credit/debit cards and Stripe payment systems. Please note
that the current Beta version is provided free of charge, with the exception of
the Enterprise plan, which is only available through consultation. For more
information, please see the Beta Service page.
I want to cancel my license.
Click the My page icon in the upper right corner and contact us through the
Support Ticket page.
I have a question about Enterprise License.
Please contact us through the About > Contact Us page.
Support Request
If you already have a Criminal IP account, click the My page icon in the upper
right corner and contact us through the Support Ticket page. If you do not have
an account or if you have any inquiries regarding Enterprise membership, please
contact us through the About > Contact Us page.
SHARE YOUR FEEDBACK WITH US AND GET A ONE-MONTH LICENSE FOR FREE
We are thrilled to have you on board for our first beta trial. Your genuine
feedback will be greatly appreciated since it drives us to build a top-notch
customer experience. Please take a moment to fill out the survey. Upon
completion, all participants will be entitled to a one-month complimentary
“early bird package” subscription.
Tell us what you think
go to top
PRIVACY
We use cookies to provide you with the best experience on our websites. Click
‘Accept All’ to accept all cookies. If you want to choose which others we use,
you can do so through 'Cookie settings'.
Please see our Cookie Policy for more information.
Cookie SettingsAccept All
* Search
* Asset Search
* Domain Search
* Image Search
* Exploit Search
* Intelligence
* Banner Explorer
* Vulnerability
* Statistics
* Element Analysis
* Maps
* Attack Surface Management
* What is ASM?
* Developer
* Best Practice
* Filters, Tags
* API
* Code Samples
* Resource
* Blog
* About
* AI Spera
* Contact Us
* Terms of Use
* Privacy Policy
* Cookie Policy
Contact Ussupport@aispera.com
© 2022, All Rights Reserved - AI Spera Inc.v1.17.3 - 2023.03.07